| |
| |||||||
Log-Analyse und Auswertung: Adware Problem!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.07.2014, 16:16
| #1 |
 |  Adware Problem! Hallo! Ich habe da ein kleines großes Problem. Der PC meiner Eltern ist total vermüllt. Überall Werbeanzeigen, Chrome-Startbildschirm verändert sich usw... Ich habe schon mehrmals den ADWCleaner drüber laufen lassen. Er hat immer was gefunden. Habe es versucht via ADWCleaner zu entfernen, erst hats Augenscheinlich funktioniert, es war keine Werbung mehr zu sehen, doch paar Tage später war alles wieder beim Alten und ich habe das Gefühl es wird immer mehr. Norton hat mir 8 Tracking Cookies gemeldet. Welche nach automatischem Suchlauf entfernt wurden. Habe nun auch Malwarebytes drüber laufen lassen und dies meldete mir sage und schreibe 507 gefundene Objekte!! Ich hoffe Ihr könnt mir irgendwie weiterhelfen... LG Enrico Malwarebytes Logfile: Anhang 68163 |
|
10.07.2014, 16:38
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Adware Problem! Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.07.2014, 17:01
| #3 |
| | Adware Problem! Hallo Jürgen!
__________________Vielen Dank das du dich meinem Problem annimmst! LG Enrico FRST Log: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014 Ran by Friedrich (administrator) on FAMILIEN-PC on 10-07-2014 17:55:37 Running from C:\Users\Friedrich\Downloads Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated) HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications)) HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a268313-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a26834d-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf704-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf7bc-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0bce8-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0c206-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com hxxp://www.giga.de/foto/ hxxp://www.giga.de/androidnews/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir= SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir= BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-10] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV= CHR StartupUrls: "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1" CHR NewTab: "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html" CHR Extension: (Google Docs) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09] CHR Extension: (Google Drive) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09] CHR Extension: (YouTube) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09] CHR Extension: (Google-Suche) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09] CHR Extension: (Norton Identity Protection) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-23] CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06] CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09] CHR Extension: (Google Mail) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software) R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-04] (Systweak) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] () R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140709.001\IDSvia64.sys [525016 2014-03-30] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\ENG64.SYS [126040 2014-01-23] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\EX64.SYS [2099288 2014-01-23] (Symantec Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X] S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-10 17:55 - 2014-07-10 17:55 - 00021700 _____ () C:\Users\Friedrich\Downloads\FRST.txt 2014-07-10 17:54 - 2014-07-10 17:55 - 00000000 ____D () C:\FRST 2014-07-10 17:53 - 2014-07-10 17:53 - 02084352 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe 2014-07-10 17:53 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload 2014-07-10 16:11 - 2014-07-10 17:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 16:11 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-10 16:11 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe 2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe 2014-07-10 09:49 - 2014-07-10 10:09 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro 2014-07-10 09:49 - 2014-07-10 09:49 - 00001061 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk 2014-07-10 09:49 - 2014-07-03 17:55 - 00020280 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe 2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe 2014-07-10 09:45 - 2014-07-10 09:46 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe 2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe 2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe 2014-07-07 20:19 - 2014-07-10 16:39 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak 2014-07-07 20:18 - 2014-07-07 20:18 - 00000000 ____D () C:\ProgramData\Systweak 2014-07-07 20:15 - 2014-07-07 20:15 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214 (1).exe 2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno 2014-07-07 18:29 - 2014-04-08 19:19 - 16781312 _____ () C:\Users\Friedrich\Downloads\Bus-Simulator_2012_Demo (3).rar 2014-07-07 17:48 - 2014-07-10 16:46 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup 2014-07-07 17:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup 2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup 2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk 2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel 2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag 2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp 2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______ 2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk 2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend 2014-07-06 14:48 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-06 14:48 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-06 14:48 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-06 14:48 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-07-06 14:48 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-07-06 14:48 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-07-06 14:48 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley 2014-07-03 21:57 - 2014-07-03 21:58 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi 2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip 2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log 2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon 2014-07-03 21:29 - 2014-07-03 21:34 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe 2014-07-03 20:20 - 2014-07-06 17:56 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg 2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp 2014-07-03 18:30 - 2014-07-03 19:26 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt 2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-02 21:54 - 2014-07-10 16:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-02 21:54 - 2014-07-10 16:45 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe 2014-07-02 20:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-01 22:14 - 2014-07-01 22:15 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe 2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2014-07-01 21:20 - 2014-07-03 20:21 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt 2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-07-01 20:50 - 2014-07-01 20:51 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files 2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe 2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice 2014-07-01 20:38 - 2014-07-10 17:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job 2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater 2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2014-06-30 23:11 - 2014-06-30 23:12 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe 2014-06-21 18:41 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-21 18:41 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2014-06-21 18:41 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-21 18:41 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-21 18:41 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-06-21 18:41 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-06-21 18:41 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-06-21 18:41 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-06-21 18:41 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-06-21 18:36 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-21 18:36 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-21 18:36 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-21 18:36 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-06-21 18:36 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-21 18:36 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-21 18:36 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-21 18:36 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-21 18:36 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-21 18:36 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-06-21 18:36 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-06-21 18:36 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-06-21 18:32 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-21 18:32 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-21 18:32 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db 2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security ==================== One Month Modified Files and Folders ======= 2014-07-10 17:55 - 2014-07-10 17:55 - 00021700 _____ () C:\Users\Friedrich\Downloads\FRST.txt 2014-07-10 17:55 - 2014-07-10 17:54 - 00000000 ____D () C:\FRST 2014-07-10 17:53 - 2014-07-10 17:53 - 02084352 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe 2014-07-10 17:53 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload 2014-07-10 17:40 - 2013-10-31 21:17 - 01132338 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-10 17:38 - 2014-07-01 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job 2014-07-10 17:32 - 2014-07-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 17:16 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-10 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-10 16:59 - 2014-07-02 21:54 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-10 16:50 - 2014-01-04 06:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002 2014-07-10 16:49 - 2013-11-01 06:00 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-10 16:49 - 2013-11-01 06:00 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-10 16:49 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-10 16:47 - 2014-07-10 16:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-10 16:47 - 2014-07-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup 2014-07-10 16:46 - 2014-07-07 17:48 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup 2014-07-10 16:46 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-10 16:45 - 2014-07-02 21:54 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-10 16:45 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-10 16:44 - 2013-10-31 22:14 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf 2014-07-10 16:44 - 2013-03-25 23:02 - 00220526 _____ () C:\WINDOWS\PFRO.log 2014-07-10 16:44 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-10 16:39 - 2014-07-07 20:19 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak 2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-02-01 18:05 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Malwarebytes 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-10 10:09 - 2014-07-10 09:49 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro 2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe 2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe 2014-07-10 09:49 - 2014-07-10 09:49 - 00001061 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk 2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe 2014-07-10 09:46 - 2014-07-10 09:45 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe 2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe 2014-07-10 09:36 - 2014-01-11 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps 2014-07-08 17:04 - 2014-01-23 19:33 - 00155136 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db 2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe 2014-07-07 20:18 - 2014-07-07 20:18 - 00000000 ____D () C:\ProgramData\Systweak 2014-07-07 20:16 - 2014-02-01 18:25 - 00000000 ____D () C:\AdwCleaner 2014-07-07 20:15 - 2014-07-07 20:15 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214 (1).exe 2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno 2014-07-07 20:10 - 2014-01-04 22:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam 2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup 2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk 2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel 2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag 2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp 2014-07-06 17:56 - 2014-07-03 20:20 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg 2014-07-06 17:50 - 2014-01-04 06:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps 2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______ 2014-07-06 16:46 - 2014-04-06 17:34 - 00000188 _____ () C:\Users\Friedrich\Desktop\Amazon.de.url 2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk 2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend 2014-07-06 15:03 - 2013-10-31 21:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-05 18:17 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley 2014-07-03 21:59 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VirtualStore 2014-07-03 21:58 - 2014-07-03 21:57 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi 2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip 2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log 2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon 2014-07-03 21:34 - 2014-07-03 21:29 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe 2014-07-03 20:21 - 2014-07-01 21:20 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt 2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp 2014-07-03 19:33 - 2014-01-09 04:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-07-03 19:26 - 2014-07-03 18:30 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt 2014-07-03 19:05 - 2014-05-01 19:33 - 00000000 ____D () C:\Users\Friedrich\Desktop\Neuer Ordner 2014-07-03 17:55 - 2014-07-10 09:49 - 00020280 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe 2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-02 21:55 - 2014-01-09 02:20 - 00000000 ____D () C:\Program Files (x86)\Google 2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-02 21:54 - 2014-01-09 02:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Deployment 2014-07-02 20:50 - 2014-04-13 19:45 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-02 20:49 - 2012-07-26 07:26 - 00000194 _____ () C:\WINDOWS\win.ini 2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe 2014-07-01 22:15 - 2014-07-01 22:14 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe 2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2014-07-01 21:24 - 2014-01-09 04:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon 2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-07-01 20:51 - 2014-07-01 20:50 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files 2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe 2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice 2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater 2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-07-01 19:16 - 2012-07-26 09:21 - 00036697 _____ () C:\WINDOWS\setupact.log 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2014-07-01 19:15 - 2014-01-04 06:22 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2014-06-30 23:12 - 2014-06-30 23:11 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe 2014-06-22 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-22 15:54 - 2014-01-14 19:58 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-22 15:53 - 2014-01-14 19:58 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-13 22:07 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db 2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-06-12 19:56 - 2014-01-23 19:39 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-06-12 19:56 - 2014-01-23 19:39 - 00002512 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 Some content of TEMP: ==================== C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v6.exe C:\Users\Friedrich\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe C:\Users\Friedrich\AppData\Local\Temp\COMAP.EXE C:\Users\Friedrich\AppData\Local\Temp\MSETUP4.EXE C:\Users\Friedrich\AppData\Local\Temp\nitro_pro8_x64.exe C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe C:\Users\Friedrich\AppData\Local\Temp\securitascoutgames_3.exe C:\Users\Friedrich\AppData\Local\Temp\SpOrder.dll C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-29 14:32 ==================== End Of Log ============================ FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Friedrich at 2014-07-10 17:56:10
Running from C:\Users\Friedrich\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CombineZM (HKLM-x32\...\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Eisenbahn.exe Professional 7.0 (HKLM-x32\...\{8CB0014C-FE4C-461D-A387-76828BD70E19}) (Version: 7.00.0000 - Trend)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
Fahren Lernen Offline 1.5 (HKLM-x32\...\{452473D3-1D26-4E61-8060-3B216620D60C}_is1) (Version: - Verlag Heinrich Vogel - Springer Transport Media GmbH)
Freddy:Deutsch3/Deutsch4 (HKLM-x32\...\freddyDeutsch34) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.315.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Nitro Pro 8 (HKLM\...\{50BB4ACC-00C5-4436-B1B9-8ADA9255963B}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0325 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.70 (Version: 311.70 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
Open Office Packages (HKCU\...\Open Office Packages) (Version: - ) <==== ATTENTION
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4367 - Systweak Software)
Securita Scout (HKLM-x32\...\Securita Scout) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Restore Points =========================
20-05-2014 17:16:06 Installiert Eisenbahn.exe Professional 7.0
10-06-2014 17:10:17 Geplanter Prüfpunkt
22-06-2014 13:51:53 Windows Update
01-07-2014 18:40:30 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
03-07-2014 19:58:56 Installed CombineZM
06-07-2014 13:03:35 Installiert Eisenbahn.exe Professional 7.0
10-07-2014 08:10:31 RegClean Pro Do, Jul 10, 14 10:10
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {109237F1-A61A-4532-884B-AD380BD1AFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {11801761-0FB4-4852-A878-02BC3588CFC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29BF260E-C96B-4A94-9D93-FBC0F2C1222A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {40D66A6E-0588-4ACB-BC14-60D51AEEE4D5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {43C8412A-8017-4B2A-9F5B-CCE30439CE79} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {46BF31F9-5F78-4B45-AFC2-142C1255589A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {53B2D0DB-5C46-4900-98E3-9ED7D185C17C} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-04] (Systweak)
Task: {74C959BB-8D2E-4895-9007-C4EC2B5C024D} - \System Speedup_DEFAULT No Task File <==== ATTENTION
Task: {75EB321A-4AA4-41F1-BF00-A745ACF026E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {77EBFB9B-94A4-4C8A-9200-31C900155774} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-22] (Microsoft Corporation)
Task: {8A7681C5-8FFB-4D6F-B1F9-A2906C327269} - \Advanced System Protector No Task File <==== ATTENTION
Task: {94ED6D9C-3A8F-4FEB-A382-76AA1F018C68} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {9DE07081-785C-4158-A77C-8D93D772DE15} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BEA74895-BF3E-4789-AC8C-7AB7AC703FB9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E339D5A9-C455-4B65-B7E5-CE8013357397} - System32\Tasks\Rocket Updater => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF68FBA8-F8D6-4A3B-A5FF-AB86E4601898} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {F431BE44-2BE4-4ECC-80D9-C1FB3BB361D4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Rocket Updater.job => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-09 04:49 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-01 19:16 - 2014-07-01 19:15 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-06-28 07:02 - 2013-06-28 07:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 07:00 - 2013-06-28 07:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 07:07 - 2013-06-28 07:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Windows:nlsPreferences
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/10/2014 04:46:22 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.
Error: (07/10/2014 04:45:13 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
Error: (07/10/2014 04:43:01 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetProcessOwner
Error: (07/10/2014 04:08:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.
Error: (07/10/2014 10:07:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.
Error: (07/10/2014 09:55:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.
Error: (07/10/2014 09:40:42 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.
Error: (07/10/2014 09:36:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: daemonu.exe, Version: 4.11.9.1, Zeitstempel: 0x5194eb80
Name des fehlerhaften Moduls: daemonu.exe, Version: 4.11.9.1, Zeitstempel: 0x5194eb80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025fc5
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xdaemonu.exe0
Pfad der fehlerhaften Anwendung: daemonu.exe1
Pfad des fehlerhaften Moduls: daemonu.exe2
Berichtskennung: daemonu.exe3
Vollständiger Name des fehlerhaften Pakets: daemonu.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: daemonu.exe5
Error: (07/09/2014 04:32:07 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.
Error: (07/08/2014 06:50:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
System errors:
=============
Error: (07/10/2014 04:45:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/10/2014 04:45:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (07/10/2014 09:36:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/07/2014 08:18:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.
Error: (07/07/2014 08:18:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/07/2014 08:18:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (07/07/2014 08:34:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/06/2014 05:45:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ENRICOTOMSCHKE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{358131B4-29C7-4275-911B-32ECFA7A4BE4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/06/2014 03:59:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ENRICOTOMSCHKE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{358131B4-29C7-4275-911B-32ECFA7A4BE4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (07/06/2014 03:37:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ENRICOTOMSCHKE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{358131B4-29C7-4275-911B-32ECFA7A4BE4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Microsoft Office Sessions:
=========================
Error: (07/10/2014 04:46:22 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/10/2014 04:45:13 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
Error: (07/10/2014 04:43:01 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetProcessOwner
Error: (07/10/2014 04:08:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/10/2014 10:07:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/10/2014 09:55:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/10/2014 09:40:42 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/10/2014 09:36:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe4.11.9.15194eb80daemonu.exe4.11.9.15194eb80c000000500025fc56e801cf9a0fcc587d29C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exee1a2e9e1-0804-11e4-be8d-a4db3035b3cf
Error: (07/09/2014 04:32:07 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/08/2014 06:50:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
CodeIntegrity Errors:
===================================
Date: 2014-07-07 20:10:14.744
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-07 18:33:23.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-07 18:30:41.483
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-13 20:03:35.134
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-13 20:02:43.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-13 19:56:15.446
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-05-14 19:16:16.684
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-08 18:12:12.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-06 16:22:13.843
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-04-06 16:20:12.625
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 35%
Total physical RAM: 7944.27 MB
Available physical RAM: 5157.46 MB
Total Pagefile: 9160.27 MB
Available Pagefile: 5972.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:425.78 GB) (Free:363.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.88 GB) NTFS
Drive e: (FL Offline 1.5) (CDROM) (Total:3.4 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.86 GB) (Free:1.25 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6E0DC121)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
10.07.2014, 17:08
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Adware Problem! Hi, wichtig wird sein, dass Du die Funde von Adwcleaner und MBAM löschen läßt. Siehe Anweisungen bei den Schritten...  Schritt 1 Bitte deinstalliere folgende Programme: Open Office Packages Versuche es bei Windows 8  mit der Windowstaste + X über  .Sollte das nicht gehen, lade Dir bitte Revo Uninstaller  hier herunter. Entpacke die zip-Datei auf den Desktop.
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Schritt 2
Schritt 3 Scan mit  Malwarebytes AntimalwareUnter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits". Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten". Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...) Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle. Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread. Schritt 4 Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
10.07.2014, 18:20
| #5 |
| | Adware Problem! Hallo  Hatte bevor ich hier angefragt hatte schon mal einen Malewarebytes Scan gemacht und alles in Quarantäne gestellt. War das richtig? LG Enrico adwcleaner Log: Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 10/07/2014 um 18:14:15
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Friedrich - FAMILIEN-PC
# Gestartet von : C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\systweak
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16921
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
Gelöscht [Homepage] : hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=
Gelöscht [Extension] : fmlgoencnlndpglbocajlimaikjohmab
Gelöscht [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [2676 octets] - [01/02/2014 18:25:18]
AdwCleaner[R1].txt - [7358 octets] - [02/07/2014 20:47:47]
AdwCleaner[R2].txt - [7449 octets] - [02/07/2014 20:48:36]
AdwCleaner[R3].txt - [10366 octets] - [07/07/2014 20:16:06]
AdwCleaner[R4].txt - [2631 octets] - [10/07/2014 18:13:06]
AdwCleaner[S0].txt - [2609 octets] - [01/02/2014 18:27:29]
AdwCleaner[S1].txt - [333 octets] - [02/07/2014 20:48:15]
AdwCleaner[S2].txt - [5900 octets] - [02/07/2014 20:48:56]
AdwCleaner[S3].txt - [9003 octets] - [07/07/2014 20:16:48]
AdwCleaner[S4].txt - [2497 octets] - [10/07/2014 18:14:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2557 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.07.2014 Suchlauf-Zeit: 18:21:33 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.10.04 Rootkit Datenbank: v2014.07.09.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Friedrich Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 306201 Verstrichene Zeit: 8 Min, 55 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 70 PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\de, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\en, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es_419, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-BE, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CA, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CH, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-LU, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it-CH, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ja, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pl, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_BR, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_PT, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ru, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\tr, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\vi, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_CN, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_TW, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_metadata, , [bdc2c2dbe19a4de99b51d3cf34ce9967], Dateien: 130 PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, , [b8c70c914c2f4fe72169a86bf311dd23], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, , [d5aa3964ec8f4ceadab01af9c440f709], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\background.html, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\index.html, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\jump.html, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\manifest.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\bookmarks.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\img\searchButton.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\classification.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin\del.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin\main.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin\selected.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\cloud.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\cloudApp.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\cloudWebsite.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\createWebsite.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\buttonBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\categoryBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\icons.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\searchBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\searchButton.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\searchLeft.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\selected.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\tabsBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog\img\skin\headerBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\extensions.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide\guide.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\lastVisited.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice\notice.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\search.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\google-new-logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\searchicon.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\searchicon2.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\setup.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\skin\dialBoxStyle.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\skin\icons.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oBookmarks.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oDownloads.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oExtensions.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oHistory.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oNewtab.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\cloudWallpaper.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\skins.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\categoryBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\delete.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\download.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\icons.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\loading.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\weather.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\line.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\locationIcon.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\searchButton.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\weather.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\css\all.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\game.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\icon_128.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\icon_16.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\icon_48.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\NEW.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\shopping.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\weather.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\webstore.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\default.jpg, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\iconsprite.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\idialog_s.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\ios5_button.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\left.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\loading.gif, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\loading2.gif, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\qBoxBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_bg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_bg0.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_left.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_left0.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_right.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_right0.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\right.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\selected.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\titleBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\all.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\background.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\ga.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\jq.mobi.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\jump.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\pop.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\redirect.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\xagainit.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\de\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\en\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es_419\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-BE\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CA\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CH\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-LU\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it-CH\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ja\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pl\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_BR\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_PT\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ru\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\tr\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\vi\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_CN\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_TW\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_metadata\verified_contents.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=",), ,[dfa0e0bd2e4d46f04f28d3f7f113a35d] PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1" ],), ,[a3dc9607de9d65d108a2329834d06799] Physische Sektoren: 0 (No malicious items detected) (end) Anhang 68166 Anhang 68167 LG |
|
10.07.2014, 18:25
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Adware Problem! Bitte die Funde von MBAM in Quarantäne stellen und anschließend Suchlauf wiederholen...
__________________ --> Adware Problem! |
|
10.07.2014, 18:59
| #7 |
| | Adware Problem! Erledigt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 10.07.2014 Suchlauf-Zeit: 19:47:27 Logdatei: LogMLB3.txt Administrator: Nein Version: 2.00.2.1012 Malware Datenbank: v2014.07.10.04 Rootkit Datenbank: v2014.07.09.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Friedrich Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 306579 Verstrichene Zeit: 9 Min, 8 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 4 PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, , [d1ae1489c8b32c0abbcf73a0d1337b85], PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, , [552a8a13c5b6a0967713090aad57bb45], PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=",), ,[3c43930a1a61ba7c176087435fa544bc] PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1" ],), ,[dda2fda0f586290ddfcbfdcd6c984fb1] Physische Sektoren: 0 (No malicious items detected) (end) Enrico |
|
10.07.2014, 19:54
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Adware Problem! Hi, bitte mal den Browser zurücksetzen:  Chrome: https://support.google.com/chrome/answer/3296214?hl=de Anschließend: Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
10.07.2014, 20:05
| #9 |
| | Adware Problem! Hier ist der Log : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2014 Ran by Friedrich (administrator) on FAMILIEN-PC on 10-07-2014 21:03:19 Running from C:\Users\Friedrich\Desktop Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Trend Redaktons- und Verlagsgesellschaft mbH) C:\Program Files (x86)\Trend\EEP7\EEP7.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated) HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications)) HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a268313-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a26834d-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf704-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf7bc-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0bce8-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0c206-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com hxxp://www.giga.de/foto/ hxxp://www.giga.de/androidnews/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir= SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir= BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-10] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR HomePage: hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV= CHR StartupUrls: "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1" CHR Extension: (Google Docs) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09] CHR Extension: (Google Drive) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09] CHR Extension: (YouTube) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09] CHR Extension: (Google-Suche) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09] CHR Extension: (Norton Identity Protection) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-23] CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06] CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09] CHR Extension: (Google Mail) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software) S2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-04] (Systweak) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] () R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140709.001\IDSvia64.sys [525016 2014-03-30] (Symantec Corporation) U0 jkjba; C:\Windows\System32\drivers\utar.sys [79064 2014-07-10] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\ENG64.SYS [126040 2014-01-23] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\EX64.SYS [2099288 2014-01-23] (Symantec Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X] S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-10 21:03 - 2014-07-10 21:03 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion 2014-07-10 19:46 - 2014-07-10 19:46 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\utar.sys 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe 2014-07-10 18:50 - 2014-07-10 19:08 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt 2014-07-10 18:35 - 2014-07-10 21:03 - 00021670 _____ () C:\Users\Friedrich\Desktop\FRST.txt 2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak 2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak 2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe 2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt 2014-07-10 17:55 - 2014-07-10 17:56 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt 2014-07-10 17:54 - 2014-07-10 21:03 - 00000000 ____D () C:\FRST 2014-07-10 17:53 - 2014-07-10 21:03 - 02084864 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe 2014-07-10 17:53 - 2014-07-10 18:14 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload 2014-07-10 16:11 - 2014-07-10 18:21 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 16:11 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-10 16:11 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe 2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe 2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe 2014-07-10 09:45 - 2014-07-10 09:46 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe 2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe 2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe 2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno 2014-07-07 18:29 - 2014-04-08 19:19 - 16781312 _____ () C:\Users\Friedrich\Downloads\Bus-Simulator_2012_Demo (3).rar 2014-07-07 17:48 - 2014-07-10 18:17 - 00003066 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup 2014-07-07 17:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup 2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup 2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk 2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel 2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag 2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp 2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______ 2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk 2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend 2014-07-06 14:48 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-06 14:48 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-06 14:48 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-06 14:48 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-07-06 14:48 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-07-06 14:48 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-07-06 14:48 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley 2014-07-03 21:57 - 2014-07-03 21:58 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi 2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip 2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log 2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon 2014-07-03 21:29 - 2014-07-03 21:34 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe 2014-07-03 20:20 - 2014-07-06 17:56 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg 2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp 2014-07-03 18:30 - 2014-07-03 19:26 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt 2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-02 21:54 - 2014-07-10 20:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-02 21:54 - 2014-07-10 18:17 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe 2014-07-02 20:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-01 22:14 - 2014-07-01 22:15 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe 2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2014-07-01 21:20 - 2014-07-03 20:21 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt 2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-07-01 20:50 - 2014-07-01 20:51 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files 2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe 2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice 2014-07-01 20:38 - 2014-07-10 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job 2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater 2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2014-06-30 23:11 - 2014-06-30 23:12 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe 2014-06-21 18:41 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-21 18:41 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2014-06-21 18:41 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-21 18:41 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-21 18:41 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-06-21 18:41 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-06-21 18:41 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-06-21 18:41 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-06-21 18:41 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-06-21 18:36 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-21 18:36 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-21 18:36 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-21 18:36 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-06-21 18:36 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-21 18:36 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-21 18:36 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-21 18:36 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-21 18:36 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-21 18:36 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-21 18:36 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-21 18:36 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-21 18:36 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-06-21 18:36 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-06-21 18:36 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-06-21 18:32 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-21 18:32 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-21 18:32 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db 2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security ==================== One Month Modified Files and Folders ======= 2014-07-10 21:03 - 2014-07-10 21:03 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion 2014-07-10 21:03 - 2014-07-10 18:35 - 00021670 _____ () C:\Users\Friedrich\Desktop\FRST.txt 2014-07-10 21:03 - 2014-07-10 17:54 - 00000000 ____D () C:\FRST 2014-07-10 21:03 - 2014-07-10 17:53 - 02084864 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe 2014-07-10 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-10 20:59 - 2014-07-02 21:54 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-10 20:38 - 2014-07-01 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job 2014-07-10 19:46 - 2014-07-10 19:46 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\utar.sys 2014-07-10 19:46 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\Web 2014-07-10 19:21 - 2013-10-31 21:17 - 01152662 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-10 19:18 - 2014-01-04 06:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002 2014-07-10 19:08 - 2014-07-10 18:50 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe 2014-07-10 18:22 - 2013-11-01 06:00 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-10 18:22 - 2013-11-01 06:00 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-10 18:22 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-10 18:21 - 2014-07-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak 2014-07-10 18:17 - 2014-07-07 17:48 - 00003066 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup 2014-07-10 18:17 - 2014-07-02 21:54 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak 2014-07-10 18:15 - 2013-10-31 22:14 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf 2014-07-10 18:15 - 2013-03-25 23:02 - 00221088 _____ () C:\WINDOWS\PFRO.log 2014-07-10 18:15 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-10 18:15 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-10 18:14 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload 2014-07-10 18:14 - 2014-02-01 18:25 - 00000000 ____D () C:\AdwCleaner 2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe 2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt 2014-07-10 17:56 - 2014-07-10 17:55 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt 2014-07-10 17:16 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-10 16:47 - 2014-07-10 16:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-10 16:47 - 2014-07-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup 2014-07-10 16:46 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-02-01 18:05 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Malwarebytes 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe 2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe 2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe 2014-07-10 09:46 - 2014-07-10 09:45 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe 2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe 2014-07-10 09:36 - 2014-01-11 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps 2014-07-08 17:04 - 2014-01-23 19:33 - 00155136 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db 2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe 2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno 2014-07-07 20:10 - 2014-01-04 22:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam 2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup 2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk 2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel 2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag 2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp 2014-07-06 17:56 - 2014-07-03 20:20 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg 2014-07-06 17:50 - 2014-01-04 06:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps 2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______ 2014-07-06 16:46 - 2014-04-06 17:34 - 00000188 _____ () C:\Users\Friedrich\Desktop\Amazon.de.url 2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk 2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend 2014-07-06 15:03 - 2013-10-31 21:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-05 18:17 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley 2014-07-03 21:59 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VirtualStore 2014-07-03 21:58 - 2014-07-03 21:57 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi 2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip 2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log 2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon 2014-07-03 21:34 - 2014-07-03 21:29 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe 2014-07-03 20:21 - 2014-07-01 21:20 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt 2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp 2014-07-03 19:33 - 2014-01-09 04:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-07-03 19:26 - 2014-07-03 18:30 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt 2014-07-03 19:05 - 2014-05-01 19:33 - 00000000 ____D () C:\Users\Friedrich\Desktop\Neuer Ordner 2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-02 21:55 - 2014-01-09 02:20 - 00000000 ____D () C:\Program Files (x86)\Google 2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-02 21:54 - 2014-01-09 02:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Deployment 2014-07-02 20:50 - 2014-04-13 19:45 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-07-02 20:49 - 2012-07-26 07:26 - 00000194 _____ () C:\WINDOWS\win.ini 2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe 2014-07-01 22:15 - 2014-07-01 22:14 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe 2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2014-07-01 21:24 - 2014-01-09 04:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon 2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-07-01 20:51 - 2014-07-01 20:50 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files 2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe 2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice 2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater 2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-07-01 19:16 - 2012-07-26 09:21 - 00036697 _____ () C:\WINDOWS\setupact.log 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2014-07-01 19:15 - 2014-01-04 06:22 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2014-06-30 23:12 - 2014-06-30 23:11 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe 2014-06-22 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-22 15:54 - 2014-01-14 19:58 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-22 15:53 - 2014-01-14 19:58 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-13 22:07 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP 2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db 2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security 2014-06-12 19:56 - 2014-01-23 19:39 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration 2014-06-12 19:56 - 2014-01-23 19:39 - 00002512 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk 2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 Some content of TEMP: ==================== C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v6.exe C:\Users\Friedrich\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe C:\Users\Friedrich\AppData\Local\Temp\COMAP.EXE C:\Users\Friedrich\AppData\Local\Temp\MSETUP4.EXE C:\Users\Friedrich\AppData\Local\Temp\nitro_pro8_x64.exe C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe C:\Users\Friedrich\AppData\Local\Temp\securitascoutgames_3.exe C:\Users\Friedrich\AppData\Local\Temp\SpOrder.dll C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-29 14:32 ==================== End Of Log ============================ |
|
10.07.2014, 20:27
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Adware Problem! Ok, dann noch ESET: (Hinweis: Scan dauert sehr lange) ESET Online Scanner
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
11.07.2014, 17:16
| #11 |
| | Adware Problem! Hallo Gestern wars dann schon ziemlich spät... Deshalb jetzt der ESET Log LG Enrico Code:
ATTFilter C:\$Recycle.Bin\S-1-5-21-3631515150-3942624288-380681899-1002\$RFC4XQE.exe Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawl.FirstRun.exe.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlBHO.dll.vir Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\updateNetCrawl.exe.vir Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe.vir Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\tmp582C.tmp.vir Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe.vir Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.crx.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.xpi.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe.vir Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe.vir Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\utils.exe.vir Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir Win32/Thinknice.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir Win64/Thinknice.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js.vir Win32/PriceGong.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll.vir Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\105_corticas_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\119_similar_web_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\123_intext_adv_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\155_ibario_pops_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\180_bpo_serp_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\184_noproblemppc_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\195_icm_convertmedia_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Temp\OCS\ocs_v71b.exe.vir Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\1H1Q\Open Office Packages\uninstaller.exe.vir Win32/InstallCore.PC evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir Variante von Win32/DealPly.S evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\VOPackage\Uninstall.exe.vir Win32/VOPackage.J evtl. unerwünschte Anwendung
C:\Program Files (x86)\Trend\EEP7\EEP7.exe Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung
C:\Users\Friedrich\AppData\Local\Temp\29c2217fff8359d2c648e0ce94c6c82b\sweetpage294wld_n2.exe Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung
C:\Users\Friedrich\AppData\Local\Temp\is1597349865\257418562_stp\OptimizerPro_600.exe Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung
C:\Users\Friedrich\AppData\Local\Temp\is1597349865\257418600_stp\uninstaller.exe Win32/InstallCore.PC evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\Bus-Simulator-2012-lnstall.exe Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\Loksim3D-lnstall.exe Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall.exe Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\setup-loksim3d-update-2-8-2a-Downloader.exe Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung
F:\Downloads\ccsetup325.exe Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\Downloads\CombineZP - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\Downloads\FoxitReader6011.0225_L10N_Setup.exe Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
F:\Downloads\Picasa - CHIP-Downloader (1).exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\Downloads\Picasa - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\Downloads\Setup.exe Variante von Win32/AdWare.iBryte.AE Anwendung
F:\Downloads\Downloads\Integrated_CT2325506.exe Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 1.zip Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 10.zip Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 11.zip Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 12.zip Win32/OpenCandy potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 18.zip Win32/OpenCandy potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 2.zip Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2013-07-01 221110\Backup Files 2013-07-01 221110\Backup files 10.zip Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2013-07-01 221110\Backup Files 2013-07-01 221110\Backup files 15.zip Win32/OpenCandy potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 5.zip Win32/DriverBoss.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 7.zip Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 8.zip Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-16 190059\Backup files 5.zip Win32/DriverBoss.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-16 190059\Backup files 9.zip Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-23 190013\Backup files 8.zip Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-23 190013\Backup files 9.zip Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-11 193946\Backup files 4.zip Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-25 193544\Backup files 3.zip Win32/InstalleRex.M evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 10.zip Win32/DriverBoss.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 11.zip Win32/InstalleRex.M evtl. unerwünschte Anwendung
F:\Music\Downloads\flstudio_9.1_online.exe Win32/OpenCandy potenziell unsichere Anwendung
Arbeitsspeicher Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
|
|
11.07.2014, 20:19
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Adware Problem! Hi, bitte noch dieses Programm deinstallieren: Securita Scout Schritt 1  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter
SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06]
C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad
AlternateDataStreams: C:\Windows:nlsPreferences
Reboot:
PC rebootet durch den Fix. Nach dem Neustart des PC: Schritt 2 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
11.07.2014, 21:00
| #13 |
| | Adware Problem! Fixlog von FRST: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2014
Ran by Friedrich at 2014-07-11 21:52:00 Run:1
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06]
C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad
AlternateDataStreams: C:\Windows:nlsPreferences
Reboot:
*****************
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{717686E9-21C5-404A-9888-F0E98DA52D73}' => Key deleted successfully.
'HKCR\CLSID\{717686E9-21C5-404A-9888-F0E98DA52D73}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{717686E9-21C5-404A-9888-F0E98DA52D73}' => Key deleted successfully.
'HKCR\CLSID\{717686E9-21C5-404A-9888-F0E98DA52D73}'=> Key not found.
C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad directory not found.
"C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad" => File/Directory not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.
The system needed a reboot.
==== End of Fixlog ====
|
|
11.07.2014, 22:19
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Adware Problem! Hi, bitte noch Schritt 2 ausführen... Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
15.07.2014, 18:57
| #15 |
| | Adware Problem! hallo Dauert alles seine zeit.. Daher nun schritt 2 LG Enrico FRST Log: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 Ran by Friedrich (administrator) on FAMILIEN-PC on 15-07-2014 19:11:46 Running from C:\Users\Friedrich\Desktop Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated) HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo) HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications)) HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1 HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a268313-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a26834d-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf704-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf7bc-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0bce8-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0c206-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com hxxp://www.giga.de/foto/ hxxp://www.giga.de/androidnews/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-11] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: ======= CHR Extension: (Norton Identity Protection) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-23] CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation) R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] () R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation) R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software) R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-04] (Systweak) R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] () R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140714.001\IDSvia64.sys [525016 2014-03-30] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140714.024\ENG64.SYS [126040 2014-01-23] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140714.024\EX64.SYS [2099288 2014-01-23] (Symantec Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1504000.00D\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X] S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-11 21:52 - 2014-07-11 21:52 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-11 21:10 - 2014-07-11 21:10 - 00001209 _____ () C:\Users\Friedrich\Desktop\Format Factory.lnk 2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Program Files (x86)\FreeTime 2014-07-11 21:07 - 2014-07-11 21:09 - 53647808 _____ (Free Time) C:\Users\Friedrich\Downloads\FFSetup_3.3.5.0.exe 2014-07-11 19:22 - 2014-07-11 19:22 - 00001180 _____ () C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk 2014-07-11 19:21 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\FreeVideoConverter 2014-07-11 19:21 - 2014-07-11 19:22 - 00000000 ____D () C:\Program Files (x86)\Free Video Converter 2014-07-11 19:21 - 2014-07-11 19:21 - 00001152 _____ () C:\Users\Friedrich\Desktop\Free Video Converter.lnk 2014-07-11 19:21 - 2014-07-11 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter 2014-07-11 19:17 - 2014-07-11 19:17 - 00445592 _____ (Bandoo Media Inc) C:\Users\Friedrich\Downloads\Setup_31FreeVideoConverter.exe 2014-07-11 19:16 - 2014-07-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-07-11 19:09 - 2014-07-11 19:09 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\Friedrich\Downloads\FreemakeVideoConverterSetup.exe 2014-07-11 18:56 - 2014-07-11 18:56 - 01245384 _____ (Microsoft Corporation) C:\Users\Friedrich\Downloads\wlsetup-web.exe 2014-07-10 21:34 - 2014-07-10 21:34 - 02347384 _____ (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_deu.exe 2014-07-10 21:34 - 2014-07-10 21:34 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-10 21:03 - 2014-07-15 19:10 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe 2014-07-10 18:50 - 2014-07-10 19:08 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt 2014-07-10 18:35 - 2014-07-15 19:12 - 00018780 _____ () C:\Users\Friedrich\Desktop\FRST.txt 2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak 2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak 2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe 2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt 2014-07-10 17:55 - 2014-07-10 17:56 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt 2014-07-10 17:54 - 2014-07-15 19:11 - 00000000 ____D () C:\FRST 2014-07-10 17:53 - 2014-07-15 19:10 - 02086912 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe 2014-07-10 17:53 - 2014-07-10 18:14 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload 2014-07-10 17:30 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-10 17:30 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-10 17:30 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-07-10 17:30 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-07-10 16:11 - 2014-07-15 18:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-10 16:11 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-10 16:11 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe 2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe 2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe 2014-07-10 09:45 - 2014-07-10 09:46 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe 2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe 2014-07-09 16:39 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-07-09 16:39 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe 2014-07-09 16:39 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-07-09 16:38 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2014-07-09 16:38 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2014-07-09 16:38 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2014-07-09 16:38 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-07-09 16:38 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2014-07-09 16:38 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-07-09 16:38 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2014-07-09 16:38 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2014-07-09 16:38 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-07-09 16:38 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2014-07-09 16:38 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2014-07-09 16:38 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-07-09 16:38 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 16:38 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-07-09 16:38 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-07-09 16:38 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2014-07-09 16:37 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-07-09 16:37 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-07-09 16:37 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-07-09 16:37 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-07-09 16:37 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-07-09 16:37 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-07-09 16:37 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-07-09 16:37 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-07-09 16:37 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-07-09 16:37 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-07-09 16:37 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-07-09 16:37 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-07-09 16:37 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-07-09 16:37 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-07-09 16:37 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-07-09 16:37 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-07-09 16:37 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-07-09 16:37 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-07-09 16:37 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-07-09 16:37 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-07-09 16:37 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-07-09 16:37 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-07-09 16:37 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2014-07-09 16:36 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2014-07-09 16:36 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2014-07-08 16:36 - 2014-07-11 17:26 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe 2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno 2014-07-07 18:29 - 2014-04-08 19:19 - 16781312 _____ () C:\Users\Friedrich\Downloads\Bus-Simulator_2012_Demo (3).rar 2014-07-07 17:48 - 2014-07-15 16:27 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup 2014-07-07 17:47 - 2014-07-14 20:28 - 00000000 ____D () C:\Program Files (x86)\Right Backup 2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup 2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk 2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel 2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag 2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp 2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______ 2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk 2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend 2014-07-06 14:48 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-07-06 14:48 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-07-06 14:48 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2014-07-06 14:48 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-07-06 14:48 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-07-06 14:48 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-07-06 14:48 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-07-06 14:48 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley 2014-07-03 21:57 - 2014-07-03 21:58 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi 2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip 2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log 2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon 2014-07-03 21:29 - 2014-07-03 21:34 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe 2014-07-03 20:20 - 2014-07-06 17:56 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg 2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp 2014-07-03 18:30 - 2014-07-03 19:26 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt 2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-02 21:54 - 2014-07-15 18:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-02 21:54 - 2014-07-15 16:26 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe 2014-07-02 20:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll 2014-07-01 22:14 - 2014-07-01 22:15 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe 2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2014-07-01 21:20 - 2014-07-03 20:21 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt 2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-07-01 20:50 - 2014-07-01 20:51 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files 2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe 2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice 2014-07-01 20:38 - 2014-07-15 18:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job 2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater 2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2014-06-30 23:11 - 2014-06-30 23:12 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe 2014-06-21 18:41 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-21 18:41 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2014-06-21 18:41 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-21 18:41 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-21 18:41 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2014-06-21 18:41 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2014-06-21 18:41 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-06-21 18:41 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe 2014-06-21 18:41 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe 2014-06-21 18:32 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-21 18:32 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-21 18:32 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll ==================== One Month Modified Files and Folders ======= 2014-07-15 19:12 - 2014-07-10 18:35 - 00018780 _____ () C:\Users\Friedrich\Desktop\FRST.txt 2014-07-15 19:11 - 2014-07-10 17:54 - 00000000 ____D () C:\FRST 2014-07-15 19:10 - 2014-07-10 21:03 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion 2014-07-15 19:10 - 2014-07-10 17:53 - 02086912 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe 2014-07-15 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-15 18:59 - 2014-07-02 21:54 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-15 18:38 - 2014-07-01 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job 2014-07-15 18:32 - 2014-07-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-15 18:00 - 2013-10-31 21:17 - 01519932 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-15 17:51 - 2014-01-04 22:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam 2014-07-15 17:50 - 2012-07-26 09:21 - 00036903 _____ () C:\WINDOWS\setupact.log 2014-07-15 17:44 - 2013-11-01 06:00 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-15 17:44 - 2013-11-01 06:00 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-15 17:44 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-15 16:31 - 2014-01-04 06:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002 2014-07-15 16:27 - 2014-07-07 17:48 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup 2014-07-15 16:26 - 2014-07-02 21:54 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-14 20:28 - 2014-07-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup 2014-07-14 19:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-07-14 18:18 - 2014-01-23 19:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64 2014-07-14 16:26 - 2014-01-11 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps 2014-07-12 19:23 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent 2014-07-11 21:54 - 2013-03-25 23:02 - 00306520 _____ () C:\WINDOWS\PFRO.log 2014-07-11 21:54 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\Web 2014-07-11 21:54 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-11 21:53 - 2013-10-31 22:14 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf 2014-07-11 21:53 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-11 21:52 - 2014-07-11 21:52 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel 2014-07-11 21:52 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 21:52 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-07-11 21:52 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore 2014-07-11 21:52 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-11 21:48 - 2014-04-06 18:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Security System 2 2014-07-11 21:10 - 2014-07-11 21:10 - 00001209 _____ () C:\Users\Friedrich\Desktop\Format Factory.lnk 2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Program Files (x86)\FreeTime 2014-07-11 21:09 - 2014-07-11 21:07 - 53647808 _____ (Free Time) C:\Users\Friedrich\Downloads\FFSetup_3.3.5.0.exe 2014-07-11 19:22 - 2014-07-11 19:22 - 00001180 _____ () C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk 2014-07-11 19:22 - 2014-07-11 19:21 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\FreeVideoConverter 2014-07-11 19:22 - 2014-07-11 19:21 - 00000000 ____D () C:\Program Files (x86)\Free Video Converter 2014-07-11 19:22 - 2012-07-26 07:26 - 00000352 _____ () C:\WINDOWS\win.ini 2014-07-11 19:21 - 2014-07-11 19:21 - 00001152 _____ () C:\Users\Friedrich\Desktop\Free Video Converter.lnk 2014-07-11 19:21 - 2014-07-11 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter 2014-07-11 19:17 - 2014-07-11 19:17 - 00445592 _____ (Bandoo Media Inc) C:\Users\Friedrich\Downloads\Setup_31FreeVideoConverter.exe 2014-07-11 19:16 - 2014-07-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Freemake 2014-07-11 19:09 - 2014-07-11 19:09 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\Friedrich\Downloads\FreemakeVideoConverterSetup.exe 2014-07-11 19:03 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Packages 2014-07-11 18:56 - 2014-07-11 18:56 - 01245384 _____ (Microsoft Corporation) C:\Users\Friedrich\Downloads\wlsetup-web.exe 2014-07-11 17:26 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView 2014-07-11 16:44 - 2014-01-14 19:58 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-07-11 16:42 - 2014-01-14 19:58 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-07-11 16:42 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-07-10 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-07-10 21:34 - 2014-07-10 21:34 - 02347384 _____ (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_deu.exe 2014-07-10 21:34 - 2014-07-10 21:34 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-10 19:08 - 2014-07-10 18:50 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe 2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak 2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak 2014-07-10 18:14 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload 2014-07-10 18:14 - 2014-02-01 18:25 - 00000000 ____D () C:\AdwCleaner 2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe 2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt 2014-07-10 17:56 - 2014-07-10 17:55 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt 2014-07-10 16:47 - 2014-07-10 16:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-10 16:11 - 2014-02-01 18:05 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Malwarebytes 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe 2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe 2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe 2014-07-10 09:46 - 2014-07-10 09:45 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe 2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe 2014-07-08 17:04 - 2014-01-23 19:33 - 00155136 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db 2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView 2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe 2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno 2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup 2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp 2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup 2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk 2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel 2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag 2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp 2014-07-06 17:56 - 2014-07-03 20:20 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg 2014-07-06 17:50 - 2014-01-04 06:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps 2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator 2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______ 2014-07-06 16:46 - 2014-04-06 17:34 - 00000188 _____ () C:\Users\Friedrich\Desktop\Amazon.de.url 2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk 2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend 2014-07-06 15:03 - 2013-10-31 21:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM 2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley 2014-07-03 21:59 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VirtualStore 2014-07-03 21:58 - 2014-07-03 21:57 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi 2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip 2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log 2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon 2014-07-03 21:34 - 2014-07-03 21:29 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe 2014-07-03 20:21 - 2014-07-01 21:20 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt 2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp 2014-07-03 19:33 - 2014-01-09 04:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM 2014-07-03 19:26 - 2014-07-03 18:30 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt 2014-07-03 19:05 - 2014-05-01 19:33 - 00000000 ____D () C:\Users\Friedrich\Desktop\Neuer Ordner 2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-02 21:55 - 2014-01-09 02:20 - 00000000 ____D () C:\Program Files (x86)\Google 2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-07-02 21:54 - 2014-01-09 02:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Deployment 2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe 2014-07-01 22:15 - 2014-07-01 22:14 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe 2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan 2014-07-01 21:24 - 2014-01-09 04:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon 2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-07-01 20:51 - 2014-07-01 20:50 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files 2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe 2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice 2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater 2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner 2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\ProgramData\DatacardService 2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll 2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys 2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys 2014-07-01 19:15 - 2014-01-04 06:22 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys 2014-07-01 00:42 - 2014-07-10 17:30 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll 2014-07-01 00:42 - 2014-07-10 17:30 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2014-07-01 00:42 - 2014-07-10 17:30 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2014-06-30 23:12 - 2014-06-30 23:11 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe 2014-06-28 05:35 - 2014-07-10 17:30 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2014-06-26 22:53 - 2012-07-26 10:14 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-06-26 22:53 - 2012-07-26 10:14 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-22 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-19 04:12 - 2014-07-09 16:37 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-19 04:12 - 2014-07-09 16:37 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-19 04:12 - 2014-07-09 16:37 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2014-06-19 04:12 - 2014-07-09 16:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2014-06-19 04:12 - 2014-07-09 16:37 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-19 04:11 - 2014-07-09 16:37 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-19 04:11 - 2014-07-09 16:37 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-19 04:11 - 2014-07-09 16:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-19 04:10 - 2014-07-09 16:37 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-19 04:09 - 2014-07-09 16:37 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-19 02:53 - 2014-07-09 16:37 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-19 02:53 - 2014-07-09 16:37 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-19 02:53 - 2014-07-09 16:37 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-19 02:53 - 2014-07-09 16:37 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-19 02:53 - 2014-07-09 16:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-19 02:53 - 2014-07-09 16:37 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-19 02:53 - 2014-07-09 16:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-19 02:52 - 2014-07-09 16:37 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-19 02:52 - 2014-07-09 16:37 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-19 02:33 - 2014-07-09 16:37 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-06-19 02:30 - 2014-07-09 16:37 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-06-19 00:05 - 2014-07-09 16:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2014-06-18 01:27 - 2014-07-09 16:39 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe 2014-06-18 01:24 - 2014-07-09 16:39 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe Some content of TEMP: ==================== C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v4.exe C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v6.exe C:\Users\Friedrich\AppData\Local\Temp\amazoninstallernircmdc.exe C:\Users\Friedrich\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe C:\Users\Friedrich\AppData\Local\Temp\COMAP.EXE C:\Users\Friedrich\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe C:\Users\Friedrich\AppData\Local\Temp\MSETUP4.EXE C:\Users\Friedrich\AppData\Local\Temp\nitro_pro8_x64.exe C:\Users\Friedrich\AppData\Local\Temp\ochelper.dll C:\Users\Friedrich\AppData\Local\Temp\ochelper.exe C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe C:\Users\Friedrich\AppData\Local\Temp\securitascoutgames_3.exe C:\Users\Friedrich\AppData\Local\Temp\SpOrder.dll C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-14 16:41 ==================== End Of Log ============================ --- --- --- Adittion Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014
Ran by Friedrich at 2014-07-15 19:12:23
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CombineZM (HKLM-x32\...\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Eisenbahn.exe Professional 7.0 (HKLM-x32\...\{8CB0014C-FE4C-461D-A387-76828BD70E19}) (Version: 7.00.0000 - Trend)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fahren Lernen Offline 1.5 (HKLM-x32\...\{452473D3-1D26-4E61-8060-3B216620D60C}_is1) (Version: - Verlag Heinrich Vogel - Springer Transport Media GmbH)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Freddy:Deutsch3/Deutsch4 (HKLM-x32\...\freddyDeutsch34) (Version: - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.315.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Nitro Pro 8 (HKLM\...\{50BB4ACC-00C5-4436-B1B9-8ADA9255963B}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0325 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.70 (Version: 311.70 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4367 - Systweak Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
==================== Restore Points =========================
20-05-2014 17:16:06 Installiert Eisenbahn.exe Professional 7.0
10-06-2014 17:10:17 Geplanter Prüfpunkt
22-06-2014 13:51:53 Windows Update
01-07-2014 18:40:30 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
03-07-2014 19:58:56 Installed CombineZM
06-07-2014 13:03:35 Installiert Eisenbahn.exe Professional 7.0
10-07-2014 08:10:31 RegClean Pro Do, Jul 10, 14 10:10
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {109237F1-A61A-4532-884B-AD380BD1AFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {11801761-0FB4-4852-A878-02BC3588CFC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29BF260E-C96B-4A94-9D93-FBC0F2C1222A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {40D66A6E-0588-4ACB-BC14-60D51AEEE4D5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {43C8412A-8017-4B2A-9F5B-CCE30439CE79} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {46BF31F9-5F78-4B45-AFC2-142C1255589A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {74C959BB-8D2E-4895-9007-C4EC2B5C024D} - \System Speedup_DEFAULT No Task File <==== ATTENTION
Task: {75EB321A-4AA4-41F1-BF00-A745ACF026E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {8A7681C5-8FFB-4D6F-B1F9-A2906C327269} - \Advanced System Protector No Task File <==== ATTENTION
Task: {94ED6D9C-3A8F-4FEB-A382-76AA1F018C68} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {9DE07081-785C-4158-A77C-8D93D772DE15} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - \RegClean Pro No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BEA74895-BF3E-4789-AC8C-7AB7AC703FB9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D1B72BBB-3285-4D07-8327-5E56EE5E120C} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-04] (Systweak)
Task: {DA906298-FB18-4E8C-80C0-0A63BEE2CA9A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {E339D5A9-C455-4B65-B7E5-CE8013357397} - System32\Tasks\Rocket Updater => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF68FBA8-F8D6-4A3B-A5FF-AB86E4601898} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {F431BE44-2BE4-4ECC-80D9-C1FB3BB361D4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Rocket Updater.job => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-09 04:49 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-01 19:16 - 2014-07-01 19:15 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-10-31 22:14 - 2013-10-31 22:14 - 00104552 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfCredProv.dll
2013-11-01 06:01 - 2013-06-05 21:43 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-28 07:02 - 2013-06-28 07:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 07:00 - 2013-06-28 07:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 07:07 - 2013-06-28 07:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-07-01 19:16 - 2014-07-01 19:15 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-07-07 17:47 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2013-10-31 21:43 - 2013-05-16 04:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-10 16:16 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/15/2014 04:28:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.
Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.
Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.
Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.
Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.
Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (07/14/2014 06:19:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.
System errors:
=============
Error: (07/14/2014 04:26:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/12/2014 07:34:40 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der
Netzwerkhardwareadresse 98-0C-82-5E-66-7C ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (07/11/2014 09:54:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/11/2014 09:54:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (07/11/2014 09:52:22 PM) (Source: DCOM) (EventID: 10010) (User: Familien-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (07/10/2014 06:16:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.
Error: (07/10/2014 06:15:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/10/2014 06:15:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (07/10/2014 06:15:02 PM) (Source: DCOM) (EventID: 10010) (User: Familien-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (07/10/2014 04:45:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (07/15/2014 04:28:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)
Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)
Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)
Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)
Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (07/14/2014 06:19:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)
CodeIntegrity Errors:
===================================
Date: 2014-07-15 17:51:48.905
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 17:49:23.102
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 17:49:20.339
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 17:49:12.888
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 17:49:11.187
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-15 17:46:25.698
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-07 20:10:14.744
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-07 18:33:23.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-07-07 18:30:41.483
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-06-13 20:03:35.134
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 7944.27 MB
Available physical RAM: 4868.82 MB
Total Pagefile: 9160.27 MB
Available Pagefile: 6001.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:425.78 GB) (Free:362.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.88 GB) NTFS
Drive e: (FL Offline 1.5) (CDROM) (Total:3.4 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6E0DC121)
Partition: GPT Partition Type.
==================== End Of Log ============================
LG Enrico |
|
dann auf 
und dann auf 
.
Adwarecleaner.
Linear-Darstellung
