Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Adware Problem!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 10.07.2014, 16:16   #1
Enno123
 
Adware Problem! - Standard

Adware Problem!



Hallo!

Ich habe da ein kleines großes Problem. Der PC meiner Eltern ist total vermüllt. Überall Werbeanzeigen, Chrome-Startbildschirm verändert sich usw...

Ich habe schon mehrmals den ADWCleaner drüber laufen lassen. Er hat immer was gefunden. Habe es versucht via ADWCleaner zu entfernen, erst hats Augenscheinlich funktioniert, es war keine Werbung mehr zu sehen, doch paar Tage später war alles wieder beim Alten und ich habe das Gefühl es wird immer mehr.

Norton hat mir 8 Tracking Cookies gemeldet. Welche nach automatischem Suchlauf entfernt wurden.

Habe nun auch Malwarebytes drüber laufen lassen und dies meldete mir sage und schreibe 507 gefundene Objekte!!

Ich hoffe Ihr könnt mir irgendwie weiterhelfen...

LG

Enrico

Malwarebytes Logfile:

Anhang 68163

Alt 10.07.2014, 16:38   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Adware Problem! - Standard

Adware Problem!





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 10.07.2014, 17:01   #3
Enno123
 
Adware Problem! - Standard

Adware Problem!



Hallo Jürgen!

Vielen Dank das du dich meinem Problem annimmst!

LG

Enrico

FRST Log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by Friedrich (administrator) on FAMILIEN-PC on 10-07-2014 17:55:37
Running from C:\Users\Friedrich\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a268313-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a26834d-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf704-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf7bc-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0bce8-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0c206-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
hxxp://www.giga.de/foto/
hxxp://www.giga.de/androidnews/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=
CHR StartupUrls: "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR NewTab: "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR Extension: (Google Docs) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (YouTube) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google-Suche) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (Norton Identity Protection) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-23]
CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Google Mail) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-04] (Systweak)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140709.001\IDSvia64.sys [525016 2014-03-30] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\ENG64.SYS [126040 2014-01-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\EX64.SYS [2099288 2014-01-23] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 17:55 - 2014-07-10 17:55 - 00021700 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2014-07-10 17:54 - 2014-07-10 17:55 - 00000000 ____D () C:\FRST
2014-07-10 17:53 - 2014-07-10 17:53 - 02084352 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2014-07-10 17:53 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload
2014-07-10 16:11 - 2014-07-10 17:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 16:11 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-10 16:11 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe
2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe
2014-07-10 09:49 - 2014-07-10 10:09 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2014-07-10 09:49 - 2014-07-10 09:49 - 00001061 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-07-10 09:49 - 2014-07-03 17:55 - 00020280 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe
2014-07-10 09:45 - 2014-07-10 09:46 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe
2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe
2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe
2014-07-07 20:19 - 2014-07-10 16:39 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak
2014-07-07 20:18 - 2014-07-07 20:18 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-07 20:15 - 2014-07-07 20:15 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214 (1).exe
2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno
2014-07-07 18:29 - 2014-04-08 19:19 - 16781312 _____ () C:\Users\Friedrich\Downloads\Bus-Simulator_2012_Demo (3).rar
2014-07-07 17:48 - 2014-07-10 16:46 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-07-07 17:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk
2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel
2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag
2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp
2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______
2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend
2014-07-06 14:48 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-06 14:48 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-06 14:48 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-06 14:48 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-07-06 14:48 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-07-06 14:48 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-07-06 14:48 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley
2014-07-03 21:57 - 2014-07-03 21:58 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi
2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip
2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log
2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon
2014-07-03 21:29 - 2014-07-03 21:34 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe
2014-07-03 20:20 - 2014-07-06 17:56 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg
2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp
2014-07-03 18:30 - 2014-07-03 19:26 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt
2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 21:54 - 2014-07-10 16:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 21:54 - 2014-07-10 16:45 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe
2014-07-02 20:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-01 22:14 - 2014-07-01 22:15 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe
2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-07-01 21:20 - 2014-07-03 20:21 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt
2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-01 20:50 - 2014-07-01 20:51 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe
2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice
2014-07-01 20:38 - 2014-07-10 17:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job
2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2014-06-30 23:11 - 2014-06-30 23:12 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe
2014-06-21 18:41 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-21 18:41 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-06-21 18:41 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-21 18:41 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-21 18:41 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-21 18:41 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-21 18:41 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-21 18:41 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-21 18:41 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-21 18:36 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-21 18:36 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-21 18:36 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-21 18:36 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-21 18:36 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-21 18:36 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-21 18:36 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-21 18:36 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-21 18:36 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-21 18:36 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-21 18:36 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-21 18:36 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-21 18:32 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-21 18:32 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-21 18:32 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db
2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security

==================== One Month Modified Files and Folders =======

2014-07-10 17:55 - 2014-07-10 17:55 - 00021700 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2014-07-10 17:55 - 2014-07-10 17:54 - 00000000 ____D () C:\FRST
2014-07-10 17:53 - 2014-07-10 17:53 - 02084352 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2014-07-10 17:53 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload
2014-07-10 17:40 - 2013-10-31 21:17 - 01132338 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-10 17:38 - 2014-07-01 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job
2014-07-10 17:32 - 2014-07-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 17:16 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-10 16:59 - 2014-07-02 21:54 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 16:50 - 2014-01-04 06:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2014-07-10 16:49 - 2013-11-01 06:00 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-10 16:49 - 2013-11-01 06:00 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-10 16:49 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-10 16:47 - 2014-07-10 16:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 16:47 - 2014-07-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-07-10 16:46 - 2014-07-07 17:48 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-07-10 16:46 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 16:45 - 2014-07-02 21:54 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 16:45 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-10 16:44 - 2013-10-31 22:14 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2014-07-10 16:44 - 2013-03-25 23:02 - 00220526 _____ () C:\WINDOWS\PFRO.log
2014-07-10 16:44 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-10 16:39 - 2014-07-07 20:19 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak
2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-02-01 18:05 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Malwarebytes
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-10 10:09 - 2014-07-10 09:49 - 00003108 _____ () C:\WINDOWS\System32\Tasks\RegClean Pro
2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe
2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe
2014-07-10 09:49 - 2014-07-10 09:49 - 00001061 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk
2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe
2014-07-10 09:46 - 2014-07-10 09:45 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe
2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe
2014-07-10 09:36 - 2014-01-11 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-07-08 17:04 - 2014-01-23 19:33 - 00155136 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe
2014-07-07 20:18 - 2014-07-07 20:18 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-07 20:16 - 2014-02-01 18:25 - 00000000 ____D () C:\AdwCleaner
2014-07-07 20:15 - 2014-07-07 20:15 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214 (1).exe
2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno
2014-07-07 20:10 - 2014-01-04 22:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk
2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel
2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag
2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp
2014-07-06 17:56 - 2014-07-03 20:20 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg
2014-07-06 17:50 - 2014-01-04 06:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______
2014-07-06 16:46 - 2014-04-06 17:34 - 00000188 _____ () C:\Users\Friedrich\Desktop\Amazon.de.url
2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend
2014-07-06 15:03 - 2013-10-31 21:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-05 18:17 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley
2014-07-03 21:59 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VirtualStore
2014-07-03 21:58 - 2014-07-03 21:57 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi
2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip
2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log
2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon
2014-07-03 21:34 - 2014-07-03 21:29 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe
2014-07-03 20:21 - 2014-07-01 21:20 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt
2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp
2014-07-03 19:33 - 2014-01-09 04:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-03 19:26 - 2014-07-03 18:30 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt
2014-07-03 19:05 - 2014-05-01 19:33 - 00000000 ____D () C:\Users\Friedrich\Desktop\Neuer Ordner
2014-07-03 17:55 - 2014-07-10 09:49 - 00020280 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 21:55 - 2014-01-09 02:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 21:54 - 2014-01-09 02:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Deployment
2014-07-02 20:50 - 2014-04-13 19:45 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-02 20:49 - 2012-07-26 07:26 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe
2014-07-01 22:15 - 2014-07-01 22:14 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe
2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-07-01 21:24 - 2014-01-09 04:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-01 20:51 - 2014-07-01 20:50 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe
2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice
2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-07-01 19:16 - 2012-07-26 09:21 - 00036697 _____ () C:\WINDOWS\setupact.log
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2014-07-01 19:15 - 2014-01-04 06:22 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2014-06-30 23:12 - 2014-06-30 23:11 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe
2014-06-22 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-22 15:54 - 2014-01-14 19:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-22 15:53 - 2014-01-14 19:58 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-13 22:07 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db
2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-06-12 19:56 - 2014-01-23 19:39 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-06-12 19:56 - 2014-01-23 19:39 - 00002512 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Friedrich\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\COMAP.EXE
C:\Users\Friedrich\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Friedrich\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\securitascoutgames_3.exe
C:\Users\Friedrich\AppData\Local\Temp\SpOrder.dll
C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 14:32

==================== End Of Log ============================
         
--- --- ---



FRST Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by Friedrich at 2014-07-10 17:56:10
Running from C:\Users\Friedrich\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CombineZM (HKLM-x32\...\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Eisenbahn.exe Professional 7.0 (HKLM-x32\...\{8CB0014C-FE4C-461D-A387-76828BD70E19}) (Version: 7.00.0000 - Trend)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
Fahren Lernen Offline 1.5 (HKLM-x32\...\{452473D3-1D26-4E61-8060-3B216620D60C}_is1) (Version:  - Verlag Heinrich Vogel - Springer Transport Media GmbH)
Freddy:Deutsch3/Deutsch4 (HKLM-x32\...\freddyDeutsch34) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.315.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Nitro Pro 8 (HKLM\...\{50BB4ACC-00C5-4436-B1B9-8ADA9255963B}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0325 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.70 (Version: 311.70 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
Open Office Packages (HKCU\...\Open Office Packages) (Version:  - ) <==== ATTENTION
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4367 - Systweak Software)
Securita Scout (HKLM-x32\...\Securita Scout) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points  =========================

20-05-2014 17:16:06 Installiert Eisenbahn.exe Professional 7.0
10-06-2014 17:10:17 Geplanter Prüfpunkt
22-06-2014 13:51:53 Windows Update
01-07-2014 18:40:30 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
03-07-2014 19:58:56 Installed CombineZM
06-07-2014 13:03:35 Installiert Eisenbahn.exe Professional 7.0
10-07-2014 08:10:31 RegClean Pro Do, Jul 10, 14  10:10

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {109237F1-A61A-4532-884B-AD380BD1AFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {11801761-0FB4-4852-A878-02BC3588CFC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29BF260E-C96B-4A94-9D93-FBC0F2C1222A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {40D66A6E-0588-4ACB-BC14-60D51AEEE4D5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {43C8412A-8017-4B2A-9F5B-CCE30439CE79} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {46BF31F9-5F78-4B45-AFC2-142C1255589A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {53B2D0DB-5C46-4900-98E3-9ED7D185C17C} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-04] (Systweak)
Task: {74C959BB-8D2E-4895-9007-C4EC2B5C024D} - \System Speedup_DEFAULT No Task File <==== ATTENTION
Task: {75EB321A-4AA4-41F1-BF00-A745ACF026E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {77EBFB9B-94A4-4C8A-9200-31C900155774} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-22] (Microsoft Corporation)
Task: {8A7681C5-8FFB-4D6F-B1F9-A2906C327269} - \Advanced System Protector No Task File <==== ATTENTION
Task: {94ED6D9C-3A8F-4FEB-A382-76AA1F018C68} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {9DE07081-785C-4158-A77C-8D93D772DE15} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BEA74895-BF3E-4789-AC8C-7AB7AC703FB9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E339D5A9-C455-4B65-B7E5-CE8013357397} - System32\Tasks\Rocket Updater => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF68FBA8-F8D6-4A3B-A5FF-AB86E4601898} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {F431BE44-2BE4-4ECC-80D9-C1FB3BB361D4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Rocket Updater.job => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-09 04:49 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-01 19:16 - 2014-07-01 19:15 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-06-28 07:02 - 2013-06-28 07:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 07:00 - 2013-06-28 07:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 07:07 - 2013-06-28 07:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 04:46:22 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (07/10/2014 04:45:13 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (07/10/2014 04:43:01 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetProcessOwner

Error: (07/10/2014 04:08:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (07/10/2014 10:07:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (07/10/2014 09:55:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (07/10/2014 09:40:42 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (07/10/2014 09:36:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: daemonu.exe, Version: 4.11.9.1, Zeitstempel: 0x5194eb80
Name des fehlerhaften Moduls: daemonu.exe, Version: 4.11.9.1, Zeitstempel: 0x5194eb80
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00025fc5
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xdaemonu.exe0
Pfad der fehlerhaften Anwendung: daemonu.exe1
Pfad des fehlerhaften Moduls: daemonu.exe2
Berichtskennung: daemonu.exe3
Vollständiger Name des fehlerhaften Pakets: daemonu.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: daemonu.exe5

Error: (07/09/2014 04:32:07 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (07/08/2014 06:50:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (07/10/2014 04:45:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/10/2014 04:45:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (07/10/2014 09:36:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/07/2014 08:18:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.

Error: (07/07/2014 08:18:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/07/2014 08:18:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (07/07/2014 08:34:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/06/2014 05:45:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ENRICOTOMSCHKE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{358131B4-29C7-4275-911B-32ECFA7A4BE4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/06/2014 03:59:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ENRICOTOMSCHKE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{358131B4-29C7-4275-911B-32ECFA7A4BE4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (07/06/2014 03:37:58 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ENRICOTOMSCHKE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{358131B4-29C7-4275-911B-32ECFA7A4BE4}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (07/10/2014 04:46:22 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2014 04:45:13 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (07/10/2014 04:43:01 PM) (Source: VMCService) (EventID: 0) (User: )
Description: GetProcessOwner

Error: (07/10/2014 04:08:58 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2014 10:07:17 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2014 09:55:35 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2014 09:40:42 AM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/10/2014 09:36:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: daemonu.exe4.11.9.15194eb80daemonu.exe4.11.9.15194eb80c000000500025fc56e801cf9a0fcc587d29C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exee1a2e9e1-0804-11e4-be8d-a4db3035b3cf

Error: (07/09/2014 04:32:07 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2014 06:50:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


CodeIntegrity Errors:
===================================
  Date: 2014-07-07 20:10:14.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 18:33:23.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 18:30:41.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-13 20:03:35.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-13 20:02:43.213
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-13 19:56:15.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-14 19:16:16.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 18:12:12.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-06 16:22:13.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-06 16:20:12.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 7944.27 MB
Available physical RAM: 5157.46 MB
Total Pagefile: 9160.27 MB
Available Pagefile: 5972.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.78 GB) (Free:363.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.88 GB) NTFS
Drive e: (FL Offline 1.5) (CDROM) (Total:3.4 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:1.86 GB) (Free:1.25 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6E0DC121)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 10.07.2014, 17:08   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Adware Problem! - Standard

Adware Problem!



Hi, wichtig wird sein, dass Du die Funde von Adwcleaner und MBAM löschen läßt. Siehe Anweisungen bei den Schritten...

Schritt 1

Bitte deinstalliere folgende Programme:

Open Office Packages


Versuche es bei Windows 8 mit der Windowstaste + X über .

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 2
  • Schließe alle offenen Programme und Browser.
  • Starte bitte Adwarecleaner.
  • Akzeptiere die Nutzungsbedingungen.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
    Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Schritt 3
Scan mit Malwarebytes Antimalware
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 4



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 10.07.2014, 18:20   #5
Enno123
 
Adware Problem! - Standard

Adware Problem!



Hallo

Hatte bevor ich hier angefragt hatte schon mal einen Malewarebytes Scan gemacht und alles in Quarantäne gestellt. War das richtig?

LG

Enrico

adwcleaner Log:

Code:
ATTFilter
# AdwCleaner v3.215 - Bericht erstellt am 10/07/2014 um 18:14:15
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Friedrich - FAMILIEN-PC
# Gestartet von : C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\Users\Friedrich\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\WINDOWS\System32\Tasks\RegClean Pro

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1
Gelöscht [Homepage] : hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=
Gelöscht [Extension] : fmlgoencnlndpglbocajlimaikjohmab
Gelöscht [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [2676 octets] - [01/02/2014 18:25:18]
AdwCleaner[R1].txt - [7358 octets] - [02/07/2014 20:47:47]
AdwCleaner[R2].txt - [7449 octets] - [02/07/2014 20:48:36]
AdwCleaner[R3].txt - [10366 octets] - [07/07/2014 20:16:06]
AdwCleaner[R4].txt - [2631 octets] - [10/07/2014 18:13:06]
AdwCleaner[S0].txt - [2609 octets] - [01/02/2014 18:27:29]
AdwCleaner[S1].txt - [333 octets] - [02/07/2014 20:48:15]
AdwCleaner[S2].txt - [5900 octets] - [02/07/2014 20:48:56]
AdwCleaner[S3].txt - [9003 octets] - [07/07/2014 20:16:48]
AdwCleaner[S4].txt - [2497 octets] - [10/07/2014 18:14:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2557 octets] ##########
         
Malwarebytes Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.07.2014
Suchlauf-Zeit: 18:21:33
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.10.04
Rootkit Datenbank: v2014.07.09.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Friedrich

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306201
Verstrichene Zeit: 8 Min, 55 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 70
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\de, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\en, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es_419, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-BE, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CA, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CH, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-LU, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it-CH, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ja, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pl, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_BR, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_PT, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ru, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\tr, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\vi, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_CN, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_TW, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_metadata, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 

Dateien: 130
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, , [b8c70c914c2f4fe72169a86bf311dd23], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, , [d5aa3964ec8f4ceadab01af9c440f709], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\background.html, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\index.html, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\jump.html, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\manifest.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\bookmarks.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\bookmarks\img\searchButton.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\classification.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin\del.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin\main.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\classification\img\skin\selected.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\cloud.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\cloudApp.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\cloudWebsite.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\createWebsite.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\buttonBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\categoryBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\icons.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\searchBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\searchButton.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\searchLeft.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\selected.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\cloud\img\skin\tabsBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\dialog\img\skin\headerBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\extensions.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\extensions\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide\guide.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\guide\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\lastVisited.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\lastVisited\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice\notice.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\notice\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\search.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\google-new-logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\searchicon.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\search\img\searchicon2.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\setup.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\skin\dialBoxStyle.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\setup\img\skin\icons.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oBookmarks.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oDownloads.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oExtensions.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oHistory.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\shortcuts\img\oNewtab.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\cloudWallpaper.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\skins.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\categoryBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\delete.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\download.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\icons.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\skins\img\skin\loading.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\weather.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\css\style.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\logo.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\line.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\locationIcon.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\searchButton.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\app\weather\img\skin\weather.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\css\all.css, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\game.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\icon_128.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\icon_16.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\icon_48.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\NEW.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\shopping.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\weather.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\webstore.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\default.jpg, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\iconsprite.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\idialog_s.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\ios5_button.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\left.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\loading.gif, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\loading2.gif, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\qBoxBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_bg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_bg0.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_left.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_left0.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_right.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\q_right0.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\right.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\selected.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\img\skin\titleBg.png, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\all.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\background.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\ga.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\jq.mobi.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\jump.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\pop.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\redirect.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\js\xagainit.js, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\de\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\en\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\es_419\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-BE\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CA\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-CH\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\fr-LU\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\it-CH\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ja\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pl\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_BR\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\pt_PT\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\ru\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\tr\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\vi\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_CN\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_locales\zh_TW\messages.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.1_0\_metadata\verified_contents.json, , [bdc2c2dbe19a4de99b51d3cf34ce9967], 
PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=",), ,[dfa0e0bd2e4d46f04f28d3f7f113a35d]
PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1" ],), ,[a3dc9607de9d65d108a2329834d06799]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Da das Alles etwas zu lang wird Sende ich das jetzt mit Anhang

Anhang 68166

Anhang 68167

LG


Alt 10.07.2014, 18:25   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Adware Problem! - Standard

Adware Problem!



Bitte die Funde von MBAM in Quarantäne stellen und anschließend Suchlauf wiederholen...
__________________
--> Adware Problem!

Alt 10.07.2014, 18:59   #7
Enno123
 
Adware Problem! - Standard

Adware Problem!



Erledigt

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 10.07.2014
Suchlauf-Zeit: 19:47:27
Logdatei: LogMLB3.txt
Administrator: Nein

Version: 2.00.2.1012
Malware Datenbank: v2014.07.10.04
Rootkit Datenbank: v2014.07.09.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Friedrich

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306579
Verstrichene Zeit: 9 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 4
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, , [d1ae1489c8b32c0abbcf73a0d1337b85], 
PUP.Optional.QuickStart.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, , [552a8a13c5b6a0967713090aad57bb45], 
PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=",), ,[3c43930a1a61ba7c176087435fa544bc]
PUP.Optional.Trovigo.A, C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1" ],), ,[dda2fda0f586290ddfcbfdcd6c984fb1]

Physische Sektoren: 0
(No malicious items detected)


(end)
         
LG

Enrico

Alt 10.07.2014, 19:54   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Adware Problem! - Standard

Adware Problem!



Hi,

bitte mal den Browser zurücksetzen:

Chrome:
https://support.google.com/chrome/answer/3296214?hl=de

Anschließend:



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 10.07.2014, 20:05   #9
Enno123
 
Adware Problem! - Standard

Adware Problem!



Hier ist der Log :



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2014
Ran by Friedrich (administrator) on FAMILIEN-PC on 10-07-2014 21:03:19
Running from C:\Users\Friedrich\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Trend Redaktons- und Verlagsgesellschaft mbH) C:\Program Files (x86)\Trend\EEP7\EEP7.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a268313-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a26834d-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf704-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf7bc-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0bce8-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0c206-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
hxxp://www.giga.de/foto/
hxxp://www.giga.de/androidnews/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-10]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=
CHR StartupUrls: "hxxp://www.trovigo.com/?gd=&ctid=CT3323829&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SP3259589E-A388-4E49-A367-281AF9275842&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1404658252&from=wld&uid=ST500LM000-1EJ162_W370DSV1XXXXW370DSV1"
CHR Extension: (Google Docs) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-09]
CHR Extension: (Google Drive) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-09]
CHR Extension: (YouTube) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-09]
CHR Extension: (Google-Suche) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-09]
CHR Extension: (Norton Identity Protection) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-23]
CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR Extension: (Google Mail) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
S2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-04] (Systweak)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140709.001\IDSvia64.sys [525016 2014-03-30] (Symantec Corporation)
U0 jkjba; C:\Windows\System32\drivers\utar.sys [79064 2014-07-10] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\ENG64.SYS [126040 2014-01-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140710.001\EX64.SYS [2099288 2014-01-23] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-10 21:03 - 2014-07-10 21:03 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion
2014-07-10 19:46 - 2014-07-10 19:46 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\utar.sys
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe
2014-07-10 18:50 - 2014-07-10 19:08 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt
2014-07-10 18:35 - 2014-07-10 21:03 - 00021670 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak
2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe
2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt
2014-07-10 17:55 - 2014-07-10 17:56 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2014-07-10 17:54 - 2014-07-10 21:03 - 00000000 ____D () C:\FRST
2014-07-10 17:53 - 2014-07-10 21:03 - 02084864 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2014-07-10 17:53 - 2014-07-10 18:14 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload
2014-07-10 16:11 - 2014-07-10 18:21 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 16:11 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-10 16:11 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe
2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe
2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe
2014-07-10 09:45 - 2014-07-10 09:46 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe
2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe
2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe
2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno
2014-07-07 18:29 - 2014-04-08 19:19 - 16781312 _____ () C:\Users\Friedrich\Downloads\Bus-Simulator_2012_Demo (3).rar
2014-07-07 17:48 - 2014-07-10 18:17 - 00003066 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-07-07 17:47 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk
2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel
2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag
2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp
2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______
2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend
2014-07-06 14:48 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-06 14:48 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-06 14:48 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-06 14:48 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-07-06 14:48 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-07-06 14:48 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-07-06 14:48 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley
2014-07-03 21:57 - 2014-07-03 21:58 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi
2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip
2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log
2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon
2014-07-03 21:29 - 2014-07-03 21:34 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe
2014-07-03 20:20 - 2014-07-06 17:56 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg
2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp
2014-07-03 18:30 - 2014-07-03 19:26 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt
2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 21:54 - 2014-07-10 20:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 21:54 - 2014-07-10 18:17 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe
2014-07-02 20:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-01 22:14 - 2014-07-01 22:15 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe
2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-07-01 21:20 - 2014-07-03 20:21 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt
2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-01 20:50 - 2014-07-01 20:51 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe
2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice
2014-07-01 20:38 - 2014-07-10 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job
2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2014-06-30 23:11 - 2014-06-30 23:12 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe
2014-06-21 18:41 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-21 18:41 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-06-21 18:41 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-21 18:41 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-21 18:41 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-21 18:41 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-21 18:41 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-21 18:41 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-21 18:41 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-21 18:36 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-21 18:36 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-21 18:36 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-21 18:36 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-21 18:36 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-21 18:36 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-21 18:36 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-21 18:36 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-21 18:36 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-21 18:36 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-21 18:36 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-21 18:36 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-21 18:36 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-21 18:36 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-21 18:36 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-21 18:32 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-21 18:32 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-21 18:32 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db
2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security

==================== One Month Modified Files and Folders =======

2014-07-10 21:03 - 2014-07-10 21:03 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion
2014-07-10 21:03 - 2014-07-10 18:35 - 00021670 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2014-07-10 21:03 - 2014-07-10 17:54 - 00000000 ____D () C:\FRST
2014-07-10 21:03 - 2014-07-10 17:53 - 02084864 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2014-07-10 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-10 20:59 - 2014-07-02 21:54 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 20:38 - 2014-07-01 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job
2014-07-10 19:46 - 2014-07-10 19:46 - 00079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\utar.sys
2014-07-10 19:46 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\Web
2014-07-10 19:21 - 2013-10-31 21:17 - 01152662 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-10 19:18 - 2014-01-04 06:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2014-07-10 19:08 - 2014-07-10 18:50 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe
2014-07-10 18:22 - 2013-11-01 06:00 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-10 18:22 - 2013-11-01 06:00 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-10 18:22 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-10 18:21 - 2014-07-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak
2014-07-10 18:17 - 2014-07-07 17:48 - 00003066 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-07-10 18:17 - 2014-07-02 21:54 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-10 18:15 - 2013-10-31 22:14 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2014-07-10 18:15 - 2013-03-25 23:02 - 00221088 _____ () C:\WINDOWS\PFRO.log
2014-07-10 18:15 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-10 18:15 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-10 18:14 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload
2014-07-10 18:14 - 2014-02-01 18:25 - 00000000 ____D () C:\AdwCleaner
2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe
2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt
2014-07-10 17:56 - 2014-07-10 17:55 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2014-07-10 17:16 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 16:47 - 2014-07-10 16:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 16:47 - 2014-07-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-07-10 16:46 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-02-01 18:05 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Malwarebytes
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe
2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe
2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe
2014-07-10 09:46 - 2014-07-10 09:45 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe
2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe
2014-07-10 09:36 - 2014-01-11 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-07-08 17:04 - 2014-01-23 19:33 - 00155136 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe
2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno
2014-07-07 20:10 - 2014-01-04 22:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk
2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel
2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag
2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp
2014-07-06 17:56 - 2014-07-03 20:20 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg
2014-07-06 17:50 - 2014-01-04 06:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______
2014-07-06 16:46 - 2014-04-06 17:34 - 00000188 _____ () C:\Users\Friedrich\Desktop\Amazon.de.url
2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend
2014-07-06 15:03 - 2013-10-31 21:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-05 18:17 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley
2014-07-03 21:59 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VirtualStore
2014-07-03 21:58 - 2014-07-03 21:57 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi
2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip
2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log
2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon
2014-07-03 21:34 - 2014-07-03 21:29 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe
2014-07-03 20:21 - 2014-07-01 21:20 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt
2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp
2014-07-03 19:33 - 2014-01-09 04:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-03 19:26 - 2014-07-03 18:30 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt
2014-07-03 19:05 - 2014-05-01 19:33 - 00000000 ____D () C:\Users\Friedrich\Desktop\Neuer Ordner
2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 21:55 - 2014-01-09 02:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 21:54 - 2014-01-09 02:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Deployment
2014-07-02 20:50 - 2014-04-13 19:45 - 00307760 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-02 20:49 - 2012-07-26 07:26 - 00000194 _____ () C:\WINDOWS\win.ini
2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe
2014-07-01 22:15 - 2014-07-01 22:14 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe
2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-07-01 21:24 - 2014-01-09 04:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-01 20:51 - 2014-07-01 20:50 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe
2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice
2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-07-01 19:16 - 2012-07-26 09:21 - 00036697 _____ () C:\WINDOWS\setupact.log
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2014-07-01 19:15 - 2014-01-04 06:22 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2014-06-30 23:12 - 2014-06-30 23:11 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe
2014-06-22 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-22 15:54 - 2014-01-14 19:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-22 15:53 - 2014-01-14 19:58 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-13 22:07 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-06-13 20:06 - 2014-06-13 20:06 - 00011264 ___SH () C:\Users\Friedrich\Documents\Thumbs.db
2014-06-12 20:01 - 2014-06-12 20:01 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-06-12 19:56 - 2014-01-23 19:39 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-06-12 19:56 - 2014-01-23 19:39 - 00002512 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-06-12 19:56 - 2014-01-23 19:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Friedrich\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\COMAP.EXE
C:\Users\Friedrich\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Friedrich\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\securitascoutgames_3.exe
C:\Users\Friedrich\AppData\Local\Temp\SpOrder.dll
C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 14:32

==================== End Of Log ============================
         
--- --- ---

Alt 10.07.2014, 20:27   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Adware Problem! - Standard

Adware Problem!



Ok, dann noch ESET:

(Hinweis: Scan dauert sehr lange)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 11.07.2014, 17:16   #11
Enno123
 
Adware Problem! - Standard

Adware Problem!



Hallo

Gestern wars dann schon ziemlich spät...

Deshalb jetzt der ESET Log

LG

Enrico

Code:
ATTFilter
C:\$Recycle.Bin\S-1-5-21-3631515150-3942624288-380681899-1002\$RFC4XQE.exe	Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe.vir	Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\AspManager.exe.vir	Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\filetypehelper.exe.vir	Variante von MSIL/AdvancedSystemProtector.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawl.FirstRun.exe.vir	Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\NetCrawlBHO.dll.vir	Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\updateNetCrawl.exe.vir	Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\NetCrawl.PurBrowse64.exe.vir	Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\tmp582C.tmp.vir	Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe.vir	Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.Bromon.dll.vir	Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BroStats.dll.vir	Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.BrowserAdapterS.dll.vir	möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.CompatibilityChecker.dll.vir	Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FeSvc.dll.vir	Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.FFUpdate.dll.vir	Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.IEUpdate.dll.vir	Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NetCrawl\bin\plugins\NetCrawl.PurBrowseG.dll.vir	Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir	Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.crx.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\39030.xpi.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bg.exe.vir	Variante von Win32/Toolbar.CrossRider.V evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe.vir	Win32/Toolbar.CrossRider.S evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-3.8\utils.exe.vir	Win32/Packed.VMDetector.D evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGong.crx.vir	Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll.vir	Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir	möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir	Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir	Win64/Thinknice.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir	Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir	Win32/Thinknice.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir	Win64/Thinknice.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir	Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir	Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir	Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\options\pg_options.js.vir	Win32/PriceGong.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\plugins\npPriceGong_CH.dll.vir	Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\102_dealply_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\103_intext_5_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\104_jollywallet_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\105_corticas_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\119_similar_web_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\123_intext_adv_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\155_ibario_pops_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\180_bpo_serp_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\184_noproblemppc_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\195_icm_convertmedia_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\91_monetizationLoader.js.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.26.103_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir	JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Local\Temp\OCS\ocs_v71b.exe.vir	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\1H1Q\Open Office Packages\uninstaller.exe.vir	Win32/InstallCore.PC evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir	Variante von Win32/DealPly.S evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Friedrich\AppData\Roaming\VOPackage\Uninstall.exe.vir	Win32/VOPackage.J evtl. unerwünschte Anwendung
C:\Program Files (x86)\Trend\EEP7\EEP7.exe	Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe	Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung
C:\Users\Friedrich\AppData\Local\Temp\29c2217fff8359d2c648e0ce94c6c82b\sweetpage294wld_n2.exe	Variante von Win32/ELEX.AJ evtl. unerwünschte Anwendung
C:\Users\Friedrich\AppData\Local\Temp\is1597349865\257418562_stp\OptimizerPro_600.exe	Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung
C:\Users\Friedrich\AppData\Local\Temp\is1597349865\257418600_stp\uninstaller.exe	Win32/InstallCore.PC evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\Bus-Simulator-2012-lnstall.exe	Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe	Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\Loksim3D-lnstall.exe	Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe	Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall.exe	Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
C:\Users\Friedrich\Downloads\setup-loksim3d-update-2-8-2a-Downloader.exe	Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung
F:\Downloads\ccsetup325.exe	Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\Downloads\CombineZP - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\Downloads\FoxitReader6011.0225_L10N_Setup.exe	Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
F:\Downloads\Picasa - CHIP-Downloader (1).exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\Downloads\Picasa - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\Downloads\Setup.exe	Variante von Win32/AdWare.iBryte.AE Anwendung
F:\Downloads\Downloads\Integrated_CT2325506.exe	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 1.zip	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 10.zip	Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 11.zip	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 12.zip	Win32/OpenCandy potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 18.zip	Win32/OpenCandy potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2012-12-26 164521\Backup Files 2012-12-26 164521\Backup files 2.zip	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2013-07-01 221110\Backup Files 2013-07-01 221110\Backup files 10.zip	Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2013-07-01 221110\Backup Files 2013-07-01 221110\Backup files 15.zip	Win32/OpenCandy potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 5.zip	Win32/DriverBoss.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 7.zip	Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-02-16 190100\Backup Files 2014-02-16 190100\Backup files 8.zip	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-16 190059\Backup files 5.zip	Win32/DriverBoss.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-16 190059\Backup files 9.zip	Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-23 190013\Backup files 8.zip	Variante von Win32/OpenCandy.A potenziell unsichere Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-03-23 190013\Backup files 9.zip	Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-11 193946\Backup files 4.zip	Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-03-16 190059\Backup Files 2014-05-25 193544\Backup files 3.zip	Win32/InstalleRex.M evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 10.zip	Win32/DriverBoss.B evtl. unerwünschte Anwendung
F:\ENRICOTOMSCHKE\Backup Set 2014-06-01 214459\Backup Files 2014-06-01 214459\Backup files 11.zip	Win32/InstalleRex.M evtl. unerwünschte Anwendung
F:\Music\Downloads\flstudio_9.1_online.exe	Win32/OpenCandy potenziell unsichere Anwendung
Arbeitsspeicher	Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung
         

Alt 11.07.2014, 20:19   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Adware Problem! - Standard

Adware Problem!



Hi,

bitte noch dieses Programm deinstallieren:

Securita Scout


Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06]
C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad 
AlternateDataStreams: C:\Windows:nlsPreferences
Reboot:
         
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

PC rebootet durch den Fix.
Nach dem Neustart des PC:

Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 11.07.2014, 21:00   #13
Enno123
 
Adware Problem! - Standard

Adware Problem!



Fixlog von FRST:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2014
Ran by Friedrich at 2014-07-11 21:52:00 Run:1
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_27_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDtAyD0BtA0C0FzyyB0EyEtN0D0Tzu0SzytCtAtN1L2XzutBtFtBtCtFzztFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtBtB0BtBzztBtAtGtBtCyD0DtG0DtC0C0DtGtDyC0EtCtGtD0FtD0DyDyDyC0AyDyDyEtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0A0E0B0DyCzztGyEyE0B0FtGtDtBzyzytGtD0DyEtBtGyB0C0Dzy0DtB0D0E0AyB0FtD2Q&cr=2037496794&ir=
CHR Extension: (Securita Scout) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad [2014-04-06]
C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad 
AlternateDataStreams: C:\Windows:nlsPreferences
Reboot:
*****************

'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{717686E9-21C5-404A-9888-F0E98DA52D73}' => Key deleted successfully.
'HKCR\CLSID\{717686E9-21C5-404A-9888-F0E98DA52D73}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{717686E9-21C5-404A-9888-F0E98DA52D73}' => Key deleted successfully.
'HKCR\CLSID\{717686E9-21C5-404A-9888-F0E98DA52D73}'=> Key not found.
C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad directory not found.
"C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkilfadjoneaheacgmkahfgcjchkpad" => File/Directory not found.
C:\Windows => ":nlsPreferences" ADS removed successfully.


The system needed a reboot. 

==== End of Fixlog ====
         

Alt 11.07.2014, 22:19   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Adware Problem! - Standard

Adware Problem!



Hi, bitte noch Schritt 2 ausführen...

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 15.07.2014, 18:57   #15
Enno123
 
Adware Problem! - Standard

Adware Problem!



hallo

Dauert alles seine zeit..

Daher nun schritt 2

LG

Enrico

FRST Log:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014
Ran by Friedrich (administrator) on FAMILIEN-PC on 15-07-2014 19:11:46
Running from C:\Users\Friedrich\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Systweak) C:\Program Files (x86)\Right Backup\RBClientService.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Systweak) C:\Program Files (x86)\Right Backup\RightBackup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13626072 2013-06-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1311304 2013-06-05] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2986224 2013-06-20] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15794160 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80368 2013-10-31] (Lenovo(beijing) Limited)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [548864 2013-03-12] (Vimicro)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MobileConnect] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2403840 2009-09-11] (Vodafone)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-28] ( (Atheros Communications))
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a268313-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {5a26834d-fa15-11e3-be8b-a4db3035b3cf} - "F:\AutoRun.exe" 
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf704-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {885cf7bc-74f3-11e3-be75-a4db3035b3cf} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0bce8-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-3631515150-3942624288-380681899-1002\...\MountPoints2: {8dc0c206-74ff-11e3-be78-001e101fb69f} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
hxxp://www.giga.de/foto/
hxxp://www.giga.de/androidnews/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {717686E9-21C5-404A-9888-F0E98DA52D73} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Friedrich\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Extension: (Norton Identity Protection) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-23]
CHR Extension: (Google Wallet) - C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]

==================== Services (Whitelisted) =================

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-28] (Windows (R) Win 7 DDK provider)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-08] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [239968 2014-07-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 RBClientService; C:\Program Files (x86)\Right Backup\RBClientService.exe [48240 2014-07-04] (Systweak)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-31] ()
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-11] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-28] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1504000.00D\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140714.001\IDSvia64.sys [525016 2014-03-30] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140714.024\ENG64.SYS [126040 2014-01-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140714.024\EX64.SYS [2099288 2014-01-23] (Symantec Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-20] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1504000.00D\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1504000.00D\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1504000.00D\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1049984 2013-03-15] (Vimicro Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 hwusbfake; \SystemRoot\system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-11 21:52 - 2014-07-11 21:52 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 21:10 - 2014-07-11 21:10 - 00001209 _____ () C:\Users\Friedrich\Desktop\Format Factory.lnk
2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-07-11 21:07 - 2014-07-11 21:09 - 53647808 _____ (Free Time) C:\Users\Friedrich\Downloads\FFSetup_3.3.5.0.exe
2014-07-11 19:22 - 2014-07-11 19:22 - 00001180 _____ () C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2014-07-11 19:21 - 2014-07-11 19:22 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\FreeVideoConverter
2014-07-11 19:21 - 2014-07-11 19:22 - 00000000 ____D () C:\Program Files (x86)\Free Video Converter
2014-07-11 19:21 - 2014-07-11 19:21 - 00001152 _____ () C:\Users\Friedrich\Desktop\Free Video Converter.lnk
2014-07-11 19:21 - 2014-07-11 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
2014-07-11 19:17 - 2014-07-11 19:17 - 00445592 _____ (Bandoo Media Inc) C:\Users\Friedrich\Downloads\Setup_31FreeVideoConverter.exe
2014-07-11 19:16 - 2014-07-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-07-11 19:09 - 2014-07-11 19:09 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\Friedrich\Downloads\FreemakeVideoConverterSetup.exe
2014-07-11 18:56 - 2014-07-11 18:56 - 01245384 _____ (Microsoft Corporation) C:\Users\Friedrich\Downloads\wlsetup-web.exe
2014-07-10 21:34 - 2014-07-10 21:34 - 02347384 _____ (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_deu.exe
2014-07-10 21:34 - 2014-07-10 21:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 21:03 - 2014-07-15 19:10 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe
2014-07-10 18:50 - 2014-07-10 19:08 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt
2014-07-10 18:35 - 2014-07-15 19:12 - 00018780 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak
2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe
2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt
2014-07-10 17:55 - 2014-07-10 17:56 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2014-07-10 17:54 - 2014-07-15 19:11 - 00000000 ____D () C:\FRST
2014-07-10 17:53 - 2014-07-15 19:10 - 02086912 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2014-07-10 17:53 - 2014-07-10 18:14 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload
2014-07-10 17:30 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 17:30 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-10 17:30 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-07-10 17:30 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 16:11 - 2014-07-15 18:32 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 16:11 - 2014-07-10 16:47 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-10 16:11 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe
2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe
2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe
2014-07-10 09:45 - 2014-07-10 09:46 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe
2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe
2014-07-09 16:39 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 16:39 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 16:39 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 16:38 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2014-07-09 16:38 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-07-09 16:38 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-07-09 16:38 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 16:38 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2014-07-09 16:38 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-07-09 16:38 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-07-09 16:38 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-07-09 16:38 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-07-09 16:38 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-07-09 16:38 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-07-09 16:38 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 16:38 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 16:38 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 16:38 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 16:38 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-07-09 16:37 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 16:37 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 16:37 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-07-09 16:37 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-07-09 16:37 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 16:37 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 16:37 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-07-09 16:37 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-07-09 16:37 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-07-09 16:37 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 16:37 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 16:37 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 16:37 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 16:37 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 16:37 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-07-09 16:37 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 16:37 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 16:37 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-07-09 16:37 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-07-09 16:37 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-07-09 16:37 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-07-09 16:37 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-07-09 16:37 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 16:36 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 16:36 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-08 16:36 - 2014-07-11 17:26 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe
2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno
2014-07-07 18:29 - 2014-04-08 19:19 - 16781312 _____ () C:\Users\Friedrich\Downloads\Bus-Simulator_2012_Demo (3).rar
2014-07-07 17:48 - 2014-07-15 16:27 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-07-07 17:47 - 2014-07-14 20:28 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk
2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel
2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag
2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp
2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______
2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend
2014-07-06 14:48 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-06 14:48 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-06 14:48 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-07-06 14:48 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-06 14:48 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-07-06 14:48 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-07-06 14:48 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-07-06 14:48 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley
2014-07-03 21:57 - 2014-07-03 21:58 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi
2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip
2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log
2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon
2014-07-03 21:29 - 2014-07-03 21:34 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe
2014-07-03 20:20 - 2014-07-06 17:56 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg
2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp
2014-07-03 18:30 - 2014-07-03 19:26 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt
2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 21:54 - 2014-07-15 18:59 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 21:54 - 2014-07-15 16:26 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe
2014-07-02 20:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-01 22:14 - 2014-07-01 22:15 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe
2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-07-01 21:20 - 2014-07-03 20:21 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt
2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-01 20:50 - 2014-07-01 20:51 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe
2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice
2014-07-01 20:38 - 2014-07-15 18:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job
2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-01 19:15 - 2014-07-01 19:16 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2014-06-30 23:11 - 2014-06-30 23:12 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe
2014-06-21 18:41 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-21 18:41 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-06-21 18:41 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-06-21 18:41 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-06-21 18:41 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-06-21 18:41 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-06-21 18:41 - 2014-04-01 00:08 - 00387268 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-06-21 18:41 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-06-21 18:41 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-06-21 18:32 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-06-21 18:32 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-06-21 18:32 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

==================== One Month Modified Files and Folders =======

2014-07-15 19:12 - 2014-07-10 18:35 - 00018780 _____ () C:\Users\Friedrich\Desktop\FRST.txt
2014-07-15 19:11 - 2014-07-10 17:54 - 00000000 ____D () C:\FRST
2014-07-15 19:10 - 2014-07-10 21:03 - 00000000 ____D () C:\Users\Friedrich\Desktop\FRST-OlderVersion
2014-07-15 19:10 - 2014-07-10 17:53 - 02086912 _____ (Farbar) C:\Users\Friedrich\Desktop\FRST64.exe
2014-07-15 19:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-15 18:59 - 2014-07-02 21:54 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 18:38 - 2014-07-01 20:38 - 00000330 _____ () C:\WINDOWS\Tasks\Rocket Updater.job
2014-07-15 18:32 - 2014-07-10 16:11 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 18:00 - 2013-10-31 21:17 - 01519932 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-15 17:51 - 2014-01-04 22:03 - 00000000 ____D () C:\Users\Friedrich\Documents\Youcam
2014-07-15 17:50 - 2012-07-26 09:21 - 00036903 _____ () C:\WINDOWS\setupact.log
2014-07-15 17:44 - 2013-11-01 06:00 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-15 17:44 - 2013-11-01 06:00 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-15 17:44 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-15 16:31 - 2014-01-04 06:34 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3631515150-3942624288-380681899-1002
2014-07-15 16:27 - 2014-07-07 17:48 - 00003068 _____ () C:\WINDOWS\System32\Tasks\Right Backup_startup
2014-07-15 16:26 - 2014-07-02 21:54 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 20:28 - 2014-07-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Right Backup
2014-07-14 19:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 18:18 - 2014-01-23 19:38 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-07-14 16:26 - 2014-01-11 04:41 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\CrashDumps
2014-07-12 19:23 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-07-11 21:54 - 2013-03-25 23:02 - 00306520 _____ () C:\WINDOWS\PFRO.log
2014-07-11 21:54 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\Web
2014-07-11 21:54 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-11 21:53 - 2013-10-31 22:14 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2014-07-11 21:53 - 2012-07-26 07:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-11 21:52 - 2014-07-11 21:52 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-11 21:52 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 21:52 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 21:52 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-11 21:52 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 21:48 - 2014-04-06 18:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Security System 2
2014-07-11 21:10 - 2014-07-11 21:10 - 00001209 _____ () C:\Users\Friedrich\Desktop\Format Factory.lnk
2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-11 21:10 - 2014-07-11 21:10 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-07-11 21:09 - 2014-07-11 21:07 - 53647808 _____ (Free Time) C:\Users\Friedrich\Downloads\FFSetup_3.3.5.0.exe
2014-07-11 19:22 - 2014-07-11 19:22 - 00001180 _____ () C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
2014-07-11 19:22 - 2014-07-11 19:21 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\FreeVideoConverter
2014-07-11 19:22 - 2014-07-11 19:21 - 00000000 ____D () C:\Program Files (x86)\Free Video Converter
2014-07-11 19:22 - 2012-07-26 07:26 - 00000352 _____ () C:\WINDOWS\win.ini
2014-07-11 19:21 - 2014-07-11 19:21 - 00001152 _____ () C:\Users\Friedrich\Desktop\Free Video Converter.lnk
2014-07-11 19:21 - 2014-07-11 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
2014-07-11 19:17 - 2014-07-11 19:17 - 00445592 _____ (Bandoo Media Inc) C:\Users\Friedrich\Downloads\Setup_31FreeVideoConverter.exe
2014-07-11 19:16 - 2014-07-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-07-11 19:09 - 2014-07-11 19:09 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\Friedrich\Downloads\FreemakeVideoConverterSetup.exe
2014-07-11 19:03 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Packages
2014-07-11 18:56 - 2014-07-11 18:56 - 01245384 _____ (Microsoft Corporation) C:\Users\Friedrich\Downloads\wlsetup-web.exe
2014-07-11 17:26 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\IrfanView
2014-07-11 16:44 - 2014-01-14 19:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-11 16:42 - 2014-01-14 19:58 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-11 16:42 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-10 22:00 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-10 21:34 - 2014-07-10 21:34 - 02347384 _____ (ESET) C:\Users\Friedrich\Downloads\esetsmartinstaller_deu.exe
2014-07-10 21:34 - 2014-07-10 21:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 19:08 - 2014-07-10 18:50 - 00028649 _____ () C:\Users\Friedrich\Desktop\Addition.txt
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-10 19:05 - 2014-07-10 19:05 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-07-10 19:04 - 2014-07-10 19:04 - 01110476 _____ () C:\Users\Friedrich\Downloads\7z920.exe
2014-07-10 18:17 - 2014-07-10 18:17 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Systweak
2014-07-10 18:15 - 2014-07-10 18:15 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-10 18:14 - 2014-07-10 17:53 - 00097462 _____ () C:\Users\Friedrich\Downloads\Nicht bestätigt 402531.crdownload
2014-07-10 18:14 - 2014-02-01 18:25 - 00000000 ____D () C:\AdwCleaner
2014-07-10 18:11 - 2014-07-10 18:11 - 01348263 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.215.exe
2014-07-10 17:56 - 2014-07-10 17:56 - 00026787 _____ () C:\Users\Friedrich\Downloads\Addition.txt
2014-07-10 17:56 - 2014-07-10 17:55 - 00055293 _____ () C:\Users\Friedrich\Downloads\FRST.txt
2014-07-10 16:47 - 2014-07-10 16:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-07-10 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-10 16:11 - 2014-02-01 18:05 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Malwarebytes
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-10 16:11 - 2014-02-01 18:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-10 10:01 - 2014-07-10 10:01 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (4).exe
2014-07-10 09:56 - 2014-07-10 09:56 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (3).exe
2014-07-10 09:47 - 2014-07-10 09:47 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (2).exe
2014-07-10 09:46 - 2014-07-10 09:45 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946 (1).exe
2014-07-10 09:44 - 2014-07-10 09:44 - 04501576 _____ (Systweak Inc ) C:\Users\Friedrich\Downloads\rcpsetupg_apptvlatest-apptvlatest_1946.exe
2014-07-08 17:04 - 2014-01-23 19:33 - 00155136 ___SH () C:\Users\Friedrich\Desktop\Thumbs.db
2014-07-08 16:36 - 2014-07-08 16:36 - 00001901 _____ () C:\Users\Friedrich\Desktop\IrfanView Thumbnails.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00001013 _____ () C:\Users\Friedrich\Desktop\IrfanView.lnk
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-08 16:36 - 2014-07-08 16:36 - 00000000 ____D () C:\Program Files (x86)\IrfanView
2014-07-08 16:35 - 2014-07-08 16:35 - 02197648 _____ (Irfan Skiljan) C:\Users\Friedrich\Downloads\iview438g_setup.exe
2014-07-07 20:13 - 2014-07-07 20:13 - 00000000 ____D () C:\Users\Friedrich\Desktop\Enno
2014-07-07 17:47 - 2014-07-07 17:47 - 00003132 _____ () C:\WINDOWS\System32\Tasks\System Speedup
2014-07-07 17:47 - 2014-07-07 17:47 - 00001061 _____ () C:\Users\Public\Desktop\Right Backup.lnk
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\rbtemp
2014-07-07 17:47 - 2014-07-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Right Backup
2014-07-06 18:05 - 2014-07-06 18:05 - 00001333 _____ () C:\Users\Public\Desktop\Fahren Lernen Offline.lnk
2014-07-06 18:05 - 2014-07-06 18:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verlag Heinrich Vogel
2014-07-06 17:57 - 2014-07-06 17:57 - 00000000 ____D () C:\Program Files (x86)\Vogel Verlag
2014-07-06 17:56 - 2014-07-06 17:56 - 00167137 _____ () C:\Users\Friedrich\Desktop\e.odp
2014-07-06 17:56 - 2014-07-03 20:20 - 00564304 _____ () C:\Users\Friedrich\Desktop\Unbenannt 2.odg
2014-07-06 17:50 - 2014-01-04 06:30 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\CrashDumps
2014-07-06 16:46 - 2014-07-06 16:46 - 01063312 _____ () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator-lnstall (1).exe
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\Downloads\OMSI---Der-Omnibussimulator
2014-07-06 16:46 - 2014-07-06 16:46 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Temp434fa06c045d655c128c6e6570ea6b69_______
2014-07-06 16:46 - 2014-04-06 17:34 - 00000188 _____ () C:\Users\Friedrich\Desktop\Amazon.de.url
2014-07-06 15:06 - 2014-07-06 15:06 - 00001942 _____ () C:\Users\Public\Desktop\EEP 7.0.lnk
2014-07-06 15:05 - 2014-07-06 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend
2014-07-06 15:03 - 2013-10-31 21:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CombineZM
2014-07-03 21:59 - 2014-07-03 21:59 - 00000000 ____D () C:\Program Files (x86)\Alan Hadley
2014-07-03 21:59 - 2014-01-04 05:58 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\VirtualStore
2014-07-03 21:58 - 2014-07-03 21:57 - 02735104 _____ () C:\Users\Friedrich\Downloads\CombineZ-m.msi
2014-07-03 21:50 - 2014-07-03 21:50 - 06448158 _____ () C:\Users\Friedrich\Downloads\German_CZPHelp.zip
2014-07-03 21:35 - 2014-07-03 21:35 - 00000558 _____ () C:\WINDOWS\KB893803v2.log
2014-07-03 21:35 - 2014-07-03 21:35 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Helicon
2014-07-03 21:34 - 2014-07-03 21:29 - 88327960 _____ (Helicon Soft Ltd. ) C:\Users\Friedrich\Downloads\HeliconFocus.exe
2014-07-03 20:21 - 2014-07-01 21:20 - 01971896 _____ () C:\Users\Friedrich\Desktop\EINLADUNG.odt
2014-07-03 20:20 - 2014-07-03 20:20 - 00505198 _____ () C:\Users\Friedrich\Desktop\Unbenannt 1.odp
2014-07-03 19:33 - 2014-01-09 04:49 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-03 19:26 - 2014-07-03 18:30 - 00062188 _____ () C:\Users\Friedrich\Desktop\GEBURTSTAG.odt
2014-07-03 19:05 - 2014-05-01 19:33 - 00000000 ____D () C:\Users\Friedrich\Desktop\Neuer Ordner
2014-07-02 21:55 - 2014-07-02 21:55 - 00002258 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-02 21:55 - 2014-07-02 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-02 21:55 - 2014-01-09 02:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-02 21:54 - 2014-07-02 21:54 - 00004112 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-02 21:54 - 2014-07-02 21:54 - 00003876 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-02 21:54 - 2014-01-09 02:20 - 00000000 ____D () C:\Users\Friedrich\AppData\Local\Deployment
2014-07-02 20:47 - 2014-07-02 20:47 - 01346519 _____ () C:\Users\Friedrich\Downloads\adwcleaner_3.214.exe
2014-07-01 22:15 - 2014-07-01 22:14 - 10320896 _____ () C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager [1].exe
2014-07-01 21:24 - 2014-07-01 21:24 - 00000000 ___HD () C:\ProgramData\CanonIJScan
2014-07-01 21:24 - 2014-01-09 04:47 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\Canon
2014-07-01 20:53 - 2014-07-01 20:53 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-07-01 20:51 - 2014-07-01 20:51 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-01 20:51 - 2014-07-01 20:51 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-01 20:51 - 2014-07-01 20:50 - 00000000 ____D () C:\Users\Friedrich\Desktop\OpenOffice 4.1.0 (de) Installation Files
2014-07-01 20:47 - 2014-07-01 20:47 - 00961360 _____ (Chip Digital GmbH) C:\Users\Friedrich\Downloads\OpenOffice - CHIP-Installer.exe
2014-07-01 20:44 - 2014-07-01 20:44 - 00000000 ____D () C:\Users\Friedrich\AppData\Roaming\OpenOffice
2014-07-01 20:38 - 2014-07-01 20:38 - 00002668 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-07-01 19:16 - 2014-07-01 19:16 - 00001090 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\ProgramData\DatacardService
2014-07-01 19:16 - 2014-07-01 19:15 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01007.dll
2014-07-01 19:15 - 2014-07-01 19:15 - 01001472 _____ (DiBcom SA) C:\WINDOWS\system32\Drivers\mod7700.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbwwan.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juwwanecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwusbdev.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcacm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jubusenum.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_jucdcecm.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\WINDOWS\system32\Drivers\ewdcsc.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_juextctrl.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_hwupgrade.sys
2014-07-01 19:15 - 2014-07-01 19:15 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ew_usbenumfilter.sys
2014-07-01 19:15 - 2014-01-04 06:22 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\ewusbmdm.sys
2014-07-01 00:42 - 2014-07-10 17:30 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-10 17:30 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-01 00:42 - 2014-07-10 17:30 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-06-30 23:12 - 2014-06-30 23:11 - 00788832 _____ ( ) C:\Users\Friedrich\Downloads\CombineZP_CB-DL-Manager.exe
2014-06-28 05:35 - 2014-07-10 17:30 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-26 22:53 - 2012-07-26 10:14 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2012-07-26 10:14 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-22 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-19 04:12 - 2014-07-09 16:37 - 02239488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-06-19 04:12 - 2014-07-09 16:37 - 01366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-09 16:37 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-06-19 04:12 - 2014-07-09 16:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-06-19 04:12 - 2014-07-09 16:37 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-09 16:37 - 19277312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-09 16:37 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-06-19 04:11 - 2014-07-09 16:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 15369728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 02650624 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-09 16:37 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-09 16:37 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-09 16:37 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-09 16:37 - 01766400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-09 16:37 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-09 16:37 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-09 16:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-09 16:37 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-09 16:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 13732352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 02863616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 01440768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-09 16:37 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-09 16:37 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-09 16:37 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-09 16:37 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-06-19 00:05 - 2014-07-09 16:37 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-06-18 01:27 - 2014-07-09 16:39 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-06-18 01:24 - 2014-07-09 16:39 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe

Some content of TEMP:
====================
C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Friedrich\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Friedrich\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Friedrich\AppData\Local\Temp\AS_OMSI_UPD_V101.exe
C:\Users\Friedrich\AppData\Local\Temp\COMAP.EXE
C:\Users\Friedrich\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\Friedrich\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Friedrich\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Friedrich\AppData\Local\Temp\ochelper.dll
C:\Users\Friedrich\AppData\Local\Temp\ochelper.exe
C:\Users\Friedrich\AppData\Local\Temp\Quarantine.exe
C:\Users\Friedrich\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Friedrich\AppData\Local\Temp\sdapskill.exe
C:\Users\Friedrich\AppData\Local\Temp\sdaspwn.exe
C:\Users\Friedrich\AppData\Local\Temp\securitascoutgames_3.exe
C:\Users\Friedrich\AppData\Local\Temp\SpOrder.dll
C:\Users\Friedrich\AppData\Local\Temp\sweetpage294wld_n2.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-14 16:41

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Adittion Log:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014
Ran by Friedrich at 2014-07-15 19:12:23
Running from C:\Users\Friedrich\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Benutzerhandbuch (x32 Version: 1.0.0.15 - Lenovo) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version:  - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
CombineZM (HKLM-x32\...\{7E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}) (Version: 1.0.0 - Alan Hadley)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Eisenbahn.exe Professional 7.0 (HKLM-x32\...\{8CB0014C-FE4C-461D-A387-76828BD70E19}) (Version: 7.00.0000 - Trend)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.28 - Lenovo)
Energy Manager (x32 Version: 1.0.0.28 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fahren Lernen Offline 1.5 (HKLM-x32\...\{452473D3-1D26-4E61-8060-3B216620D60C}_is1) (Version:  - Verlag Heinrich Vogel - Springer Transport Media GmbH)
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Freddy:Deutsch3/Deutsch4 (HKLM-x32\...\freddyDeutsch34) (Version:  - )
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3165 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.4.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.5.4.1001 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 3.13.315.1 - Vimicro)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5108.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5108.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.02.382 - Huawei Technologies Co.,Ltd)
Nitro Pro 8 (HKLM\...\{50BB4ACC-00C5-4436-B1B9-8ADA9255963B}) (Version: 8.5.5.2 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0325 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0325 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0325 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.70 (Version: 311.70 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.230 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6954 - Realtek Semiconductor Corp.)
Right Backup (HKLM-x32\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.4367 - Systweak Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.4.19 - Synaptics Incorporated)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
Vodafone Mobile Connect Lite (HKLM-x32\...\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}) (Version: 9.4.3.17550 - Vodafone)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points  =========================

20-05-2014 17:16:06 Installiert Eisenbahn.exe Professional 7.0
10-06-2014 17:10:17 Geplanter Prüfpunkt
22-06-2014 13:51:53 Windows Update
01-07-2014 18:40:30 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
03-07-2014 19:58:56 Installed CombineZM
06-07-2014 13:03:35 Installiert Eisenbahn.exe Professional 7.0
10-07-2014 08:10:31 RegClean Pro Do, Jul 10, 14  10:10

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {109237F1-A61A-4532-884B-AD380BD1AFDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {11801761-0FB4-4852-A878-02BC3588CFC5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {29BF260E-C96B-4A94-9D93-FBC0F2C1222A} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {40D66A6E-0588-4ACB-BC14-60D51AEEE4D5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {43C8412A-8017-4B2A-9F5B-CCE30439CE79} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {46BF31F9-5F78-4B45-AFC2-142C1255589A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {74C959BB-8D2E-4895-9007-C4EC2B5C024D} - \System Speedup_DEFAULT No Task File <==== ATTENTION
Task: {75EB321A-4AA4-41F1-BF00-A745ACF026E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-02] (Google Inc.)
Task: {8A7681C5-8FFB-4D6F-B1F9-A2906C327269} - \Advanced System Protector No Task File <==== ATTENTION
Task: {94ED6D9C-3A8F-4FEB-A382-76AA1F018C68} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe
Task: {9DE07081-785C-4158-A77C-8D93D772DE15} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A0FE4068-D4C3-418C-8AFF-4BFBC10CA421} - \RegClean Pro No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BEA74895-BF3E-4789-AC8C-7AB7AC703FB9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D1B72BBB-3285-4D07-8327-5E56EE5E120C} - System32\Tasks\Right Backup_startup => C:\Program Files (x86)\Right Backup\RightBackup.exe [2014-07-04] (Systweak)
Task: {DA906298-FB18-4E8C-80C0-0A63BEE2CA9A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-11] (Microsoft Corporation)
Task: {E339D5A9-C455-4B65-B7E5-CE8013357397} - System32\Tasks\Rocket Updater => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EF68FBA8-F8D6-4A3B-A5FF-AB86E4601898} - \System Speedup_UPDATES No Task File <==== ATTENTION
Task: {F431BE44-2BE4-4ECC-80D9-C1FB3BB361D4} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FDA0AB38-0C5F-4EC2-B621-643726D533DE} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Rocket Updater.job => C:\Users\FRIEDR~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2014-01-09 04:49 - 2011-02-07 09:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-07-01 19:16 - 2014-07-01 19:15 - 00239968 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-31 22:14 - 2013-10-31 22:14 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-10-31 22:14 - 2013-10-31 22:14 - 00104552 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfCredProv.dll
2013-11-01 06:01 - 2013-06-05 21:43 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-06-28 07:02 - 2013-06-28 07:02 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-28 07:00 - 2013-06-28 07:00 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-28 07:07 - 2013-06-28 07:07 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-07-01 19:16 - 2014-07-01 19:15 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 00383488 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2014-07-01 19:16 - 2014-07-01 19:15 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-07-07 17:47 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files (x86)\Right Backup\System.Data.SQLite.dll
2013-10-31 21:43 - 2013-05-16 04:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-02 21:55 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-10 16:16 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Friedrich\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2014 04:28:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.

Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.

Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.

Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.

Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.

Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Versuch, Datei "C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/14/2014 06:19:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm (6624) C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log.


System errors:
=============
Error: (07/14/2014 04:26:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/12/2014 07:34:40 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.2 mit dem Computer mit der
Netzwerkhardwareadresse 98-0C-82-5E-66-7C ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.

Error: (07/11/2014 09:54:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/11/2014 09:54:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (07/11/2014 09:52:22 PM) (Source: DCOM) (EventID: 10010) (User: Familien-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/10/2014 06:16:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst RBClientService erreicht.

Error: (07/10/2014 06:15:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/10/2014 06:15:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (07/10/2014 06:15:02 PM) (Source: DCOM) (EventID: 10010) (User: Familien-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/10/2014 04:45:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (07/15/2014 04:28:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: Familien-PC)
Description: Produkt: Vodafone Mobile Connect Lite -- Fehler 2711. The specified Feature name ('ByteMobile') not found in Feature table.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)

Error: (07/14/2014 06:21:05 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)

Error: (07/14/2014 06:20:35 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)

Error: (07/14/2014 06:20:04 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)

Error: (07/14/2014 06:19:34 PM) (Source: ESENT) (EventID: 489) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (07/14/2014 06:19:02 PM) (Source: ESENT) (EventID: 455) (User: )
Description: LiveComm6624C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\: C:\Users\Friedrich\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\45a0730e40f740f5\120712-0049\DBStore\LogFiles\edb.log-1032 (0xfffffbf8)


CodeIntegrity Errors:
===================================
  Date: 2014-07-15 17:51:48.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:49:23.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:49:20.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:49:12.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:49:11.187
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-15 17:46:25.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 20:10:14.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 18:33:23.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-07 18:30:41.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-13 20:03:35.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 7944.27 MB
Available physical RAM: 4868.82 MB
Total Pagefile: 9160.27 MB
Available Pagefile: 6001.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.78 GB) (Free:362.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.88 GB) NTFS
Drive e: (FL Offline 1.5) (CDROM) (Total:3.4 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 6E0DC121)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Achso Probleme, konnte ich bisher keine mehr feststellen...

LG

Enrico

Antwort

Themen zu Adware Problem!
js/toolbar.crossrider.b, msil/advancedsystemprotector.b, msil/browsefox.e, msil/browsefox.g, pup.optional.quickstart.a, pup.optional.trovigo.a, win32/adware.speedingupmypc.d, win32/browsefox.f, win32/browsefox.h, win32/conduit.searchprotect.h, win32/dealply.s, win32/downloadsponsor.a, win32/elex.ad, win32/installcore.pc, win32/packed.vmdetector.d, win32/pricegong.a, win32/pricegong.b, win32/thinknice.a, win32/thinknice.b, win32/thinknice.c, win32/toolbar.crossrider.s, win32/toolbar.crossrider.v, win32/winloadsda.d, win64/browsefox.a, win64/thinknice.a



Ähnliche Themen: Adware Problem!


  1. Log-Auswertung, Problem Grafikkarte, Adware
    Log-Analyse und Auswertung - 30.08.2015 (8)
  2. Wajam Adware und Proxy-Problem
    Plagegeister aller Art und deren Bekämpfung - 15.01.2015 (7)
  3. Adware Problem (Logfiles)
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (1)
  4. Adware.Gen7 - Adware/Cherished.oia - Adware/InstallCore.Gen9 - TR/Trash.Gen bei Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.12.2014 (13)
  5. Windows 7 64 Bit Adware Problem
    Log-Analyse und Auswertung - 23.09.2014 (8)
  6. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  7. Windows 7: Adware Problem und andere
    Log-Analyse und Auswertung - 20.07.2014 (12)
  8. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  9. ADWARE/Adware.Gen7 .....Problem
    Log-Analyse und Auswertung - 07.10.2013 (8)
  10. Adware und Spyhunter 4 Problem
    Plagegeister aller Art und deren Bekämpfung - 21.02.2013 (15)
  11. Absturz Firefox und Funde ADWARE/InstallMat.D, TR/Barys.443.5, ADWARE/Adware.Gen6
    Log-Analyse und Auswertung - 03.01.2013 (19)
  12. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)
  13. Adware Problem, IE öffnet sich automatisch
    Log-Analyse und Auswertung - 26.07.2010 (9)
  14. Adware Problem
    Log-Analyse und Auswertung - 09.05.2008 (5)
  15. Firefox, Internet Explorer Problem -> Adware
    Plagegeister aller Art und deren Bekämpfung - 07.01.2008 (3)
  16. problem mit adware
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  17. Problem mit hartnäckiger Adware
    Log-Analyse und Auswertung - 19.03.2005 (6)

Zum Thema Adware Problem! - Hallo! Ich habe da ein kleines großes Problem. Der PC meiner Eltern ist total vermüllt. Überall Werbeanzeigen, Chrome-Startbildschirm verändert sich usw... Ich habe schon mehrmals den ADWCleaner drüber laufen lassen. - Adware Problem!...
Archiv
Du betrachtest: Adware Problem! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.