Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.06.2014, 16:40   #1
HerthaCelly
 
Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet - Standard

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet



Hi ihr lieben ,

folgendes Problem habe ich, ich hoffe mir kann einer von euch helfen.

Wenn ich Mozilla Firefox öffne, werden irgendwelche Tabs oder mehrere Firefox Seiten geöffnet und der PC hängt ziemlich stark oder stürzt nach ein paar Minuten ab.

Dazu kommt hinzu das immer Werbungen eingeblendet werden.

Die Proxy-Einstellung müssen auch immer wieder neu eingestellt werden.

Wäre echt cool wenn mir einer helfen könnte.

Vielen Dank

Gruß HerthaCelly

Alt 29.06.2014, 17:22   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet - Standard

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 29.06.2014, 17:29   #3
HerthaCelly
 
Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet - Standard

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet



Hier die FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by celly (administrator) on CELLY-PC on 29-06-2014 18:25:53
Running from C:\Users\celly\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Systweak) C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe
(BUP) C:\Users\Celly_2\AppData\Roaming\BupSystem\bup.exe
() C:\Program Files (x86)\LPT\srpts.exe
() C:\Program Files\004\rqpbhevlkc64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamHttpServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
(PriceMeter) C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
HKU\S-1-5-21-4244430064-1564049243-4293526128-1000\...\Run: [BlockNSurf] => C:\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe
HKU\S-1-5-21-4244430064-1564049243-4293526128-1000\...\MountPoints2: {32c4002a-cfb9-11e3-a668-0022156eb916} - H:\AutoRun.exe
HKU\S-1-5-21-4244430064-1564049243-4293526128-1000\...\MountPoints2: {32c40036-cfb9-11e3-a668-0022156eb916} - H:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Celly_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:51552;https=127.0.0.1:51552
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=492&aid=103&itype=a&ver=12692&tm=347&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDB4A37812554CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
URLSearchHook: HKLM-x32 - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=a&ver=12692&tm=347&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHp8Pk5fza5XP2LqNOcSHMtbl0vt3xjxqLjH3FfFGrtpLTUpBCystXadzXKHt04nuW8NsHHtv8eKlsFDr880j9SmlpbGrn5chdA0t1m2L5vmQNql7dQpFE3Pxsn2PeOfFdofW9gpQ7M3663VX0izV2vkeSCg94oo9Z-yPSlUrTdDcIByMEiYwszpjiec8kt&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaHp8Pk5fza5XP2LqNOcSHMtbl0vt3xjxqLjH3FfFGrtpLTUpBCystXadzXKHt04nuW8NsHHtv8eKlsFDr880j9SmlpbGrn5chdA0t1m2L5vmQNql7dQpFE3Pxsn2PeOfFdofW9gpQ7M3663VX0izV2vkeSCg94oo9Z-yPSlUrTdDcIByMEiYwszpjiec8kt&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=a&ver=12692&tm=347&src=ds&p={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=a&ver=12692&tm=347&src=ds&p={searchTerms}
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CouponDownloader - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\Coupon Downloader\Coupon Downloader.dll ()
BHO-x32: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\Users\Celly_2\AppData\LocalLow\systems ie bho\bho.dll ()
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\SiteFinder\SiteFinder.dll (Site Finder)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1404055461&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=3 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: @tools.updatepm.com/PriceMeterLiveUpdate Update;version=9 - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0\npGoogleUpdate3.dll (PriceMeter)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\celly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\user.js
FF SearchPlugin: C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerplus - C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-06-24]
FF Extension: Freeven Pro 1.3 - C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\Extensions\e20dc619-d8c4-48f1-ae07-641cefb43165@3c4d943f-ad97-4f6e-aa94-d9671175a3d0.com [2014-06-24]
FF Extension: Fast Start - C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\Extensions\faststartff@gmail.com [2014-06-21]
FF Extension: Settings Manager - C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\Extensions\{34FA153F-3A2C-364C-E68F-3F8A21AA8D9D} [2014-05-18]
FF Extension: Foxtab Speed Dial - C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-06-26]
FF Extension: Adblock Plus - C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-09]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\extensions\quick_start@gmail.com
FF HKCU\...\Firefox\Extensions: [{265EBC63-A567-27EE-3841-675D6F8D29FC}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi [2014-05-10]

Chrome: 
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hppp&ts=1400739441&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hppp&ts=1400739441&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=dspp&ts=1403787453&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\celly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\celly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\celly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google-Suche) - C:\Users\celly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\celly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Google Mail) - C:\Users\celly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 BlockAndSurf; C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe [142848 2014-05-10] () [File not signed]
R2 bupService; C:\Users\Celly_2\AppData\Roaming\BupSystem\bup.exe [642048 2014-04-14] (BUP) [File not signed]
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [37920 2014-04-08] ()
S2 pricemeterliveUpdate; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-05-22] (PriceMeter)
S3 pricemeterliveUpdatem; C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [150504 2014-05-22] (PriceMeter)
R2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe [709120 2014-05-14] () [File not signed]
R2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [293888 2014-05-21] (Wajam Internet Technologies Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-17] (Cherished Technololgy LIMITED) [File not signed]
S2 Update webget; "C:\Program Files (x86)\webget\updatewebget.exe" [X]
S2 Util webget; "C:\Program Files (x86)\webget\bin\utilwebget.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 Atc002; C:\Windows\System32\DRIVERS\l260x64.sys [34304 2009-06-10] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-04-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [36240 2014-05-18] (Aztec Media Inc)
R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-26] (StdLib)
R1 {55685567-4840-4a91-962b-49a412e9485a}w64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112 2014-06-19] (StdLib)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-09] (StdLib)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-29 18:25 - 2014-06-29 18:26 - 00021776 _____ () C:\Users\celly\Downloads\FRST.txt
2014-06-29 18:25 - 2014-06-29 18:25 - 00000000 ____D () C:\FRST
2014-06-29 18:24 - 2014-06-29 18:24 - 02083328 _____ (Farbar) C:\Users\celly\Downloads\FRST64.exe
2014-06-29 18:10 - 2014-06-29 18:10 - 04993824 _____ (Systweak Inc ) C:\Users\celly\Downloads\regclean_my392101.exe
2014-06-29 16:40 - 2014-06-29 16:40 - 00000000 ____D () C:\Users\celly\AppData\Local\node-webkit
2014-06-27 22:14 - 2014-06-29 17:26 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-06-26 17:46 - 2014-06-26 17:46 - 00006624 ____N () C:\bootsqm.dat
2014-06-26 10:20 - 2014-06-29 16:20 - 00000000 ____D () C:\Users\celly\AppData\Local\Gameo
2014-06-26 10:20 - 2014-06-26 15:01 - 00000000 ___HD () C:\Users\celly\AppData\Roaming\GoldenGate
2014-06-26 10:20 - 2014-06-26 10:20 - 00000167 _____ () C:\Users\celly\Desktop\Play Games Online.url
2014-06-26 10:19 - 2014-06-29 18:19 - 00000288 _____ () C:\Windows\Tasks\FoxTab.job
2014-06-26 10:19 - 2014-06-29 16:35 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Gameo
2014-06-26 10:19 - 2014-06-26 10:19 - 00003228 _____ () C:\Windows\System32\Tasks\FoxTab
2014-06-26 10:19 - 2014-06-26 10:19 - 00000043 _____ () C:\Users\celly\AppData\Roaming\WB.CFG
2014-06-26 10:19 - 2014-06-26 10:19 - 00000000 ____D () C:\Users\celly\AppData\Roaming\FoxTab
2014-06-26 10:19 - 2014-06-26 10:19 - 00000000 ____D () C:\Program Files (x86)\Foxtab
2014-06-26 09:58 - 2014-06-26 09:58 - 00000000 ____D () C:\Users\celly\Desktop\Musik
2014-06-26 04:12 - 2014-06-26 04:12 - 00000000 ____D () C:\Users\Celly_2\AppData\Roaming\Cherry
2014-06-20 08:51 - 2014-06-19 17:01 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
2014-06-19 23:56 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 23:56 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 23:56 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 23:56 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 23:56 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 23:56 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 23:56 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 23:56 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 23:56 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 23:56 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 23:56 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 23:56 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 23:56 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 23:56 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 23:56 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 23:56 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 23:56 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 23:56 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 23:56 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 23:56 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 23:56 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 23:56 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 23:56 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 23:56 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 23:56 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 23:56 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 23:56 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 23:56 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 23:56 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 23:56 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 23:56 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 23:56 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 23:56 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 23:56 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 23:56 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 23:56 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 23:56 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 23:56 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 23:56 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 23:56 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 23:56 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 23:56 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 23:56 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 23:56 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 23:56 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 23:56 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 23:56 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 23:56 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 23:56 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 23:56 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 23:56 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 23:56 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-19 23:56 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-19 23:56 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-19 23:56 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-19 23:56 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-19 23:56 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-19 23:56 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-19 23:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-19 23:56 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-19 23:56 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-19 23:56 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-19 23:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-19 23:56 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-19 23:55 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-19 23:55 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-19 17:24 - 2014-06-19 20:16 - 00000000 ____D () C:\Users\celly\AppData\Roaming\vlc
2014-06-19 17:24 - 2014-06-19 17:24 - 00000000 ____D () C:\Users\celly\AppData\Roaming\dvdcss
2014-06-18 20:43 - 2014-06-18 20:43 - 00000503 _____ () C:\Users\celly\AppData\Local\{2BFC69CD-6C3D-46AF-86BD-189DE6A98D02}
2014-06-18 20:43 - 2014-06-18 20:43 - 00000000 ____H () C:\Users\celly\AppData\Local\BIT63D3.tmp
2014-06-18 20:39 - 2014-06-18 20:39 - 00000000 ____H () C:\Users\celly\AppData\Local\BIT90AE.tmp
2014-06-18 20:38 - 2014-06-18 20:39 - 00000000 _____ () C:\Users\celly\AppData\Local\{546EB6C5-4346-4F6C-A09B-730850F7A331}
2014-06-17 19:36 - 2014-06-17 19:36 - 00000000 _____ () C:\Users\celly\AppData\Local\{9F8D392D-C27B-4F4F-8CCA-54FE676B9B12}
2014-06-02 22:25 - 2014-06-02 22:25 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-02 03:33 - 2014-06-20 03:13 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-06-02 03:32 - 2014-06-02 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-06-02 03:31 - 2014-06-02 03:32 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-06-02 03:31 - 2014-06-02 03:31 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Opera Software
2014-06-02 03:31 - 2014-06-02 03:31 - 00000000 ____D () C:\Users\celly\AppData\Local\Opera Software
2014-06-02 03:31 - 2014-06-02 03:31 - 00000000 _____ () C:\end
2014-06-02 03:30 - 2014-06-02 03:30 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-06-02 03:30 - 2014-06-02 03:30 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-30 21:05 - 2014-05-30 21:05 - 05933392 _____ () C:\Users\celly\Downloads\SetupKeyManKeyboardMouse_4006-10_DE.exe
2014-05-30 21:05 - 2014-05-30 21:05 - 00000000 ____D () C:\Windows\DC627AE5A2B14D16AF56178D10EC3E81.TMP
2014-05-30 20:47 - 2014-05-30 20:47 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-30 20:41 - 2014-05-30 20:42 - 06209136 _____ (TeamViewer GmbH) C:\Users\celly\Downloads\TeamViewer_Setup_de.exe
2014-05-30 18:33 - 2014-05-30 18:33 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Cherry
2014-05-30 18:26 - 2014-05-30 18:26 - 05756865 _____ () C:\Users\celly\Downloads\Cherry_Tools_59_DE.zip

==================== One Month Modified Files and Folders =======

2014-06-29 18:26 - 2014-06-29 18:25 - 00021776 _____ () C:\Users\celly\Downloads\FRST.txt
2014-06-29 18:26 - 2014-05-22 01:17 - 00000968 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
2014-06-29 18:25 - 2014-06-29 18:25 - 00000000 ____D () C:\FRST
2014-06-29 18:24 - 2014-06-29 18:24 - 02083328 _____ (Farbar) C:\Users\celly\Downloads\FRST64.exe
2014-06-29 18:19 - 2014-06-26 10:19 - 00000288 _____ () C:\Windows\Tasks\FoxTab.job
2014-06-29 18:14 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 18:14 - 2009-07-14 06:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 18:13 - 2014-05-22 01:16 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-06-29 18:13 - 2014-04-28 17:03 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Systweak
2014-06-29 18:10 - 2014-06-29 18:10 - 04993824 _____ (Systweak Inc ) C:\Users\celly\Downloads\regclean_my392101.exe
2014-06-29 18:10 - 2014-04-12 21:49 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 17:46 - 2014-04-09 21:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-29 17:28 - 2014-04-09 21:35 - 01081889 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 17:27 - 2014-05-10 10:41 - 00000424 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-06-29 17:26 - 2014-06-27 22:14 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-06-29 17:24 - 2014-05-23 05:11 - 00018432 _____ () C:\Windows\system32\umstartup.etl
2014-06-29 17:24 - 2014-05-22 01:17 - 00000964 _____ () C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
2014-06-29 17:24 - 2014-05-10 10:41 - 00000404 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-06-29 17:24 - 2014-04-12 21:49 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-29 17:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 17:24 - 2009-07-14 06:51 - 00048855 _____ () C:\Windows\setupact.log
2014-06-29 17:23 - 2014-05-23 05:11 - 00021504 _____ () C:\Windows\system32\umstartup000.etl
2014-06-29 17:23 - 2014-05-10 10:40 - 00000000 ____D () C:\Program Files (x86)\webget
2014-06-29 17:23 - 2010-11-21 05:47 - 00139084 _____ () C:\Windows\PFRO.log
2014-06-29 17:17 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-06-29 17:05 - 2014-05-13 12:04 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Activeris
2014-06-29 17:02 - 2014-04-12 21:51 - 00000000 ____D () C:\Program Files\Google
2014-06-29 17:02 - 2014-04-12 21:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-29 16:57 - 2014-04-12 21:49 - 00000000 ____D () C:\Users\celly\AppData\Local\Google
2014-06-29 16:56 - 2014-05-27 20:13 - 00000000 ____D () C:\Users\celly\AppData\Local\Razer
2014-06-29 16:56 - 2014-05-27 01:11 - 00000000 ____D () C:\ProgramData\Razer
2014-06-29 16:56 - 2014-05-27 01:11 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-06-29 16:49 - 2014-04-09 20:39 - 00000000 ____D () C:\Users\celly
2014-06-29 16:46 - 2014-04-23 09:41 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-29 16:45 - 2014-05-19 18:03 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-06-29 16:40 - 2014-06-29 16:40 - 00000000 ____D () C:\Users\celly\AppData\Local\node-webkit
2014-06-29 16:35 - 2014-06-26 10:19 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Gameo
2014-06-29 16:20 - 2014-06-26 10:20 - 00000000 ____D () C:\Users\celly\AppData\Local\Gameo
2014-06-28 03:04 - 2014-04-19 02:34 - 00001059 _____ () C:\Users\Celly_2\Desktop\Continue VuuPC Installation.lnk
2014-06-28 02:32 - 2014-04-13 15:21 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-26 18:01 - 2014-04-22 18:27 - 00019568 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-06-26 17:46 - 2014-06-26 17:46 - 00006624 ____N () C:\bootsqm.dat
2014-06-26 15:01 - 2014-06-26 10:20 - 00000000 ___HD () C:\Users\celly\AppData\Roaming\GoldenGate
2014-06-26 14:56 - 2014-05-10 10:43 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-06-26 14:56 - 2014-05-10 10:43 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-06-26 13:18 - 2014-05-10 10:43 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-06-26 10:20 - 2014-06-26 10:20 - 00000167 _____ () C:\Users\celly\Desktop\Play Games Online.url
2014-06-26 10:20 - 2014-05-10 10:43 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-06-26 10:20 - 2014-05-10 10:43 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-06-26 10:20 - 2014-05-10 10:43 - 00002826 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-06-26 10:19 - 2014-06-26 10:19 - 00003228 _____ () C:\Windows\System32\Tasks\FoxTab
2014-06-26 10:19 - 2014-06-26 10:19 - 00000043 _____ () C:\Users\celly\AppData\Roaming\WB.CFG
2014-06-26 10:19 - 2014-06-26 10:19 - 00000000 ____D () C:\Users\celly\AppData\Roaming\FoxTab
2014-06-26 10:19 - 2014-06-26 10:19 - 00000000 ____D () C:\Program Files (x86)\Foxtab
2014-06-26 09:58 - 2014-06-26 09:58 - 00000000 ____D () C:\Users\celly\Desktop\Musik
2014-06-26 04:14 - 2014-04-19 02:07 - 00058408 _____ () C:\Users\Celly_2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-26 04:12 - 2014-06-26 04:12 - 00000000 ____D () C:\Users\Celly_2\AppData\Roaming\Cherry
2014-06-25 17:32 - 2014-04-19 02:05 - 00000000 ____D () C:\Users\Celly_2
2014-06-25 17:24 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-06-25 17:24 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-06-25 17:24 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 17:22 - 2014-04-28 13:22 - 00000000 ____D () C:\Users\Celly_2\AppData\Roaming\Security Systems
2014-06-25 16:58 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-25 09:26 - 2014-04-21 16:00 - 00608404 _____ (Click Me In Limited) C:\Users\celly\AppData\Local\AnyProtectScannerSetup.exe
2014-06-21 19:10 - 2014-04-09 21:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-20 13:49 - 2014-04-18 14:42 - 00002002 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-06-20 13:49 - 2014-04-18 14:42 - 00002000 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-06-20 13:49 - 2014-04-18 14:42 - 00001990 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-06-20 13:49 - 2014-04-18 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-20 10:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-20 08:34 - 2014-04-28 13:30 - 00000000 ____D () C:\Program Files\003
2014-06-20 08:05 - 2014-04-12 21:49 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 08:05 - 2014-04-12 21:49 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 03:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-20 03:13 - 2014-06-02 03:33 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-06-20 03:09 - 2014-04-13 03:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-20 03:06 - 2014-04-13 03:36 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-20 03:01 - 2014-05-09 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-19 21:11 - 2014-04-12 21:51 - 00002375 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-19 20:16 - 2014-06-19 17:24 - 00000000 ____D () C:\Users\celly\AppData\Roaming\vlc
2014-06-19 17:24 - 2014-06-19 17:24 - 00000000 ____D () C:\Users\celly\AppData\Roaming\dvdcss
2014-06-19 17:01 - 2014-06-20 08:51 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
2014-06-18 20:43 - 2014-06-18 20:43 - 00000503 _____ () C:\Users\celly\AppData\Local\{2BFC69CD-6C3D-46AF-86BD-189DE6A98D02}
2014-06-18 20:43 - 2014-06-18 20:43 - 00000000 ____H () C:\Users\celly\AppData\Local\BIT63D3.tmp
2014-06-18 20:39 - 2014-06-18 20:39 - 00000000 ____H () C:\Users\celly\AppData\Local\BIT90AE.tmp
2014-06-18 20:39 - 2014-06-18 20:38 - 00000000 _____ () C:\Users\celly\AppData\Local\{546EB6C5-4346-4F6C-A09B-730850F7A331}
2014-06-17 19:36 - 2014-06-17 19:36 - 00000000 _____ () C:\Users\celly\AppData\Local\{9F8D392D-C27B-4F4F-8CCA-54FE676B9B12}
2014-06-08 11:13 - 2014-06-19 23:55 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-19 23:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 04:07 - 2014-05-16 10:02 - 00000000 ____D () C:\ProgramData\374311380
2014-06-02 22:25 - 2014-06-02 22:25 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-02 03:32 - 2014-06-02 03:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
2014-06-02 03:32 - 2014-06-02 03:31 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-06-02 03:31 - 2014-06-02 03:31 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Opera Software
2014-06-02 03:31 - 2014-06-02 03:31 - 00000000 ____D () C:\Users\celly\AppData\Local\Opera Software
2014-06-02 03:31 - 2014-06-02 03:31 - 00000000 _____ () C:\end
2014-06-02 03:30 - 2014-06-02 03:30 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-06-02 03:30 - 2014-06-02 03:30 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-31 04:23 - 2014-05-18 19:45 - 00000000 ____D () C:\ProgramData\systemk
2014-05-30 23:20 - 2014-04-09 20:53 - 00058408 _____ () C:\Users\celly\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-30 23:18 - 2009-07-14 06:45 - 00277696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 21:05 - 2014-05-30 21:05 - 05933392 _____ () C:\Users\celly\Downloads\SetupKeyManKeyboardMouse_4006-10_DE.exe
2014-05-30 21:05 - 2014-05-30 21:05 - 00000000 ____D () C:\Windows\DC627AE5A2B14D16AF56178D10EC3E81.TMP
2014-05-30 20:47 - 2014-05-30 20:47 - 00001138 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-05-30 20:42 - 2014-05-30 20:41 - 06209136 _____ (TeamViewer GmbH) C:\Users\celly\Downloads\TeamViewer_Setup_de.exe
2014-05-30 18:33 - 2014-05-30 18:33 - 00000000 ____D () C:\Users\celly\AppData\Roaming\Cherry
2014-05-30 18:26 - 2014-05-30 18:26 - 05756865 _____ () C:\Users\celly\Downloads\Cherry_Tools_59_DE.zip
2014-05-30 15:57 - 2014-05-14 08:41 - 00002405 _____ () C:\Users\celly\Desktop\Game - Andromeda5.lnk
2014-05-30 12:21 - 2014-06-19 23:56 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-19 23:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-19 23:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-19 23:56 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-19 23:56 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-19 23:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-19 23:56 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-19 23:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-19 23:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-19 23:56 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-19 23:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-19 23:56 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-19 23:56 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-19 23:56 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-19 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-19 23:56 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-19 23:56 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-19 23:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-19 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-19 23:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-19 23:56 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-19 23:56 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-19 23:56 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-19 23:56 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-19 23:56 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-19 23:56 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-19 23:56 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-19 23:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-19 23:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-19 23:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-19 23:56 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-19 23:56 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-19 23:56 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-19 23:56 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-19 23:56 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-19 23:56 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-19 23:56 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-19 23:56 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-19 23:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-19 23:56 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-19 23:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-19 23:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-19 23:56 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:51 - 2014-04-09 21:27 - 00001391 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-30 09:50 - 2014-06-19 23:56 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:50 - 2014-04-09 21:27 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-30 09:49 - 2014-06-19 23:56 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-19 23:56 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-19 23:56 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-19 23:56 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-19 23:56 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-19 23:56 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-19 23:56 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-19 23:56 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\celly\AppData\Local\Temp\17zfwhti.dll
C:\Users\celly\AppData\Local\Temp\avgnt.exe
C:\Users\celly\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\celly\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\celly\AppData\Local\Temp\nsaE438.tmp.exe
C:\Users\celly\AppData\Local\Temp\r1hi1kgs.dll
C:\Users\celly\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\celly\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Celly_2\AppData\Local\Temp\6_Offer_9.exe
C:\Users\Celly_2\AppData\Local\Temp\avgnt.exe
C:\Users\Celly_2\AppData\Local\Temp\BackupSetup.exe
C:\Users\Celly_2\AppData\Local\Temp\f.exe
C:\Users\Celly_2\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\Celly_2\AppData\Local\Temp\nsc138D.exe
C:\Users\Celly_2\AppData\Local\Temp\nsc37C7.exe
C:\Users\Celly_2\AppData\Local\Temp\nshCFB5.exe
C:\Users\Celly_2\AppData\Local\Temp\nsn3197.exe
C:\Users\Celly_2\AppData\Local\Temp\nsn31ED.exe
C:\Users\Celly_2\AppData\Local\Temp\nsnCB90.exe
C:\Users\Celly_2\AppData\Local\Temp\nss1794.exe
C:\Users\Celly_2\AppData\Local\Temp\nssC7B8.exe
C:\Users\Celly_2\AppData\Local\Temp\nsx3C89.exe
C:\Users\Celly_2\AppData\Local\Temp\nsxE3F.exe
C:\Users\Celly_2\AppData\Local\Temp\nsy1BE4.exe
C:\Users\Celly_2\AppData\Local\Temp\nsy2863.exe
C:\Users\Celly_2\AppData\Local\Temp\SearchProtectINT.exe
C:\Users\Celly_2\AppData\Local\Temp\SimBundD.exe
C:\Users\Celly_2\AppData\Local\Temp\SpOrder.dll
C:\Users\Celly_2\AppData\Local\Temp\uttDA4C.tmp.exe
C:\Users\Celly_2\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-16 14:53

==================== End Of Log ============================
         
--- --- ---


Hier der Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by celly at 2014-06-29 18:27:17
Running from C:\Users\celly\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 11.7.0.11109 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{CE42CFF5-F477-D440-6CFB-6CBAE0008B91}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61109.2218 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1109.2212.39826 - Advanced Micro Devices, Inc.) Hidden
CouponDownloader (Version: 1.0.0.0 - CouponDownloader) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
WinRAR 5.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.2 - win.rar GmbH)

==================== Restore Points  =========================

27-06-2014 01:00:27 Windows Update
27-06-2014 01:50:38 Windows Update
28-06-2014 01:00:29 Windows Update
28-06-2014 01:59:45 Windows Update
29-06-2014 01:01:44 Windows Update
29-06-2014 02:21:04 Windows Update
29-06-2014 14:45:32 Löwenzahn 6 wird entfernt
29-06-2014 14:47:25 Deutsche Tastatur - gravurkompatibel zur T2-Belegung gemäß DIN 2137-1:2012-06 - V1.05 wird entfernt
29-06-2014 14:48:01 Cherry Tools  V5.9 Build 2 wird entfernt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09C8C446-17F9-43CC-A409-B40078EB6C1C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {0D0D6768-7B41-4067-9AEF-2D57594DC648} - System32\Tasks\pricemetertask => C:\Users\Celly_2\AppData\Local\PriceMeter\TEMP\pricemeter.exe <==== ATTENTION
Task: {23B9BB39-60AD-4DE2-AAF3-852ABCD61FC3} - System32\Tasks\pricemeterdownloader => C:\Users\Celly_2\AppData\Local\PriceMeter\pricemeterd.exe [2014-03-13] (PriceMeter) <==== ATTENTION
Task: {3AF40604-11FF-4C6A-B14D-118306054AD9} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-05-22] (PriceMeter) <==== ATTENTION
Task: {5484057A-B812-4339-A683-1F86A334BA4C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5ACEA1F9-3E57-452D-8028-E320149EACE0} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [2014-04-08] (Systweak) <==== ATTENTION
Task: {73406AD8-C2C8-42A5-AFFC-C52FBA3F374E} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe <==== ATTENTION
Task: {8F6D7654-F902-40C2-81E2-150928027745} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: {918FD13F-B848-4EDE-BE6B-BE567C2976AC} - System32\Tasks\FoxTab => C:\Users\celly\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {A9AC1BAE-9CC3-4BC2-8E78-5FCC84E1080A} - System32\Tasks\pricemeterwatcher => C:\Users\Celly_2\AppData\Local\PriceMeter\pricemeterw.exe [2014-03-13] (PriceMeter) <==== ATTENTION
Task: {B23A4FD5-C9D8-49EA-902C-4E028053605D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D0DEADFA-D7D2-4032-A0B8-2DA4F2E6120D} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfV47.exe [2014-05-10] () <==== ATTENTION
Task: {E0D7FD47-7C49-4A9A-8BEF-14C28232A5C0} - System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-05-22] (PriceMeter) <==== ATTENTION
Task: {E1E240E3-2209-45B1-A27B-949B0CA37753} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E7BEE914-D038-4A27-A184-F46581792E99} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F47BFC8C-E134-4A6A-B295-3D50CC228CCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfV47.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\celly\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-05-14 08:42 - 2014-05-18 11:50 - 00664592 _____ () C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
2011-11-09 22:10 - 2011-11-09 22:10 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-10 10:41 - 2014-05-10 10:41 - 00142848 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe
2014-04-08 11:26 - 2014-04-08 11:26 - 00037920 _____ () C:\Program Files (x86)\LPT\srpts.exe
2014-05-14 08:43 - 2014-05-14 08:43 - 00709120 _____ () C:\Program Files\004\rqpbhevlkc64.exe
2014-05-21 19:17 - 2014-05-21 19:17 - 00047616 _____ () C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamHttpServer.exe
2014-05-14 08:42 - 2014-05-18 11:50 - 00490000 _____ () C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
2014-05-22 01:18 - 2012-07-25 12:03 - 00886272 _____ () C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
2014-05-22 01:18 - 2014-04-08 12:04 - 01730928 _____ () C:\Program Files (x86)\Advanced System Protector\aspsys.dll
2014-05-10 10:41 - 2014-05-10 10:41 - 00133120 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.dll
2014-04-28 13:23 - 2014-04-28 13:23 - 00374272 _____ () C:\Users\Celly_2\AppData\Roaming\BupSystem\sub\default.dll
2014-04-08 11:26 - 2014-04-08 11:26 - 00081952 _____ () C:\Program Files (x86)\LPT\srpt.dll
2014-04-08 11:26 - 2014-04-08 11:26 - 00023072 _____ () C:\Program Files (x86)\LPT\srptc.dll
2014-04-08 11:26 - 2014-04-08 11:26 - 00018976 _____ () C:\Program Files (x86)\LPT\Smartbar.Common.dll
2014-05-14 08:42 - 2014-05-18 11:50 - 00020496 _____ () C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll
2014-04-09 21:27 - 2014-06-21 07:19 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-14 03:47 - 2014-05-14 03:47 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft-Teredo-Tunneling-Adapter
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2014 06:12:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RegCleanPro.exe, Version: 6.21.65.2928, Zeitstempel: 0x539946f5
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc000000d
Fehleroffset: 0x00095873
ID des fehlerhaften Prozesses: 0x20e8
Startzeit der fehlerhaften Anwendung: 0xRegCleanPro.exe0
Pfad der fehlerhaften Anwendung: RegCleanPro.exe1
Pfad des fehlerhaften Moduls: RegCleanPro.exe2
Berichtskennung: RegCleanPro.exe3

Error: (06/29/2014 05:25:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 05:17:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 05:04:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 04:52:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 04:43:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 04:19:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 03:34:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PCSpeedMaximizer.exe, Version 3.2.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: bf8

Startzeit: 01cf939d37ea6acd

Endzeit: 3623

Anwendungspfad: C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe

Berichts-ID: 736a491e-ff91-11e3-9d5b-0022156eb916

Error: (06/29/2014 03:23:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 10:40:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/29/2014 05:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util webget" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/29/2014 05:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update webget" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/29/2014 05:24:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/29/2014 05:24:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (06/29/2014 05:23:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update webget" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/29/2014 05:22:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update webget" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2014 05:22:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update webget" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2014 05:22:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Util webget" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2014 05:22:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Util webget" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/29/2014 05:16:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (06/29/2014 06:12:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RegCleanPro.exe6.21.65.2928539946f5ntdll.dll6.1.7601.18247521ea8e7c000000d0009587320e801cf93b4d4addf3eC:\Program Files (x86)\RegClean Pro\RegCleanPro.exeC:\Windows\SysWOW64\ntdll.dll39e041f4-ffa8-11e3-9af2-0022156eb916

Error: (06/29/2014 05:25:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 05:17:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 05:04:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 04:52:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 04:43:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 04:19:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 03:34:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: PCSpeedMaximizer.exe3.2.0.0bf801cf939d37ea6acd3623C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe736a491e-ff91-11e3-9d5b-0022156eb916

Error: (06/29/2014 03:23:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2014 10:40:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 2559.24 MB
Available physical RAM: 1163.05 MB
Total Pagefile: 5116.66 MB
Available Pagefile: 2613.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.59 GB) (Free:28.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 3FE73FE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=77 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 30.06.2014, 13:14   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet - Standard

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet



Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.06.2014, 20:19   #5
HerthaCelly
 
Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet - Standard

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet



Hier ist der Logfile vom Combofix.

Code:
ATTFilter
ComboFix 14-06-30.01 - celly 30.06.2014  21:02:05.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2559.916 [GMT 2:00]
ausgeführt von:: c:\users\celly\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\program files (x86)\SiteFinder\SiTEfinder.dll
c:\programdata\374311380
c:\users\celly\AppData\Local\AnyProtectScannerSetup.exe
c:\users\celly\AppData\Local\nss9E0B.tmp
c:\users\Celly_2\Desktop\Search.lnk
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-28 bis 2014-06-30  ))))))))))))))))))))))))))))))
.
.
2014-06-30 19:11 . 2014-06-30 19:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-30 19:11 . 2014-06-30 19:11	--------	d-----w-	c:\users\Celly_2\AppData\Local\temp
2014-06-30 18:44 . 2014-06-30 18:44	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-06-29 16:25 . 2014-06-29 16:29	--------	d-----w-	C:\FRST
2014-06-29 14:40 . 2014-06-29 14:40	--------	d-----w-	c:\users\celly\AppData\Local\node-webkit
2014-06-26 08:20 . 2014-06-26 13:01	--------	d--h--w-	c:\users\celly\AppData\Roaming\GoldenGate
2014-06-26 08:20 . 2014-06-29 14:20	--------	d-----w-	c:\users\celly\AppData\Local\Gameo
2014-06-26 08:19 . 2014-06-26 08:19	--------	d-----w-	c:\users\celly\AppData\Roaming\FoxTab
2014-06-26 08:19 . 2014-06-29 14:35	--------	d-----w-	c:\users\celly\AppData\Roaming\Gameo
2014-06-26 08:19 . 2014-06-26 08:19	--------	d-----w-	c:\program files (x86)\Foxtab
2014-06-26 02:12 . 2014-06-26 02:12	--------	d-----w-	c:\users\Celly_2\AppData\Roaming\Cherry
2014-06-20 08:00 . 2014-06-20 08:12	--------	d-----w-	c:\users\celly\AppData\Local\Diagnostics
2014-06-20 06:51 . 2014-06-19 15:01	61112	----a-w-	c:\windows\system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
2014-06-19 21:55 . 2014-06-08 09:13	506368	----a-w-	c:\windows\system32\aepdu.dll
2014-06-19 21:55 . 2014-06-08 09:08	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-06-19 15:24 . 2014-06-19 15:24	--------	d-----w-	c:\users\celly\AppData\Roaming\dvdcss
2014-06-19 15:24 . 2014-06-19 18:16	--------	d-----w-	c:\users\celly\AppData\Roaming\vlc
2014-06-18 18:43 . 2014-06-18 18:43	0	---ha-w-	c:\users\celly\AppData\Local\BIT63D3.tmp
2014-06-18 18:39 . 2014-06-18 18:39	0	---ha-w-	c:\users\celly\AppData\Local\BIT90AE.tmp
2014-06-02 20:25 . 2014-06-02 20:25	46376	----a-w-	c:\windows\system32\drivers\netfilter64.sys
2014-06-02 01:33 . 2014-06-20 01:13	--------	d-----w-	c:\programdata\Registry Helper
2014-06-02 01:31 . 2014-06-02 01:32	--------	d-----w-	c:\program files (x86)\Wajam
2014-06-02 01:31 . 2014-06-02 01:31	--------	d-----w-	c:\users\celly\AppData\Local\Opera Software
2014-06-02 01:31 . 2014-06-02 01:31	--------	d-----w-	c:\users\celly\AppData\Roaming\Opera Software
2014-06-02 01:30 . 2014-06-02 01:30	--------	d-----w-	c:\program files (x86)\Opera
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-26 16:01 . 2014-04-22 16:27	19568	----a-w-	c:\windows\system32\roboot64.exe
2014-06-20 01:06 . 2014-04-13 01:36	95414520	----a-w-	c:\windows\system32\MRT.exe
2014-05-26 18:57 . 2014-05-27 11:32	61112	----a-w-	c:\windows\system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys
2014-05-14 01:47 . 2014-04-09 19:30	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 01:47 . 2014-04-09 19:30	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 01:46 . 2014-05-14 01:46	17938608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-05-09 15:03 . 2014-05-10 10:14	61112	----a-w-	c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-04-29 16:23 . 2014-04-29 16:24	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2014-04-29 16:23 . 2014-04-29 16:24	1490656	----a-w-	c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-04-29 09:06 . 2014-04-09 19:24	130584	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-04-29 09:06 . 2014-04-09 19:24	112080	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-04-12 02:22 . 2014-05-14 06:52	155072	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 06:52	95680	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 06:52	136192	----a-w-	c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 06:52	29184	----a-w-	c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 06:52	28160	----a-w-	c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 06:52	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 06:52	31232	----a-w-	c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 06:52	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 06:52	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-04-12 00:51 . 2014-04-12 00:51	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2014-04-12 00:51 . 2014-04-12 00:51	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-04-12 00:51 . 2014-04-12 00:51	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2014-04-12 00:51 . 2014-04-12 00:51	235008	----a-w-	c:\windows\system32\elshyph.dll
2014-04-12 00:51 . 2014-04-12 00:51	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2014-04-12 00:51 . 2014-04-12 00:51	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2014-04-12 00:51 . 2014-04-12 00:51	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-04-12 00:51 . 2014-04-12 00:51	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2014-04-12 00:51 . 2014-04-12 00:51	337408	----a-w-	c:\windows\SysWow64\html.iec
2014-04-12 00:51 . 2014-04-12 00:51	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2014-04-12 00:51 . 2014-04-12 00:51	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2014-04-12 00:51 . 2014-04-12 00:51	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2014-04-12 00:51 . 2014-04-12 00:51	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2014-04-12 00:51 . 2014-04-12 00:51	942592	----a-w-	c:\windows\system32\jsIntl.dll
2014-04-12 00:51 . 2014-04-12 00:51	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-04-12 00:51 . 2014-04-12 00:51	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-04-12 00:51 . 2014-04-12 00:51	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2014-04-12 00:51 . 2014-04-12 00:51	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2014-04-12 00:51 . 2014-04-12 00:51	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2014-04-12 00:51 . 2014-04-12 00:51	247808	----a-w-	c:\windows\system32\msls31.dll
2014-04-12 00:51 . 2014-04-12 00:51	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2014-04-12 00:51 . 2014-04-12 00:51	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2014-04-12 00:51 . 2014-04-12 00:51	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-04-12 00:51 . 2014-04-12 00:51	81408	----a-w-	c:\windows\system32\icardie.dll
2014-04-12 00:51 . 2014-04-12 00:51	77312	----a-w-	c:\windows\system32\tdc.ocx
2014-04-12 00:51 . 2014-04-12 00:51	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2014-04-12 00:51 . 2014-04-12 00:51	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-04-12 00:51 . 2014-04-12 00:51	413696	----a-w-	c:\windows\system32\html.iec
2014-04-12 00:51 . 2014-04-12 00:51	30208	----a-w-	c:\windows\system32\licmgr10.dll
2014-04-12 00:51 . 2014-04-12 00:51	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2014-04-12 00:51 . 2014-04-12 00:51	243200	----a-w-	c:\windows\system32\webcheck.dll
2014-04-12 00:51 . 2014-04-12 00:51	235520	----a-w-	c:\windows\system32\url.dll
2014-04-12 00:51 . 2014-04-12 00:51	167424	----a-w-	c:\windows\system32\iexpress.exe
2014-04-12 00:51 . 2014-04-12 00:51	143872	----a-w-	c:\windows\system32\wextract.exe
2014-04-12 00:51 . 2014-04-12 00:51	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-04-12 00:51 . 2014-04-12 00:51	105984	----a-w-	c:\windows\system32\iesysprep.dll
2014-04-12 00:51 . 2014-04-12 00:51	101376	----a-w-	c:\windows\system32\inseng.dll
2014-04-12 00:51 . 2014-04-12 00:51	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-04-12 00:51 . 2014-04-12 00:51	774144	----a-w-	c:\windows\system32\jscript.dll
2014-04-12 00:51 . 2014-04-12 00:51	62464	----a-w-	c:\windows\system32\pngfilt.dll
2014-04-12 00:51 . 2014-04-12 00:51	48128	----a-w-	c:\windows\system32\imgutil.dll
2014-04-12 00:51 . 2014-04-12 00:51	147968	----a-w-	c:\windows\system32\occache.dll
2014-04-12 00:51 . 2014-04-12 00:51	13824	----a-w-	c:\windows\system32\mshta.exe
2014-04-12 00:51 . 2014-04-12 00:51	135680	----a-w-	c:\windows\system32\iepeers.dll
2014-04-12 00:44 . 2014-04-12 00:44	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2014-04-12 00:44 . 2014-04-12 00:44	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2014-04-12 00:44 . 2014-04-12 00:44	363008	----a-w-	c:\windows\system32\dxgi.dll
2014-04-12 00:44 . 2014-04-12 00:44	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-04-12 00:44 . 2014-04-12 00:44	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2014-04-12 00:44 . 2014-04-12 00:44	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2014-04-12 00:44 . 2014-04-12 00:44	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2014-04-12 00:44 . 2014-04-12 00:44	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2014-04-12 00:44 . 2014-04-12 00:44	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2014-04-12 00:44 . 2014-04-12 00:44	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2014-04-12 00:44 . 2014-04-12 00:44	1175552	----a-w-	c:\windows\system32\FntCache.dll
2014-04-12 00:44 . 2014-04-12 00:44	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2014-04-12 00:44 . 2014-04-12 00:44	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2014-04-12 00:44 . 2014-04-12 00:44	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-12 00:44 . 2014-04-12 00:44	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2014-04-12 00:44 . 2014-04-12 00:44	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2014-04-12 00:44 . 2014-04-12 00:44	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2014-04-12 00:44 . 2014-04-12 00:44	296960	----a-w-	c:\windows\system32\d3d10core.dll
2014-04-12 00:44 . 2014-04-12 00:44	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2014-05-12 15:49	90416	----a-w-	c:\program files (x86)\Coupon Downloader\Coupon Downloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24	297808	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-04-11 02:05	513648	----a-w-	c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-05-27 737872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\users\Celly_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2014-3-14 2901032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
R2 pricemeterliveUpdate;PriceMeterLiveUpdate Service (pricemeterliveUpdate);c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe;c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [x]
R2 Update webget;Update webget;c:\program files (x86)\webget\updatewebget.exe;c:\program files (x86)\webget\updatewebget.exe [x]
R2 Util webget;Util webget;c:\program files (x86)\webget\bin\utilwebget.exe;c:\program files (x86)\webget\bin\utilwebget.exe [x]
R2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe;c:\programdata\WPM\wprotectmanager.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 pricemeterliveUpdatem;PriceMeterLiveUpdate Service (pricemeterliveUpdatem);c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe;c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 {55685567-4840-4a91-962b-49a412e9485a}Gw64;{55685567-4840-4a91-962b-49a412e9485a}Gw64;c:\windows\system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys;c:\windows\SYSNATIVE\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [x]
S1 {55685567-4840-4a91-962b-49a412e9485a}w64;{55685567-4840-4a91-962b-49a412e9485a}w64;c:\windows\system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys;c:\windows\SYSNATIVE\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [x]
S1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64;{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64;c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg;c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 BlockAndSurf;BlockAndSurf;c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe;c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfHF161.exe [x]
S2 bupService;BUP Service;c:\users\Celly_2\AppData\Roaming\BupSystem\bup.exe;c:\users\Celly_2\AppData\Roaming\BupSystem\bup.exe [x]
S2 LPTSystemUpdater;LPT System Updater Service;c:\program files (x86)\LPT\srpts.exe;c:\program files (x86)\LPT\srpts.exe [x]
S2 rqpbhevlkc64;rqpbhevlkc64;c:\program files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E;c:\program files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 Wajam Internet Enhancer Service;Wajam Internet Enhancer Service;c:\program files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe;c:\program files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [x]
S3 Atc002;NDIS-Miniporttreiber für L2 Fast-Ethernet-Controller von Atheros;c:\windows\system32\DRIVERS\l260x64.sys;c:\windows\SYSNATIVE\DRIVERS\l260x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-19 19:06	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-09 01:47]
.
2014-06-30 c:\windows\Tasks\BlockAndSurf Update.job
- c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfV47.exe [2014-05-10 08:41]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12 19:49]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-12 19:49]
.
2014-06-30 c:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-05-21 23:16]
.
2014-06-30 c:\windows\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe [2014-05-21 23:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}]
2014-04-17 19:30	665448	----a-w-	c:\program files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:23	444752	----a-w-	c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-05 15:46	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-05 15:46	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-05 15:46	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-05 15:46	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-05 15:46	777032	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.default-search.net?sid=492&aid=103&itype=a&ver=12692&tm=347&src=hmp
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397762945&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX&q={searchTerms}
uInternet Settings,ProxyServer = http=127.0.0.1:51552;https=127.0.0.1:51552
uInternet Settings,ProxyOverride = <-loopback>
IE: {{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files (x86)\SiteFinder\SiteFinder.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\celly\AppData\Roaming\Mozilla\Firefox\Profiles\1so563jy.default\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hppp&ts=1404055461&from=tugs&uid=ExcelStorXTechnologyXJ8080S_PVB100Q305X3HC05X3HCX
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef - 
FF - user.js: extensions.irspeeddial.cr - 1847854129
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutDtDtBtBtCyDyC0E0BzytCyC0FyE0FyEtN0D0Tzu0CzytDyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu1G2Z1S
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - c:\program files (x86)\SiteFinder\SiteFinder.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-BlockNSurf - c:\program files (x86)\BlockAndSurf-soft\BlockNSurf.exe
Wow6432Node-HKLM-Run-Registry Helper - c:\program files (x86)\Registry Helper\RegistryHelper.Exe
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A91196222]
"ImagePath"="\??\c:\program files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-30  21:15:22
ComboFix-quarantined-files.txt  2014-06-30 19:15
.
Vor Suchlauf: 10 Verzeichnis(se), 30.084.329.472 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 31.479.435.264 Bytes frei
.
- - End Of File - - 1907E46032CA9F7F5365877C5149BEEE
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 01.07.2014, 15:22   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet - Standard

Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet

Antwort

Themen zu Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet
eingeblendet, eingestellt, ellung, firefox, gestellt, hoffe, hängt, immer wieder, liebe, lieben, minute, minuten, mozilla, mozilla firefox, neu, pc hängt, problem, seite, seiten, seiten werden geöffnet, stark, stürzt, werbung, werbungen, ziemlich



Ähnliche Themen: Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet


  1. Webseiten werden ständig geöffnet Win 8
    Log-Analyse und Auswertung - 26.05.2015 (23)
  2. Fragwürdige Seiten mit angeblichen Gewinnen werden ständig geöffnet
    Alles rund um Windows - 14.05.2015 (9)
  3. bei Mozilla Firefox ungefragt werden Seiten geöffnet, Werbung erscheint und Wörter sind verlinkt
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (15)
  4. Trojan.BitcoinMiner, Werbung trotz AdBlocker, neue Tabs mit Werbung werden automatisch geöffnet und vieles mehr.
    Log-Analyse und Auswertung - 02.03.2015 (23)
  5. Es kommt ständig Werbung und es werden ständig neue Seiten
    Log-Analyse und Auswertung - 31.10.2014 (15)
  6. Es kommt ständig Werbung und es werden ständig neue Seiten geöffnet
    Plagegeister aller Art und deren Bekämpfung - 29.06.2014 (16)
  7. Windows7: Webseiten werden mit Werbung eingeblendet
    Log-Analyse und Auswertung - 03.05.2014 (1)
  8. Links werden umgeleitet, nervige werbungen eingeblendet. Seiten springen auf Lycos
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (7)
  9. "tcbhn mußte unterbrochen werden", dieses Feld wird ständig eingeblendet und ich kann nichts damit anfangen.
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (1)
  10. Falsche seiten werden geöffnet
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (67)
  11. Bei einem Mausklick werden gleichzeitig mehrere Seiten geöffnet
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (1)
  12. es wird ständig werbung geöffnet (mozilla firefox)
    Log-Analyse und Auswertung - 02.01.2010 (5)
  13. Falsche Seiten werden beim IE8 geöffnet
    Log-Analyse und Auswertung - 14.06.2009 (1)
  14. Werbung wird eingeblendet
    Plagegeister aller Art und deren Bekämpfung - 28.05.2009 (3)
  15. Google arbeitet nicht mehr und ständig werden einfach Seiten geöffnet
    Log-Analyse und Auswertung - 01.12.2008 (1)
  16. Explorer und FF werden ständig geöffnet
    Log-Analyse und Auswertung - 04.11.2008 (1)
  17. ständig werden Popups geöffnet
    Log-Analyse und Auswertung - 26.11.2007 (1)

Zum Thema Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet - Hi ihr lieben , folgendes Problem habe ich, ich hoffe mir kann einer von euch helfen. Wenn ich Mozilla Firefox öffne, werden irgendwelche Tabs oder mehrere Firefox Seiten geöffnet und - Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet...
Archiv
Du betrachtest: Ständig Werbung eingeblendet, mehrere Seiten werden geöffnet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.