| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
11.01.2016, 22:11
| #1 |
| |  Windows 7: Webseiten werden auf Werbung umgeleitet Hallo erstmal, ich werde seit heute bei fast jeden Mausklick im Browser(Chrome) wird Werbung in einem neuen Tab oder Fenster geöffnet. Selber habe ich es mit meinem AntiVirus Programm AVG und den Adware Remove Tool AdwCleaner probiert, jedoch haben beide nichts gefunden. Ich hoffe wirklich auf Hilfe und diese möglichst schnell. Dankbar bin ich für jeden der es versucht. MfG Vadim Sch Hier die FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
durchgeführt von VadimSch (Administrator) auf TRUNIXX (11-01-2016 22:03:13)
Gestartet von C:\Users\VadimSch\Downloads\INTERNET
Geladene Profile: VadimSch (Verfügbare Profile: VadimSch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AESMSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\puush\puush.exe
(Spotify Ltd) C:\Users\VadimSch\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Andrea Electronics Corporation) C:\Program Files (x86)\Samson\SoundDeck\SoundDeck.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Chicony) C:\Program Files (x86)\Thermaltake Ttesports Ultimate\Ttsystray3.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Thermaltake) C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS BLACK\BlackMonitor.exe
(Chicony) C:\Program Files (x86)\Thermaltake Ttesports Ultimate\tTOSD2k1001.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-08-07] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2015-12-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-23] (Easybits)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2573712 2015-12-12] ()
HKLM-x32\...\Run: [SoundDeck] => C:\Program Files (x86)\Samson\SoundDeck\SoundDeck.exe [2969288 2014-05-19] (Andrea Electronics Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Tt eSPORTS BLACK Gaming Mouse] => C:\Program Files (x86)\Tt eSPORTS\Tt eSPORTS BLACK\BlackMonitor.exe [107848 2013-08-01] (Thermaltake)
HKLM-x32\...\Run: [ChallengerUltimate] => C:\Program Files (x86)\Thermaltake Ttesports Ultimate\Ttsystray3.exe [1254912 2010-08-05] (Chicony)
HKLM-x32\...\Run: [ChallengerUltimateOSD] => C:\Program Files (x86)\Thermaltake Ttesports Ultimate\tTOSD2k1001.exe [634880 2010-08-05] (Chicony)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\ProgramData\Microsoft\Windows\Start Menu\MSDCSC\msconfig,C:\ProgramData\Microsoft\Windows\Start Menu\MSDCSC\msconfig,C:\Users\VadimSch\Documents\DCSCMIN\lTRk0yNPQbRV\IMDCSC.exe,C:\Users\VadimSch\Documents\DCSCMIN\lTRk0yNPQbRV\IMDCSC.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [OscarKeyboard] => "C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe" Minimum
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\VadimSch\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91 /CMPID=0214c
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [se] => C:\Users\user\AppData\Roaming\SkypEmoticons\SE.exe /minimized
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [568904 2015-03-30] ()
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [Spotify Web Helper] => C:\Users\VadimSch\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-16] (Spotify Ltd)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [SoundDeck] => C:\Program Files (x86)\Samson\SoundDeck\SoundDeck.exe [2969288 2014-05-19] (Andrea Electronics Corporation)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [OscarEditor] => "C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe" Minimum
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Run: [GoogleChromeAutoLaunch_AF37F0224DD9816CC0C35BFDDEE1D0FB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\MountPoints2: {a852a3bf-1fb4-11e1-99c2-806e6f6e6963} - E:\acer.exe
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\MountPoints2: {d54529dd-301c-11e3-a904-2c4138a47b93} - H:\iLinker.exe
AppInit_DLLs: C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [2759168 2013-12-30] ()
Startup: C:\Users\VadimSch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ttsystray3.exe - Verknüpfung.lnk [2015-01-18]
ShortcutTarget: Ttsystray3.exe - Verknüpfung.lnk -> C:\Program Files (x86)\Thermaltake Ttesports Ultimate\Ttsystray3.exe (Chicony)
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\Parameters: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{1ACD5454-84FF-4F6D-BF22-E2D07F413576}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{B5DB6E08-ACA8-4BE0-98D7-E1B0B5023D10}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{BB7D1F73-8C8F-402A-8924-087AF512E308}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CDBC9E46-499B-4C9F-AB1B-0D426FAAC889}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{CDBC9E46-499B-4C9F-AB1B-0D426FAAC889}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{DA635C4D-0A66-461D-9706-235438162A6B}: [NameServer] 82.163.142.3 95.211.158.130
Tcpip\..\Interfaces\{DA635C4D-0A66-461D-9706-235438162A6B}: [DhcpNameServer] 82.163.142.3
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {52CB6891-7300-49D4-AF58-DF63EECAE469} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> {52CB6891-7300-49D4-AF58-DF63EECAE469} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> {52CB6891-7300-49D4-AF58-DF63EECAE469} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> {5919EA19-B210-4890-8680-CF4E9AC51831} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=54E55EC5-CE02-43E7-A046-AF7EE279E436&apn_sauid=4BAFA838-2621-42AA-8C07-C80F6B07BEBD
SearchScopes: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> {5D45CBA5-FEF3-4E08-9A07-6C76DF111CD7} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=0205647002913E26
SearchScopes: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> {68BDB5AE-F45B-4605-9714-38DECB79D70C} URL = hxxp://isearch.avg.com/search?cid={B80782B4-C02B-44CB-9B69-FB93B0CEC764}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&pr=fr&d=2012-09-30 19:56:12&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> {71D5E915-82B8-4E19-BB02-5A376466673C} URL = hxxps://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=614363&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Plus-HD-3.8 -> {11111111-1111-1111-1111-110311901130} -> C:\Program Files (x86)\Plus-HD-3.8\Plus-HD-3.8-bho64.dll => Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-05-05] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-05-05] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-12-15] (DVDVideoSoft Ltd.)
BHO-x32: Lyrics Seeker -> {14a771cd-f066-4d65-8e98-b0d5eb237c81} -> C:\Program Files (x86)\LyricsSeeker\133.dll => Keine Datei
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
Toolbar: HKU\S-1-5-21-3405180731-3880776032-2862364969-1001 -> Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Keine Datei
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\VadimSch\AppData\Roaming\Mozilla\Firefox\Profiles\0lzdlwjs.default
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7Bbc0077e4-779f-439e-a638-56cd0f325ba8%7D&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&ds=AVG&coid=avgtbavg&cmpid=&v=17.3.1.91&lang=de&pr=fr&d=2014-03-17%2014%3A09%3A03&sap=hp
FF NetworkProxy: "type",
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Keyword.URL: hxxps://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=614363&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2012-05-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-05-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-01-31] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\new_plugin\npjp2.dll [Keine Datei]
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3405180731-3880776032-2862364969-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\VadimSch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3405180731-3880776032-2862364969-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-12-30] ()
FF SearchPlugin: C:\Users\VadimSch\AppData\Roaming\Mozilla\Firefox\Profiles\0lzdlwjs.default\searchplugins\yahoo_ff.xml [2015-08-03]
FF Extension: NoScript - C:\Users\VadimSch\AppData\Roaming\Mozilla\Firefox\Profiles\0lzdlwjs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012-07-09] [ist nicht signiert]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\VadimSch\AppData\Roaming\Mozilla\Firefox\Profiles\0lzdlwjs.default\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-26] [ist nicht signiert]
FF Extension: Kein Name - C:\Program Files\WBC Engine\Firefox [nicht gefunden]
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014-03-17] [ist nicht signiert]
FF Extension: Lyrics Seeker - C:\Users\VadimSch\AppData\Roaming\Mozilla\Firefox\Profiles\0lzdlwjs.default\Extensions\133 [2013-09-13] [ist nicht signiert]
FF Extension: OptuOan - C:\Users\VadimSch\AppData\Roaming\Mozilla\Firefox\Profiles\0lzdlwjs.default\Extensions\CI@v7.com [2015-07-01] [ist nicht signiert]
FF Extension: Online HD TV - C:\Users\VadimSch\AppData\Roaming\Mozilla\Firefox\Profiles\0lzdlwjs.default\Extensions\onlinehdtv@onlinehd.tv.xpi [2012-10-23] [ist nicht signiert]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-07-02] [ist nicht signiert]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox => nicht gefunden
FF HKLM\...\Firefox\Extensions: [{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}] - C:\Program Files\WBC Engine\Firefox => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{14DD0E04-D4F6-45d2-A958-F361FBD4F64F}] - C:\Program Files\WBC Engine\Firefox => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files (x86)\Better-Surf\ff => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha579.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha579\ff
FF Extension: Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha579\ff [2013-12-20] [ist nicht signiert]
FF HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Firefox\Extensions: [{72273571-743d-427e-a1c1-0538fbc2ddd3}] - C:\Program Files (x86)\LyricsSeeker\133.xpi => nicht gefunden
FF HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-26] [ist nicht signiert]
Chrome:
=======
CHR dev: Chrome dev build erkannt! <======= ACHTUNG
CHR HomePage: Default -> file:///C:/Users/VadimSch/Desktop/M%C3%BCll
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://search.iminent.com/?appId=A9CBA388-63F0-40E6-B3C9-D1DAF669D1DE","hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=805952679","hxxp://www.google.com","hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=17.3.1.91&pid=safeguard&sg=&sap=hp","hxxp://google.com/
hxxp://search.iminent.com/?appId={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&affid=62&cztbid=805952679
hxxp://www.google.com
hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxp://google.com/
hxxp://search.iminent.com/?appId={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&affid=62&cztbid=805952679
hxxp://www.google.com
hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://google.com/
hxxp://search.iminent.com/?appId={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&affid=62&cztbid=805952679
hxxp://www.google.com
hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.0.5.292&pid=safeguard&sg=&sap=hp
hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.0.5.292&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.1.5.512&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.1.7.598&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.1.9.786&pid=safeguard&sg=&sap=hp","hxxps://mysearch.avg.com?cid={6CDBC0C9-5643-4C7B-BA71-BF3C0EE30552}&mid=34bd1b30801a47d08ff1fd087e409260-48d77eb8077c1e613eccf4a5b6439e179a68fe91&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-17 14:09:03&v=18.1.9.799&pid=safeguard&sg=&sap=hp","hxxp://leo-statz-berufskolleg.de"
CHR Profile: C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-07-29]
CHR Extension: (Facebook Video Downloader) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2015-12-07]
CHR Extension: (YouTube Notifications) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cilgbgkmanbbecbjihnbpeaoodmgchom [2015-12-28]
CHR Extension: (Steam inventory helper) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-01-11]
CHR Extension: (Google-Suche) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Video Downloader professional) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-02-04]
CHR Extension: (AdBlock) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-09]
CHR Extension: (agar.io server browser) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2015-06-08]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2015-12-30]
CHR Extension: (Instagram Video Downloader) - C:\Users\VadimSch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccijgeciailcjildclhbjgakoemgjjg [2015-02-04]
CHR HKU\S-1-5-21-3405180731-3880776032-2862364969-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\VadimSch\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2012-10-23]
CHR HKLM-x32\...\Chrome\Extension: [eajpfgckapbejakplmjlcakccjihopih] - C:\Users\VadimSch\AppData\Local\CRE\eajpfgckapbejakplmjlcakccjihopih.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [nkbllngnehoipjfgopomkdpbgcdpljnc] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha579\ch\WebexpEnhancedV1alpha579.crx [2013-12-19]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AESMFilters; C:\Windows\system32\AESMSr64.exe [103112 2014-06-08] (Andrea Electronics Corporation)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2015-12-16] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3902984 2015-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1049000 2015-12-08] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-12-02] () [Datei ist nicht signiert]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-08-07] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [Datei ist nicht signiert]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-08-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-08-07] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-01-30] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
R2 vToolbarUpdater19.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe [1864592 2015-12-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 e9f32388; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AESMAudL; C:\Windows\System32\drivers\AESMAudL64.sys [23496 2014-06-08] (Andrea Electronics Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 DCamUSBVM; C:\Windows\System32\Drivers\usbVM31b.sys [142336 2005-09-19] (Vimicro Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-24] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-08-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-08-07] (NVIDIA Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-06] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-04] (Anchorfree Inc.)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va014; \??\C:\Windows\SysWOW64\Drivers\X6va014 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-11 21:47 - 2016-01-11 22:03 - 00000000 ____D C:\FRST
2016-01-11 21:36 - 2016-01-11 21:40 - 00001592 _____ C:\AdwCleaner[R4].txt
2016-01-11 21:26 - 2016-01-11 21:26 - 00000000 ____D C:\Users\VadimSch\AppData\Local\AVG Secure Search
2016-01-11 21:20 - 2016-01-11 21:21 - 00005705 _____ C:\AdwCleaner[S3].txt
2016-01-11 21:14 - 2016-01-11 21:19 - 00005799 _____ C:\AdwCleaner[R3].txt
2016-01-11 11:02 - 2016-01-11 11:02 - 00001948 _____ C:\Users\VadimSch\Desktop\MinecraftStoryModes.exe - Verknüpfung.lnk
2016-01-11 09:52 - 2016-01-11 09:52 - 00000000 ____D C:\ProgramData\1063022329703654763UL
2016-01-11 09:50 - 2016-01-11 09:50 - 00019342 _____ C:\Windows\System32\Tasks\{76D3C411-4756-A571-5526-2C017D45B9F9}
2016-01-11 09:50 - 2016-01-11 09:50 - 00000000 ____D C:\ProgramData\{1bb373b7-1064-0}
2016-01-11 09:50 - 2016-01-11 09:50 - 00000000 ____D C:\ProgramData\{10377d0b-4064-1}
2016-01-02 14:46 - 2016-01-02 14:46 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-02 00:38 - 2016-01-02 00:38 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\Red Giant
2016-01-02 00:38 - 2016-01-02 00:38 - 00000000 ____D C:\ProgramData\Red Giant
2016-01-01 15:06 - 2016-01-01 15:06 - 00135536 _____ C:\Users\VadimSch\Documents\Track 11 - 35.sfk
2016-01-01 15:02 - 2016-01-01 15:06 - 34682330 _____ C:\Users\VadimSch\Documents\Track 11 - 35.wav
2016-01-01 15:02 - 2016-01-01 15:02 - 02781518 _____ C:\Users\VadimSch\Documents\Track 11 - 34.wav
2016-01-01 15:02 - 2016-01-01 15:02 - 00010920 _____ C:\Users\VadimSch\Documents\Track 11 - 34.sfk
2015-12-30 12:17 - 2015-12-30 12:17 - 00057440 _____ C:\Users\VadimSch\Documents\Track 13 - 12.sfk
2015-12-30 12:15 - 2015-12-30 14:03 - 00019520 _____ C:\Users\VadimSch\Documents\Track 13 - 10.sfk
2015-12-30 12:15 - 2015-12-30 14:03 - 00003136 _____ C:\Users\VadimSch\Documents\Track 13 - 11.sfk
2015-12-30 12:15 - 2015-12-30 12:17 - 14691122 _____ C:\Users\VadimSch\Documents\Track 13 - 12.wav
2015-12-30 12:15 - 2015-12-30 12:15 - 02491242 _____ C:\Users\VadimSch\Documents\Track 13 - 10.wav
2015-12-30 12:15 - 2015-12-30 12:15 - 00394022 _____ C:\Users\VadimSch\Documents\Track 13 - 11.wav
2015-12-30 12:15 - 2015-12-30 12:15 - 00033976 _____ C:\Users\VadimSch\Documents\Track 13 - 9.sfk
2015-12-30 12:09 - 2015-12-30 14:03 - 00104680 _____ C:\Users\VadimSch\Documents\Track 13 - 8.sfk
2015-12-30 12:09 - 2015-12-30 12:15 - 08683642 _____ C:\Users\VadimSch\Documents\Track 13 - 9.wav
2015-12-30 12:06 - 2015-12-30 12:09 - 13391842 _____ C:\Users\VadimSch\Documents\Track 13 - 8.wav
2015-12-30 12:06 - 2015-12-30 12:06 - 00023504 _____ C:\Users\VadimSch\Documents\Track 13 - 7.sfk
2015-12-30 12:05 - 2015-12-30 12:06 - 06002158 _____ C:\Users\VadimSch\Documents\Track 13 - 7.wav
2015-12-29 21:38 - 2015-12-29 21:53 - 00297744 _____ C:\Users\VadimSch\Desktop\tea.veg.bak
2015-12-29 21:38 - 2015-12-29 21:53 - 00297744 _____ C:\Users\VadimSch\Desktop\tea.veg
2015-12-29 14:01 - 2015-12-29 14:01 - 00351120 _____ C:\Users\VadimSch\Documents\Track 12 - 3.sfk
2015-12-29 13:53 - 2015-12-29 14:01 - 89871690 _____ C:\Users\VadimSch\Documents\Track 12 - 3.wav
2015-12-21 11:21 - 2015-12-21 11:21 - 00015872 _____ C:\Users\VadimSch\Documents\Track 25 - 9.sfk
2015-12-21 11:20 - 2015-12-21 11:21 - 04048374 _____ C:\Users\VadimSch\Documents\Track 25 - 9.wav
2015-12-21 11:20 - 2015-12-21 11:20 - 02185858 _____ C:\Users\VadimSch\Documents\Track 25 - 8.wav
2015-12-21 11:20 - 2015-12-21 11:20 - 00017656 _____ C:\Users\VadimSch\Documents\Track 25 - 7.sfk
2015-12-21 11:20 - 2015-12-21 11:20 - 00008592 _____ C:\Users\VadimSch\Documents\Track 25 - 8.sfk
2015-12-21 11:19 - 2015-12-21 11:20 - 04505026 _____ C:\Users\VadimSch\Documents\Track 25 - 7.wav
2015-12-21 11:19 - 2015-12-21 11:19 - 00011680 _____ C:\Users\VadimSch\Documents\Track 25 - 6.sfk
2015-12-21 11:17 - 2015-12-21 11:19 - 02975410 _____ C:\Users\VadimSch\Documents\Track 25 - 6.wav
2015-12-21 11:17 - 2015-12-21 11:17 - 05476482 _____ C:\Users\VadimSch\Documents\Track 25 - 5.wav
2015-12-21 11:17 - 2015-12-21 11:17 - 00021448 _____ C:\Users\VadimSch\Documents\Track 25 - 5.sfk
2015-12-21 11:17 - 2015-12-21 11:17 - 00011216 _____ C:\Users\VadimSch\Documents\Track 25 - 4.sfk
2015-12-21 11:15 - 2015-12-21 11:17 - 02856750 _____ C:\Users\VadimSch\Documents\Track 25 - 4.wav
2015-12-21 11:15 - 2015-12-21 11:15 - 00033392 _____ C:\Users\VadimSch\Documents\Track 25 - 3.sfk
2015-12-21 11:14 - 2015-12-21 11:15 - 08534942 _____ C:\Users\VadimSch\Documents\Track 25 - 3.wav
2015-12-21 11:14 - 2015-12-21 11:14 - 00017488 _____ C:\Users\VadimSch\Documents\Track 25 - 2.sfk
2015-12-21 11:12 - 2015-12-21 11:14 - 04462542 _____ C:\Users\VadimSch\Documents\Track 25 - 2.wav
2015-12-21 11:12 - 2015-12-21 11:12 - 01006990 _____ C:\Users\VadimSch\Documents\Track 25 - 1.wav
2015-12-21 11:12 - 2015-12-21 11:12 - 00003992 _____ C:\Users\VadimSch\Documents\Track 25 - 1.sfk
2015-12-15 14:49 - 2015-12-15 14:49 - 00435960 _____ C:\Users\VadimSch\Documents\Track 11 - 33.sfk
2015-12-15 14:40 - 2015-12-15 14:49 - 111591130 _____ C:\Users\VadimSch\Documents\Track 11 - 33.wav
2015-12-14 13:58 - 2015-12-14 13:58 - 00279600 _____ C:\Users\VadimSch\Documents\Track 10 - 40.sfk
2015-12-14 13:51 - 2015-12-14 13:58 - 71563734 _____ C:\Users\VadimSch\Documents\Track 10 - 40.wav
2015-12-14 13:51 - 2015-12-14 13:51 - 00405528 _____ C:\Users\VadimSch\Documents\Track 10 - 39.sfk
2015-12-14 13:42 - 2015-12-14 13:51 - 103800822 _____ C:\Users\VadimSch\Documents\Track 10 - 39.wav
2015-12-12 11:21 - 2015-12-12 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-01-11 22:02 - 2012-05-30 20:33 - 00000000 ____D C:\Users\VadimSch\AppData\Local\LogMeIn Hamachi
2016-01-11 21:51 - 2012-05-06 21:29 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\Skype
2016-01-11 21:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-11 21:48 - 2015-09-17 15:44 - 00000000 ____D C:\Users\VadimSch\Downloads\INTERNET
2016-01-11 21:46 - 2013-08-31 16:52 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-11 21:36 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-11 21:36 - 2009-07-14 05:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-11 21:26 - 2014-09-28 21:38 - 00000482 ____H C:\Windows\Tasks\SW-Booster-S-792098896.job
2016-01-11 21:26 - 2014-03-12 17:31 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 21:26 - 2013-12-30 21:50 - 00000450 ____H C:\Windows\Tasks\GS.Enabler-S-4560858878.job
2016-01-11 21:26 - 2012-04-25 13:23 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-11 21:26 - 2012-04-23 16:30 - 00000000 ____D C:\Users\VadimSch\AppData\LocalLow\AuthenTec
2016-01-11 21:25 - 2014-03-12 17:31 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 21:25 - 2013-01-11 22:12 - 00000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-01-11 21:24 - 2011-12-06 01:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-11 21:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-11 21:19 - 2012-04-23 16:38 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DCD8292C-B58C-4E8F-A561-212FBD884528}
2016-01-11 21:14 - 2012-04-24 13:20 - 00000000 ____D C:\ProgramData\MFAData
2016-01-11 18:21 - 2014-09-18 12:02 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\OBS
2016-01-11 16:11 - 2012-04-24 13:09 - 00000000 ____D C:\Users\VadimSch\AppData\Local\Adobe
2016-01-11 15:25 - 2014-08-11 18:01 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\.minecraft
2016-01-11 13:48 - 2012-07-22 20:52 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\Get Me Tones
2016-01-11 13:27 - 2014-11-19 11:50 - 00000000 ____D C:\Users\VadimSch\AppData\Local\Avg
2016-01-11 13:22 - 2013-04-08 16:13 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2016-01-11 11:23 - 2012-04-23 17:26 - 00000000 ____D C:\Users\VadimSch\AppData\Local\CrashDumps
2016-01-11 10:58 - 2013-12-31 16:18 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForVadimSch
2016-01-11 10:58 - 2013-12-31 16:18 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForVadimSch.job
2016-01-11 09:06 - 2015-10-15 03:18 - 00000000 ____D C:\Users\VadimSch\Documents\Telltale Games
2016-01-11 08:41 - 2012-07-13 23:15 - 00052224 ___SH C:\Users\VadimSch\Thumbs.db
2016-01-10 19:06 - 2014-11-02 23:22 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\Spotify
2016-01-10 19:06 - 2014-11-02 23:22 - 00000000 ____D C:\Users\VadimSch\AppData\Local\Spotify
2016-01-10 08:18 - 2012-05-06 21:29 - 00000000 ____D C:\ProgramData\Skype
2016-01-09 03:32 - 2014-03-16 11:32 - 00000000 ____D C:\ProgramData\AVG2014
2016-01-09 03:32 - 2013-03-08 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-09 03:32 - 2012-04-24 13:22 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-08 15:02 - 2012-05-15 19:46 - 00000132 _____ C:\Users\VadimSch\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-01-08 02:05 - 2011-12-06 01:43 - 04084906 _____ C:\Windows\system32\perfh007.dat
2016-01-08 02:05 - 2011-12-06 01:43 - 01200610 _____ C:\Windows\system32\perfc007.dat
2016-01-08 02:05 - 2009-07-14 06:13 - 00006248 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-07 05:22 - 2012-09-25 15:21 - 00000000 ____D C:\Users\VadimSch\Desktop\Müll
2016-01-06 17:40 - 2015-12-08 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-06 05:35 - 2012-11-08 21:20 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\TS3Client
2016-01-02 14:47 - 2013-08-31 16:52 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 14:47 - 2012-05-01 09:35 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 14:47 - 2011-12-06 02:09 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 00:38 - 2012-10-06 23:33 - 00004184 _____ C:\Windows\System32\Tasks\Red Giant Link
2016-01-02 00:37 - 2012-10-06 23:30 - 00000000 ____D C:\Program Files (x86)\Red Giant Link
2016-01-01 14:14 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-31 16:00 - 2015-12-07 08:42 - 00000000 ____D C:\Users\VadimSch\Desktop\BILDER
2015-12-30 18:55 - 2015-12-07 03:33 - 00000000 ____D C:\Users\VadimSch\Downloads\FB
2015-12-30 15:11 - 2013-08-24 01:10 - 00000000 ____D C:\ProgramData\Origin
2015-12-29 21:35 - 2015-11-04 15:59 - 00000000 ____D C:\Users\VadimSch\Desktop\world
2015-12-28 17:49 - 2015-02-19 13:46 - 00000000 ____D C:\Users\VadimSch\AppData\Local\Steam
2015-12-27 03:59 - 2015-12-03 05:20 - 00231496 _____ C:\Users\VadimSch\Desktop\1000.veg
2015-12-27 03:58 - 2015-12-03 05:20 - 00231496 _____ C:\Users\VadimSch\Desktop\1000.veg.bak
2015-12-25 21:23 - 2014-03-05 23:29 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\.minecraft - Kopie
2015-12-25 21:22 - 2014-10-16 23:48 - 00000000 ____D C:\Users\VadimSch\AppData\Roaming\Craften Terminal
2015-12-24 06:29 - 2015-12-04 23:43 - 75206099 _____ C:\Users\VadimSch\Desktop\1000.wmv
2015-12-23 21:34 - 2012-07-05 20:31 - 00000000 ____D C:\Users\VadimSch\AppData\Local\ElevatedDiagnostics
2015-12-18 01:45 - 2015-04-04 21:45 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 01:45 - 2015-04-04 21:45 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-17 01:09 - 2013-08-24 01:10 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-12 11:21 - 2014-02-02 13:03 - 00000000 ____D C:\Users\VadimSch\AppData\Local\Skype
2015-12-12 11:21 - 2012-05-06 21:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-12 11:16 - 2014-03-17 14:08 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2015-12-12 01:58 - 2012-10-27 13:13 - 00000132 _____ C:\Users\VadimSch\AppData\Roaming\Adobe GIF Format CS5 Prefs
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2011-12-06 02:18 - 2011-06-10 00:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
2012-07-03 03:21 - 2012-07-04 04:43 - 0035840 _____ (inject) C:\Program Files (x86)\java.exe
2015-02-15 18:29 - 2015-01-23 17:57 - 0000226 _____ () C:\Program Files (x86)\update-StrandedDeeep.bat
2015-02-15 18:29 - 2014-05-25 14:38 - 0000732 _____ () C:\Program Files (x86)\visit-www.nosteam.ro.html
2012-10-27 13:13 - 2015-12-12 01:58 - 0000132 _____ () C:\Users\VadimSch\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-05-15 19:46 - 2016-01-08 15:02 - 0000132 _____ () C:\Users\VadimSch\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-10-23 12:17 - 2014-10-23 12:17 - 0000034 _____ () C:\Users\VadimSch\AppData\Roaming\AdobeWLCMCache.dat
2013-02-19 21:19 - 2015-11-23 12:57 - 0007872 _____ () C:\Users\VadimSch\AppData\Roaming\wklnhst.dat
2014-03-25 00:03 - 2014-03-25 00:04 - 0001456 _____ () C:\Users\VadimSch\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2012-05-05 21:06 - 2015-10-17 21:44 - 0007168 _____ () C:\Users\VadimSch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-11 11:10 - 2014-01-11 11:10 - 0000747 _____ () C:\Users\VadimSch\AppData\Local\recently-used.xbel
2013-12-19 00:09 - 2015-11-06 23:02 - 0007605 _____ () C:\Users\VadimSch\AppData\Local\Resmon.ResmonCfg
2012-09-08 14:11 - 2012-10-14 17:58 - 1145382 _____ () C:\Users\VadimSch\AppData\Local\Tempmusic.ogg
2012-05-24 16:25 - 2012-05-24 16:25 - 0000000 _____ () C:\ProgramData\572b58ac425e104366dce5a68ca00016_c
Einige Dateien in TEMP:
====================
C:\Users\VadimSch\AppData\Local\Temp\2p05vwla.dll
C:\Users\VadimSch\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\VadimSch\AppData\Local\Temp\avguirn_082031720114.exe
C:\Users\VadimSch\AppData\Local\Temp\dlLogic.exe
C:\Users\VadimSch\AppData\Local\Temp\dltr.exe
C:\Users\VadimSch\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\VadimSch\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-1183068587957861509.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-3593852418273907528.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-1.6.4-R2.0-21-gcf51e92-b2938jnks.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-b2974jnks.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.9-R0.1-10-g8688bd4-b3092jnks.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-1000456169996201291.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-246792996108380285.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-2685910179321165608.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-3925754483656889814.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-4798921350539596804.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-5196446297337682147.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-5858937964392960964.dll
C:\Users\VadimSch\AppData\Local\Temp\jansi-64-git-Bukkit-62a2169-6107350127946113414.dll
C:\Users\VadimSch\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\VadimSch\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\VadimSch\AppData\Local\Temp\nvStInst.exe
C:\Users\VadimSch\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\VadimSch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\VadimSch\AppData\Local\Temp\SMSetup.exe
C:\Users\VadimSch\AppData\Local\Temp\sonarinst.exe
C:\Users\VadimSch\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\VadimSch\AppData\Local\Temp\tmbfzpxo.dll
C:\Users\VadimSch\AppData\Local\Temp\tmd_34019867.exe
C:\Users\VadimSch\AppData\Local\Temp\verifier.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-01-11 17:40
==================== Ende von FRST.txt ============================
|
| Themen zu Windows 7: Webseiten werden auf Werbung umgeleitet |
| adware, antivirus, avg, browser, dankbar, dnsapi.dll, fenster, gefunde, heute, hoffe, inject, launch, neue, neuen, nichts, probiert, programm, remove, secure search, tab, tool, umgeleitet, versuch, webseite, webseiten, werbung, windows, windows 7, windows adware, wirklich |
Baum-Darstellung