| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DWWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2013, 17:10
| #1 |
 |  JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW Hallo zusammen, seit mehr als einer Woche versuche ich nun irgendwie meine Webseite (joomla 1.7) zu reinigen. AVIRA hat folgende Infekte gefunden: file: sys.php -> PHP/IRCBOT.DW file: jquery.min.js + json2.min.js -> JS/BlacoleRef.DH.1 files: alle index.php der templates\themes -> JS/EXP.Redir.EL.7 ..leider habe ich kein Backup, das ich einfach so aufspiele könnte, deshalb hab ich alles auf nen Stick gesichert, diesen mit AVIRA gescannt und gereinigt. Es scheint soweit nun alles erst einmal sauber zu sein (hoffe ich). Wie kann ich nun die in Quarantäne befindlichen Files reinigen und wiederherstellen ? AVIRA lässt mich diese zwar wiederherstellen, kann diese aber dann nicht editieren ? Was sind das überhaupt für Infekte ? Geht des überhaupt diese zu reinigen, oder MUSS ich komplett neu aufsetzen ?? Vielen dank für eure Hilfe, ..und viele Grüße! |
|
16.06.2013, 17:45
| #2 |
| /// Helfer-Team  | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW Log von Antivir so erstellen: http://www.trojaner-board.de/125889-...en-posten.html dann: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
16.06.2013, 21:47
| #3 |
| | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW Danke John fuer die schnelle Antwort,
__________________bin bis morgen abend unterwegs und busy, ..werde dann schnellst moeglich logs aufbereiten und posten, bis dann, ciao |
|
17.06.2013, 10:33
| #4 |
| /// Helfer-Team | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW Alles klar  |
|
17.06.2013, 15:04
| #5 |
| | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW hi John, hier das Event log von avira: ---------------------------------- Exportierte Ereignisse: 17.06.2013 15:17 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 17.06.2013 15:13 [Email Schutz] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.1.1236 Engine Version: 7.11.85.4 VDF Version: 7.11.85.4 17.06.2013 15:13 [Browser-Schutz] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.06.07.1236 Engine Version: 8.2.12.60 VDF Version: 7.11.85.4 17.06.2013 15:13 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.60 VDF Version: 7.11.85.4 17.06.2013 15:13 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.60 VDF Version: 7.11.85.4 17.06.2013 15:13 [FireWall] Dienst aktiviert Der Dienst ist aktiviert. 17.06.2013 15:13 [FireWall] Dienst gestartet Service gestartet. Service-Version: 13.6.0.992 Treiber avfwot.sys: 13.6.0.618 Treiber avfwim.sys: 13.6.0.618 17.06.2013 15:12 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 16.06.2013 18:12 [Email Schutz] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 18:12 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 18:12 [Browser-Schutz] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 18:12 [FireWall] Dienst gestoppt Dienst beendet. 16.06.2013 18:12 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 16.06.2013 17:26 [System-Scanner] Malware gefunden Die Datei 'G:\templates\theme796\index.php' enthielt einen Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 55b24b36.qua erstellt ( QUARANTÄNE ). Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d2564b9.qua' verschoben! 16.06.2013 17:26 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 829 Anzahl Verzeichnisse: 0 Anzahl Malware: 1 Anzahl Warnungen: 0 16.06.2013 17:25 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\templates\theme796\index.php' wurde ein Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 17:25 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\templates\theme796\index.php' wurde ein Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 17:24 [System-Scanner] Malware gefunden Die Datei 'G:\jquery.min.js' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 55da46fc.qua erstellt ( QUARANTÄNE ). Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d4d6933.qua' verschoben! 16.06.2013 17:24 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 838 Anzahl Verzeichnisse: 0 Anzahl Malware: 1 Anzahl Warnungen: 0 16.06.2013 17:23 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\jquery.min.js' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 17:22 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\jquery.min.js' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 17:22 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\jquery.min.js' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner 16.06.2013 17:21 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\jquery.min.txt.js' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 17:21 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\jquery.min.txt.js' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 17:21 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\jquery.min.txt.js' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus] gefunden. Ausgeführte Aktion: Übergeben an Scanner 16.06.2013 17:20 [Echtzeit-Scanner] Malware gefunden In der Datei 'G:\jquery.min.js' wurde ein Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern 16.06.2013 16:14 [Updater] Update erfolgreich durchgeführt Update von Avira Internet Security auf Computer CHRIS-NOTEBOOK (192.168.2.104) erfolgreich durchgeführt. Folgende Dateien wurden von "hxxp://89.105.213.22/update" aktualisiert: webcat1.dat webcat3.dat webcat4.dat vbase024.vdf 7.11.84.233 vbase025.vdf 7.11.84.234 vbase026.vdf 7.11.84.235 vbase027.vdf 7.11.84.236 vbase028.vdf 7.11.84.237 vbase029.vdf 7.11.84.238 vbase030.vdf 7.11.84.239 vbase031.vdf 7.11.85.4 aevdf.dat 7.11.85.4 16.06.2013 16:14 [Echtzeit-Scanner] Engine neu geladen Die Engine wurde neu geladen. Engine Version: 8.2.12.60 VDF Version: 7.11.85.4 16.06.2013 16:13 [Planer] Auftrag gestartet Auftrag "Automatisches Update" wurde erfolgreich gestartet. 16.06.2013 16:09 [Browser-Schutz] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.06.07.1236 Engine Version: 8.2.12.60 VDF Version: 7.11.84.172 16.06.2013 16:09 [Email Schutz] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.1.1236 Engine Version: 7.11.84.172 VDF Version: 7.11.84.172 16.06.2013 16:09 [Echtzeit-Scanner] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.778 Engine Version: 8.2.12.60 VDF Version: 7.11.84.172 16.06.2013 16:09 [Hilfsdienst] Dienst gestartet Der Dienst wurde gestartet. Dienst Version: 13.6.0.1262 Engine Version: 8.2.12.60 VDF Version: 7.11.84.172 16.06.2013 16:09 [FireWall] Dienst aktiviert Der Dienst ist aktiviert. 16.06.2013 16:09 [FireWall] Dienst gestartet Service gestartet. Service-Version: 13.6.0.992 Treiber avfwot.sys: 13.6.0.618 Treiber avfwim.sys: 13.6.0.618 16.06.2013 16:08 [Planer] Dienst gestartet Der Dienst wurde gestartet. Dienst Version 13.6.0.778 15.06.2013 22:53 [Email Schutz] Dienst gestoppt Der Dienst wurde gestoppt. 15.06.2013 22:53 [Browser-Schutz] Dienst gestoppt Der Dienst wurde gestoppt. 15.06.2013 22:53 [FireWall] Dienst gestoppt Dienst beendet. 15.06.2013 22:53 [Planer] Dienst gestoppt Der Dienst wurde gestoppt. 15.06.2013 22:53 [Echtzeit-Scanner] Dienst gestoppt Der Dienst wurde gestoppt. 15.06.2013 22:52 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 6974 Anzahl Verzeichnisse: 1409 Anzahl Malware: 0 Anzahl Warnungen: 0 15.06.2013 22:41 [System-Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 77786 Anzahl Verzeichnisse: 1409 Anzahl Malware: 8 Anzahl Warnungen: 0 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\templates\atomic\index.php' enthielt einen Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 7cda057c.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\templates\beez5\index.php' enthielt einen Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 00c2452d.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\templates\system\index.php' enthielt einen Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 4c7a6964.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\templates\theme796\index.php' enthielt einen Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 33615b18.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\templates\beez_20\index.php' enthielt einen Virus oder unerwünschtes Programm 'JS/EXP.Redir.EL.7' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 76e57620.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\json2.min.js' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 42866ca7.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\sys.php' enthielt einen Virus oder unerwünschtes Programm 'PHP/IRCBOT.DW' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 10dd3645.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. 15.06.2013 22:40 [System-Scanner] Malware gefunden Die Datei 'G:\jquery.min.js' enthielt einen Virus oder unerwünschtes Programm 'JS/BlacoleRef.DH.1' [virus]. Durchgeführte Aktion(en): Eine Sicherungskopie wurde unter dem Namen 5a0b4302.qua erstellt ( QUARANTÄNE ). Die Datei wurde gelöscht. ..und hier der log von mbar, merci schon mal fuers durchschaun! ------------------------------------------------------------------------- teil 1 ------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.17.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Chris :: CHRIS-NOTEBOOK [administrator] 17.06.2013 16:12:33 mbar-log-2013-06-17 (16-12-33).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 343205 Time elapsed: 34 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. HKCU\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 c:\$Recycle.Bin\S-1-5-21-3248064742-4290630259-595298440-1001\$85583decc1bd0d7daec73c6ee2b0b0c0\U (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3248064742-4290630259-595298440-1001\$85583decc1bd0d7daec73c6ee2b0b0c0\L (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3248064742-4290630259-595298440-1001\$85583decc1bd0d7daec73c6ee2b0b0c0 (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 2 c:\$Recycle.Bin\S-1-5-21-3248064742-4290630259-595298440-1001\$85583decc1bd0d7daec73c6ee2b0b0c0\@ (Trojan.Siredef.C) -> Delete on reboot. c:\$Recycle.Bin\S-1-5-21-3248064742-4290630259-595298440-1001\$85583decc1bd0d7daec73c6ee2b0b0c0\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) ..und noch der teil 2 von mbar: ------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.06.17.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Chris :: CHRIS-NOTEBOOK [administrator] 17.06.2013 17:58:14 mbar-log-2013-06-17 (17-58-14).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 343025 Time elapsed: 35 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
|
17.06.2013, 23:25
| #6 |
| /// Helfer-Team | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW ok! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW |
|
18.06.2013, 04:20
| #7 |
| | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW ..hi John, so, hier die scan Ergebnisse von farbar's scan tool ----------------------------------------------------------------------- ..zuerst die first.txt ------------------------ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-06-2013 01
Ran by Chris (administrator) on 18-06-2013 05:14:22
Running from C:\Users\Chris\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(hxxp://code.google.com/p/TortoiseGit) C:\Program Files\TortoiseGit\bin\TGitCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.)
HKCU\...\Run: [syshost32] C:\Users\Chris\AppData\Local\{8B636E8B-A04E-160E-4F1E-23792E89FF27}\syshost.exe [x]
MountPoints2: H - H:\AutoRun.exe
MountPoints2: I - I:\AutoRun.exe
MountPoints2: {035ec619-5f81-11e1-b70c-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {035ec658-5f81-11e1-b70c-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {2a630f79-6098-11e1-920c-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {2a630f7f-6098-11e1-920c-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {38c30660-5f8a-11e1-a0e6-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {38c30685-5f8a-11e1-a0e6-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {38c30693-5f8a-11e1-a0e6-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {39a9a48d-63ca-11e1-aba2-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {45c10c8f-60a4-11e1-909f-386077ca45ff} - I:\AutoRun.exe
MountPoints2: {5cbc79bb-6099-11e1-acda-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {5cbc7a58-6099-11e1-acda-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {9a206c88-984d-11e2-ab58-005056c00008} - G:\EasySuite.exe
MountPoints2: {d8622a8a-4d6c-11e1-a473-386077ca45ff} - G:\EasySuite.exe
MountPoints2: {fa600eb6-5f7c-11e1-8007-386077ca45ff} - H:\AutoRun.exe
MountPoints2: {fa600ec4-5f7c-11e1-8007-386077ca45ff} - H:\AutoRun.exe
HKLM-x32\...\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe" [371200 2011-02-23] (shbox.de)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
ProxyServer: satg-proxy.sat.schuler.de:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
HKLM SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
HKLM-x32 SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
HKCU SearchScopes: DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110231&tt=0213_1&babsrc=SP_ss&mntrId=22ab479d00000000000000ffd6cb04c4
SearchScopes: HKCU - {1A84AA1B-6052-4B34-B814-048BBD7764B3} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=ad45e268-1660-4aea-b5d4-1354d3806ada&apn_sauid=7A0C396B-8242-4437-8313-44B909A36B64
SearchScopes: HKCU - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: Aplicación auxiliar de inicio de sesión en la cuenta Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
BHO-x32: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://download.flatcast.net/objects/NpFv522.dll
Handler: msdaipp - No CLSID Value -
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default
FF SelectedSearchEngine: Search the web (Babylon)
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: TVU Web Player - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Extensions\firefox@tvunetworks.com
FF Extension: Ask Toolbar - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Extensions\toolbar@ask.com
FF Extension: AOL DE Toolbar - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Extensions\{43196362-5378-448b-8944-f097fa65e932}
FF Extension: Searchqu Toolbar - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: DownloadHelper - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: DealPly - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-09] (Advanced Micro Devices, Inc.)
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [657120 2013-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-05-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [562744 2013-05-02] (Avira Operations GmbH & Co. KG)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation)
S4 GFNEXSrv; C:\Windows\system32\GFNEXSrv.exe [161592 2012-02-01] ()
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-04-04] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-04-04] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-02-25] (Bytemobile, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-02-25] (Bytemobile, Inc.)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-02-25] (Bytemobile, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-26] (Microsoft Corporation)
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP2\WNt500x64\Sandra.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-18 05:14 - 2013-06-18 05:14 - 00000000 ____D C:\FRST
2013-06-18 05:09 - 2013-06-18 05:09 - 01926844 ____A (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2013-06-17 16:11 - 2013-06-17 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-17 16:09 - 2013-06-17 18:49 - 00000000 ____D C:\Users\Chris\Desktop\mbar
2013-06-17 16:06 - 2013-06-17 16:06 - 13169742 ____A C:\Users\Chris\Desktop\mbar-1.06.0.1003.zip
2013-06-17 16:01 - 2013-06-17 16:01 - 00021478 ____A C:\Users\Chris\Documents\Ereignisse.txt
2013-06-16 18:02 - 2013-06-16 18:02 - 00000131 ____A C:\Users\Chris\Documents\trojaner.txt
2013-06-16 18:01 - 2013-06-16 18:01 - 00000118 ____A C:\Users\Chris\Desktop\trojanerBoard.url
2013-06-16 17:19 - 2013-06-16 17:19 - 00001232 ____A C:\Users\Chris\Desktop\INFECTED.lnk
2013-06-11 09:55 - 2013-06-11 10:21 - 00000708 ____A C:\Users\Chris\Documents\commentsInterfaces.txt
2013-06-11 09:33 - 2013-06-11 09:33 - 00001477 ____A C:\Users\Chris\.recently-used.xbel
2013-06-09 10:31 - 2013-06-09 10:56 - 00000312 ____A C:\Users\Chris\Documents\minecraft.html
2013-06-09 10:28 - 2013-06-09 10:55 - 00000332 ____A C:\Users\Chris\Documents\wot.html
2013-06-09 10:10 - 2013-06-09 10:55 - 00000702 ____A C:\Users\Chris\Documents\nils_table.html
2013-06-06 13:58 - 2013-06-06 14:02 - 00000577 ____A C:\Users\Chris\Documents\mvc.txt
2013-06-03 15:20 - 2013-06-03 15:29 - 00010484 ____A C:\Users\Chris\Documents\storageMapping.xlsx
2013-06-01 14:26 - 2013-06-01 14:46 - 00000179 ____A C:\Users\Chris\Documents\nils_3.html
2013-06-01 13:34 - 2013-06-01 14:09 - 00014630 ____A C:\Users\Chris\Documents\PartData.xlsx
2013-06-01 13:26 - 2013-06-01 13:26 - 00151040 ____A C:\Users\Chris\Documents\Copy of pte_tsg_technischeArtikel.xls
2013-06-01 10:59 - 2013-06-01 11:34 - 00027059 ____A C:\Users\Chris\Documents\RawPart.xlsx
2013-06-01 10:42 - 2013-06-01 10:58 - 01114112 ____A C:\Users\Chris\Documents\rohmaterial.accdb
2013-06-01 10:41 - 2013-06-01 10:47 - 00013004 ____A C:\Users\Chris\Documents\rohmaterial_metalle_besch.xlsx
2013-06-01 10:33 - 2013-06-01 10:46 - 00018974 ____A C:\Users\Chris\Documents\rohmaterial_metalle_ges.xlsx
2013-06-01 10:15 - 2013-06-01 10:42 - 00012318 ____A C:\Users\Chris\Documents\rohmaterial_metalle.xlsx
2013-05-30 09:03 - 2013-05-30 09:03 - 00002381 ____A C:\Users\Chris\Documents\guy.cs
2013-05-29 08:15 - 2013-06-17 17:51 - 00032100 ____A C:\Windows\PFRO.log
2013-05-27 18:39 - 2013-05-27 18:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Schuler_Automation_GmbH_&
2013-05-27 18:39 - 2013-05-27 18:39 - 00000000 ____D C:\Users\Chris\AppData\Local\Schuler_Automation_GmbH_&
2013-05-27 13:46 - 2013-06-18 04:58 - 00013938 ____A C:\Windows\setupact.log
2013-05-27 13:46 - 2013-05-27 13:46 - 00000000 ____A C:\Windows\setuperr.log
2013-05-27 11:46 - 2013-05-27 11:47 - 00000217 ____A C:\Users\Chris\Desktop\Fundamt Bgh.url
2013-05-27 09:58 - 2013-05-27 09:58 - 00035414 ____A C:\Users\Chris\Documents\cc_20130527_095803.reg
2013-05-27 05:47 - 2013-05-27 05:47 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-05-26 17:06 - 2013-05-26 17:12 - 00000555 ____A C:\Users\Chris\Documents\phones.txt
2013-05-24 17:27 - 2013-05-24 17:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Schuler_Automation_Gemmin
2013-05-24 17:27 - 2013-05-24 17:27 - 00000000 ____D C:\Users\Chris\AppData\Local\Schuler_Automation_Gemmin
2013-05-24 15:40 - 2013-05-24 15:40 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-05-24 15:06 - 2013-05-24 15:10 - 00000000 ____D C:\Windows\System32\1031
2013-05-24 14:07 - 2013-05-24 14:09 - 00000000 ____D C:\Users\Chris\Documents\Microsoft Visual Studio Ultimate 2012
2013-05-24 14:06 - 2013-05-24 14:59 - 00000000 ____D C:\c76b87029f7f806dab543256deac495e
2013-05-24 14:05 - 2013-05-24 14:05 - 00000015 ____A C:\Users\Chris\Documents\vs2012_localDB.txt
2013-05-20 22:35 - 2013-05-20 22:35 - 00000000 ____D C:\Users\Chris\Documents\Visual Studio 2005
2013-05-20 20:19 - 2013-05-20 20:19 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-05-20 20:19 - 2013-05-20 20:19 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-05-20 20:15 - 2011-06-17 21:18 - 00105824 ____A (Microsoft Corporation) C:\Windows\System32\SQSRVRES.DLL
2013-05-20 20:14 - 2013-05-20 20:14 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2005
2013-05-20 20:14 - 2013-05-20 20:14 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2005
2013-05-20 19:37 - 2010-04-03 11:51 - 00047456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-20 19:37 - 2010-04-03 10:57 - 00077152 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-20 19:36 - 2010-04-03 11:51 - 00073568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2013-05-20 19:36 - 2010-04-03 10:57 - 00079200 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2013-05-20 19:35 - 2013-05-20 19:35 - 00000000 ____D C:\Users\Chris\Documents\Integration Services Script Component
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____D C:\Users\Chris\Documents\Integration Services Script Task
2013-05-20 19:33 - 2013-06-13 11:23 - 00000000 ____D C:\Users\Chris\Documents\SQL Server Management Studio
2013-05-20 19:32 - 2013-05-20 19:32 - 00000000 ____D C:\Windows\System32\RsFx
2013-05-20 19:26 - 2013-05-20 19:26 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-05-20 19:22 - 2013-05-20 19:22 - 00000000 ____D C:\Users\Chris\Documents\Visual Studio 2008
2013-05-20 19:18 - 2013-05-20 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-05-20 19:17 - 2013-05-20 19:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-05-20 19:16 - 2013-05-24 15:10 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-05-20 19:16 - 2013-05-24 15:10 - 00000000 ____D C:\Windows\System32\1033
2013-05-20 17:46 - 2013-05-20 18:14 - 00000426 ____A C:\Users\Chris\Documents\installSQL_Server.txt
2013-05-20 10:38 - 2013-05-20 10:38 - 00000000 ____D C:\Users\Chris\AppData\Local\Microsoft_Corporation
2013-05-20 10:07 - 2013-04-05 07:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-20 10:07 - 2013-04-05 06:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-20 10:07 - 2013-04-05 06:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-20 10:06 - 2013-04-05 08:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-20 10:06 - 2013-04-05 08:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-20 10:06 - 2013-04-05 08:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-20 10:06 - 2013-04-05 08:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-20 10:06 - 2013-04-05 08:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-20 10:06 - 2013-04-05 07:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-20 10:06 - 2013-04-05 07:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-20 10:06 - 2013-04-05 07:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-20 10:06 - 2013-04-05 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-20 10:06 - 2013-04-05 05:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-20 09:59 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-20 09:59 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-20 09:59 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-20 09:59 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-20 09:59 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-20 09:59 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-20 09:59 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-20 09:59 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-20 09:59 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-20 09:59 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-20 09:59 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-20 09:59 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-20 09:59 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-20 09:59 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-20 09:59 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-20 08:44 - 2013-05-20 08:44 - 00104842 ____A C:\Users\Chris\Documents\relegation.pptx
==================== One Month Modified Files and Folders =======
2013-06-18 05:14 - 2013-06-18 05:14 - 00000000 ____D C:\FRST
2013-06-18 05:14 - 2009-07-14 06:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 05:14 - 2009-07-14 06:45 - 00016848 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 05:09 - 2013-06-18 05:09 - 01926844 ____A (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2013-06-18 05:01 - 2013-02-26 14:56 - 00000000 ____D C:\Users\Chris\AppData\Local\TGitCache
2013-06-18 05:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\inetsrv
2013-06-18 04:59 - 2013-01-17 09:11 - 00000000 ____D C:\ProgramData\VMware
2013-06-18 04:59 - 2012-09-21 18:45 - 00000292 ____A C:\Windows\Tasks\AutoKMS.job
2013-06-18 04:58 - 2013-05-27 13:46 - 00013938 ____A C:\Windows\setupact.log
2013-06-18 04:58 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-17 18:54 - 2012-02-01 17:01 - 01661795 ____A C:\Windows\WindowsUpdate.log
2013-06-17 18:49 - 2013-06-17 16:09 - 00000000 ____D C:\Users\Chris\Desktop\mbar
2013-06-17 18:44 - 2012-09-22 18:43 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-06-17 18:17 - 2012-06-15 06:32 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-17 17:51 - 2013-05-29 08:15 - 00032100 ____A C:\Windows\PFRO.log
2013-06-17 16:11 - 2013-06-17 16:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-17 16:06 - 2013-06-17 16:06 - 13169742 ____A C:\Users\Chris\Desktop\mbar-1.06.0.1003.zip
2013-06-17 16:01 - 2013-06-17 16:01 - 00021478 ____A C:\Users\Chris\Documents\Ereignisse.txt
2013-06-16 18:02 - 2013-06-16 18:02 - 00000131 ____A C:\Users\Chris\Documents\trojaner.txt
2013-06-16 18:01 - 2013-06-16 18:01 - 00000118 ____A C:\Users\Chris\Desktop\trojanerBoard.url
2013-06-16 17:19 - 2013-06-16 17:19 - 00001232 ____A C:\Users\Chris\Desktop\INFECTED.lnk
2013-06-16 17:18 - 2012-02-02 10:20 - 00000000 ____D C:\Users\Chris\AppData\Roaming\FileZilla
2013-06-16 17:16 - 2012-01-16 11:05 - 00000000 ____D C:\upload
2013-06-15 22:34 - 2012-02-02 01:46 - 00820046 ____A C:\Windows\System32\perfh007.dat
2013-06-15 22:34 - 2012-02-02 01:46 - 00193290 ____A C:\Windows\System32\perfc007.dat
2013-06-15 22:34 - 2009-07-14 11:31 - 00857606 ____A C:\Windows\System32\perfh00A.dat
2013-06-15 22:34 - 2009-07-14 11:31 - 00204946 ____A C:\Windows\System32\perfc00A.dat
2013-06-15 22:34 - 2009-07-14 07:13 - 03007404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 11:58 - 2013-01-08 16:21 - 00000000 ____D C:\Users\Chris\Documents\Visual Studio 2012
2013-06-14 11:55 - 2012-10-13 12:37 - 00000600 ____A C:\Users\Chris\AppData\Local\PUTTY.RND
2013-06-14 10:11 - 2012-02-06 00:01 - 00000000 ____D C:\Users\Chris\AppData\Local\FreePDF_XP
2013-06-13 13:16 - 2012-01-09 19:33 - 00000000 ____D C:\download
2013-06-13 11:23 - 2013-05-20 19:33 - 00000000 ____D C:\Users\Chris\Documents\SQL Server Management Studio
2013-06-12 17:21 - 2012-02-07 19:45 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2013-06-12 10:17 - 2012-04-01 09:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 10:17 - 2012-02-02 00:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 13:38 - 2012-07-17 11:20 - 00000000 ____D C:\Users\Chris\Documents\PersBackup
2013-06-11 10:21 - 2013-06-11 09:55 - 00000708 ____A C:\Users\Chris\Documents\commentsInterfaces.txt
2013-06-11 09:33 - 2013-06-11 09:33 - 00001477 ____A C:\Users\Chris\.recently-used.xbel
2013-06-11 09:33 - 2012-02-05 00:09 - 00000000 ____D C:\Users\Chris\AppData\Roaming\gtk-2.0
2013-06-11 09:33 - 2012-02-02 10:23 - 00000000 ____D C:\Users\Chris\.gimp-2.6
2013-06-11 09:33 - 2012-02-01 18:58 - 00000000 ____D C:\users\Chris
2013-06-09 12:09 - 2012-10-03 15:48 - 00000000 ____D C:\Users\Chris\Desktop\games
2013-06-09 10:56 - 2013-06-09 10:31 - 00000312 ____A C:\Users\Chris\Documents\minecraft.html
2013-06-09 10:55 - 2013-06-09 10:28 - 00000332 ____A C:\Users\Chris\Documents\wot.html
2013-06-09 10:55 - 2013-06-09 10:10 - 00000702 ____A C:\Users\Chris\Documents\nils_table.html
2013-06-06 14:02 - 2013-06-06 13:58 - 00000577 ____A C:\Users\Chris\Documents\mvc.txt
2013-06-03 15:29 - 2013-06-03 15:20 - 00010484 ____A C:\Users\Chris\Documents\storageMapping.xlsx
2013-06-03 11:34 - 2013-01-17 09:15 - 00000000 ____D C:\Users\Chris\AppData\Local\VMware
2013-06-03 11:26 - 2013-01-17 09:15 - 00000000 ____D C:\Users\Chris\AppData\Roaming\VMware
2013-06-01 14:54 - 2012-02-07 16:11 - 00000000 ____D C:\Users\Chris\Documents\Any Video Converter
2013-06-01 14:46 - 2013-06-01 14:26 - 00000179 ____A C:\Users\Chris\Documents\nils_3.html
2013-06-01 14:09 - 2013-06-01 13:34 - 00014630 ____A C:\Users\Chris\Documents\PartData.xlsx
2013-06-01 13:26 - 2013-06-01 13:26 - 00151040 ____A C:\Users\Chris\Documents\Copy of pte_tsg_technischeArtikel.xls
2013-06-01 11:34 - 2013-06-01 10:59 - 00027059 ____A C:\Users\Chris\Documents\RawPart.xlsx
2013-06-01 10:58 - 2013-06-01 10:42 - 01114112 ____A C:\Users\Chris\Documents\rohmaterial.accdb
2013-06-01 10:47 - 2013-06-01 10:41 - 00013004 ____A C:\Users\Chris\Documents\rohmaterial_metalle_besch.xlsx
2013-06-01 10:46 - 2013-06-01 10:33 - 00018974 ____A C:\Users\Chris\Documents\rohmaterial_metalle_ges.xlsx
2013-06-01 10:42 - 2013-06-01 10:15 - 00012318 ____A C:\Users\Chris\Documents\rohmaterial_metalle.xlsx
2013-06-01 09:50 - 2012-02-02 10:20 - 00001967 ____A C:\Users\Public\Desktop\FileZilla Client.lnk
2013-06-01 09:50 - 2012-02-02 10:20 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-05-30 09:03 - 2013-05-30 09:03 - 00002381 ____A C:\Users\Chris\Documents\guy.cs
2013-05-30 08:59 - 2013-04-19 19:40 - 00004168 ____A C:\Users\Chris\Documents\Guy.shfbproj_Chris
2013-05-30 08:58 - 2013-04-19 19:20 - 00000000 ____D C:\Users\Chris\AppData\Local\Eric_Woodruff
2013-05-27 18:39 - 2013-05-27 18:39 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Schuler_Automation_GmbH_&
2013-05-27 18:39 - 2013-05-27 18:39 - 00000000 ____D C:\Users\Chris\AppData\Local\Schuler_Automation_GmbH_&
2013-05-27 13:46 - 2013-05-27 13:46 - 00000000 ____A C:\Windows\setuperr.log
2013-05-27 11:47 - 2013-05-27 11:46 - 00000217 ____A C:\Users\Chris\Desktop\Fundamt Bgh.url
2013-05-27 09:58 - 2013-05-27 09:58 - 00035414 ____A C:\Users\Chris\Documents\cc_20130527_095803.reg
2013-05-27 09:50 - 2011-01-16 05:57 - 00000000 ____D C:\Windows\Panther
2013-05-27 05:47 - 2013-05-27 05:47 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-05-27 05:47 - 2012-07-12 19:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-27 05:47 - 2012-02-07 19:45 - 00000000 ____D C:\ProgramData\Skype
2013-05-26 17:12 - 2013-05-26 17:06 - 00000555 ____A C:\Users\Chris\Documents\phones.txt
2013-05-24 17:27 - 2013-05-24 17:27 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Schuler_Automation_Gemmin
2013-05-24 17:27 - 2013-05-24 17:27 - 00000000 ____D C:\Users\Chris\AppData\Local\Schuler_Automation_Gemmin
2013-05-24 17:20 - 2009-07-14 06:45 - 00447264 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-24 17:04 - 2013-01-08 14:11 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-24 16:02 - 2012-02-01 23:11 - 00119312 ____A C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-24 15:58 - 2012-09-22 11:49 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-05-24 15:58 - 2012-02-03 09:53 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-24 15:57 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-05-24 15:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild
2013-05-24 15:41 - 2013-01-08 16:00 - 00000000 ____D C:\Program Files\IIS Express
2013-05-24 15:41 - 2013-01-08 16:00 - 00000000 ____D C:\Program Files (x86)\IIS Express
2013-05-24 15:40 - 2013-05-24 15:40 - 00000000 ____D C:\Program Files (x86)\NuGet
2013-05-24 15:39 - 2013-01-08 15:59 - 00000000 ____D C:\Program Files\IIS
2013-05-24 15:21 - 2013-01-08 15:44 - 00000000 ____D C:\Windows\SysWOW64\1031
2013-05-24 15:15 - 2013-01-08 15:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-05-24 15:15 - 2012-05-16 13:18 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2013-05-24 15:10 - 2013-05-24 15:06 - 00000000 ____D C:\Windows\System32\1031
2013-05-24 15:10 - 2013-05-20 19:16 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-05-24 15:10 - 2013-05-20 19:16 - 00000000 ____D C:\Windows\System32\1033
2013-05-24 15:09 - 2013-01-08 15:43 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-05-24 15:09 - 2013-01-08 15:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-05-24 15:06 - 2012-02-03 09:22 - 02961164 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-24 14:59 - 2013-05-24 14:06 - 00000000 ____D C:\c76b87029f7f806dab543256deac495e
2013-05-24 14:09 - 2013-05-24 14:07 - 00000000 ____D C:\Users\Chris\Documents\Microsoft Visual Studio Ultimate 2012
2013-05-24 14:05 - 2013-05-24 14:05 - 00000015 ____A C:\Users\Chris\Documents\vs2012_localDB.txt
2013-05-23 10:39 - 2012-02-02 10:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-21 08:23 - 2013-01-21 09:59 - 00000000 ___RD C:\Users\Chris\Desktop\SCHULER
2013-05-20 22:35 - 2013-05-20 22:35 - 00000000 ____D C:\Users\Chris\Documents\Visual Studio 2005
2013-05-20 22:35 - 2012-02-02 10:03 - 00000000 ____D C:\Users\Chris\AppData\Local\Microsoft Help
2013-05-20 21:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-20 20:19 - 2013-05-20 20:19 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2013-05-20 20:19 - 2013-05-20 20:19 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2013-05-20 20:14 - 2013-05-20 20:14 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2005
2013-05-20 20:14 - 2013-05-20 20:14 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2005
2013-05-20 19:35 - 2013-05-20 19:35 - 00000000 ____D C:\Users\Chris\Documents\Integration Services Script Component
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____D C:\Users\Chris\Documents\Integration Services Script Task
2013-05-20 19:32 - 2013-05-20 19:32 - 00000000 ____D C:\Windows\System32\RsFx
2013-05-20 19:29 - 2012-02-03 09:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-05-20 19:26 - 2013-05-20 19:26 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-05-20 19:22 - 2013-05-20 19:22 - 00000000 ____D C:\Users\Chris\Documents\Visual Studio 2008
2013-05-20 19:19 - 2013-05-20 19:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-05-20 19:17 - 2013-05-20 19:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-05-20 18:14 - 2013-05-20 17:46 - 00000426 ____A C:\Users\Chris\Documents\installSQL_Server.txt
2013-05-20 10:38 - 2013-05-20 10:38 - 00000000 ____D C:\Users\Chris\AppData\Local\Microsoft_Corporation
2013-05-20 10:16 - 2012-02-02 00:44 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-20 08:44 - 2013-05-20 08:44 - 00104842 ____A C:\Users\Chris\Documents\relegation.pptx
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 12:27
==================== End Of Log ============================
--- --- --- ..dann die Addition.txt --------------------------- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-06-2013 01 Ran by Chris at 2013-06-18 05:16:25 Run: Running from C:\Users\Chris\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Tools for .Net 3.5 - DEU Lang Pack (Version: 3.11.50727) Tools for .Net 3.5 (Version: 3.11.50727) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe AIR (Version: 3.7.0.1860) Adobe Digital Editions Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Amazon MP3-Downloader 1.0.17 (Version: 1.0.17) AMD APP SDK Runtime (Version: 10.0.831.4) AMD Catalyst Install Manager (Version: 3.0.855.0) AMD Fuel (Version: 2011.1109.2212.39826) AMD Media Foundation Decoders (Version: 1.0.61109.2218) AMD VISION Engine Control Center (Version: 2011.1109.2212.39826) Any Video Converter 3.3.3 Any Video Converter 5 5.0.2 AOL DE Toolbar Apple Application Support (Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Ask Toolbar (Version: 1.12.2.0) Aspell 0.6 Dictionary (Language: de) Aspell 0.6 Dictionary (Language: en) Aspell 0.6 Dictionary (Language: es) Aspell 0.6 Dictionary (Language: fr) Aspell Data aTube Catcher (Version: 2.9.1347) Audio MP3 Editor 6.30 ava-sign 4.4.1.2004 - (Version: 4.4.1.2004) Avira Internet Security (Version: 13.0.0.3640) Beyond Compare Version 3.3.5 Blend for Visual Studio 2012 (Version: 5.0.30709.0) Blend for Visual Studio 2012 DEU resources (Version: 5.0.30709.0) Blend for Visual Studio Add-in for Adobe FXG Import (Version: 1.0.40218.0) Blend for Visual Studio SDK for .NET 4.5 (Version: 3.0.40218.0) Blend for Visual Studio SDK for Silverlight 5 (Version: 3.0.40218.0) calibre (Version: 0.8.39) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2212.39826) Catalyst Control Center InstallProxy (Version: 2011.1109.2212.39826) Catalyst Control Center Localization All (Version: 2011.1109.2212.39826) CCC Help English (Version: 2011.1109.2211.39826) ccc-utility64 (Version: 2011.1109.2212.39826) CyberGhost VPN D3DX10 (Version: 15.4.2368.0902) DA DVD Ripper (Version: 2.8) DealPly (Version: ) DebugMode Wink Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Der Herr der Ringe Online v03.03.05.8039 (Version: 03.03.05.8039) Devenv-Ressourcen für Microsoft Visual Studio 2012 (Version: 11.0.50727) Dotfuscator and Analytics Community Edition (Version: 5.5.4521.29298) Dotfuscator and Analytics Community Edition Language Pack (Version: 5.5.4521.29298) DotNET35SP1Setup1 (Version: 1.0.0.3) Driver Sweeper Version 3.2.0 (Version: 3.2.0) Emergency 2012 Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.21009.00) Entity Framework Designer für Visual Studio 2012 - DEU (Version: 11.1.21009.00) ePub DRM Removal (Version: 1.4.1) Erforderliche Komponenten für SSDT (Version: 11.0.2100.60) FastStone Photo Resizer 3.1 (Version: 3.1) FileZilla Client 3.7.0.2 (Version: 3.7.0.2) Fotogalerie (Version: 16.4.3503.0728) Free FLV Converter V 7.3.0 (Version: 7.3.0.0) FreePDF (Remove only) FreeRIP v3.66 (Version: 3.66) Galaxy on Fire 2™ Full HD Garmin Communicator Plugin x64 (Version: 4.0.3) Garmin Lifetime Updater (Version: 2.1.11) GIMP 2.6.11 (Version: 2.6.11) Git Extensions 2.43 (Version: 2.43) Git version 1.8.0-preview20121022 (Version: 1.8.0-preview20121022) GNU Midnight Commander version 4.8.4 (beta) (build: 20120815-159) (Version: 4.8.4 (beta) (build: 20120815-159)) GPGNet (Version: 1.0.0) GPL Ghostscript (Version: 9.04) Hamster Free EbookConverter (Version: 1.0.0.13) HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.50.231.0) HP Officejet 6500 E710a-f Hilfe (Version: 140.0.2.2) IBM Standalone Solutions Configuration Tool (Version: 1.46.0) IIS 8.0 Express (Version: 8.0.1557) IIS Express Application Compatibility Database for x64 IIS Express Application Compatibility Database for x86 Inkscape 0.48.2 (Version: 0.48.2) Java 7 Update 7 (64-bit) (Version: 7.0.70) Java Auto Updater (Version: 2.0.7.1) Java SE Development Kit 7 Update 7 (64-bit) (Version: 1.7.0.70) Java(TM) 6 Update 35 (Version: 6.0.350) JavaScript Tooling (Version: 11.0.60315) KB Client (Version: 040.001.09600) KB Server - Dynamic Help (Version: 4.4.0.0) KB Server - Experion R400 (Version: 4.4.0.0) KB Server - Fail Safe Controller (FSC) R600 (Version: 4.4.0.0) KB Server - Knowledge Builder Tools (Version: 4.4.0.0) KB Server - LIOM R400 (Version: 4.4.0.0) KB Server - OneWireless R120 (Version: 4.6.0.22) KB Server - Safety Manager R140 (Version: 4.5.0.18) KB Server - UniSim R300 (Version: 4.5.0.18) KDiff3 (remove only) K-Lite Codec Pack 5.2.0 (Full) (Version: 5.2.0) Knowledge Builder (Version: 4.6.0000) Legalsounds Download Manager (Version: 1.4.9) LegalSounds Music Downloader 1.8 LocalESPC (Version: 8.59.25584) LocalESPCui for de-de (Version: 8.59.25584) Locate32 LyX 1.6.7-4 (Version: 1.6.7-4) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile ESN Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709) Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (Version: 4.5.50709) Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709) Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft ASP.NET MVC 3 - DEU (Version: 3.0.20105.0) Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update - DEU (Version: 3.0.30710.0) Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update (Version: 3.0.30710.0) Microsoft ASP.NET MVC 3 (Version: 3.0.20105.0) Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - DEU (Version: 4.1.20219.0) Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU (Version: 4.1.20219.0) Microsoft ASP.NET MVC 4 Runtime - DEU (Version: 4.0.20710.0) Microsoft ASP.NET MVC 4 Runtime (Version: 4.0.20710.0) Microsoft ASP.NET Web Pages - DEU (Version: 1.0.20105.0) Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools - DEU (Version: 1.0.20710.0) Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools (Version: 1.0.20710.0) Microsoft ASP.NET Web Pages (Version: 1.0.20105.0) Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - DEU (Version: 4.1.20219.0) Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU (Version: 4.1.20219.0) Microsoft ASP.NET Web Pages 2 Runtime - DEU (Version: 2.0.20710.0) Microsoft ASP.NET Web Pages 2 Runtime (Version: 2.0.20715.0) Microsoft Expression Blend SDK for .NET 4 (Version: 2.0.20525.0) Microsoft Expression Blend SDK for Silverlight 4 (Version: 2.0.20525.0) Microsoft FrontPage Client - German (Version: 7.00.9209) Microsoft FrontPage Server Extensions 2002 for Windows Server 2008 (Version: 10.0.6819.0) Microsoft Help Viewer 2.0 (Version: 2.0.50727) Microsoft Help Viewer 2.0 Language Pack - DEU (Version: 2.0.50727) Microsoft LightSwitch for Visual Studio 2012 Core (Version: 11.0.50727) Microsoft LightSwitch for Visual Studio 2012 v3.0 Core (Version: 11.0.60308) Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - DEU (Version: 11.0.60308) Microsoft LightSwitch für Visual Studio 2012 CoreRes - DEU (Version: 11.0.50727) Microsoft NuGet - Visual Studio 2012 (Version: 2.0.30625.9003) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access database engine 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Portable Library Multi-Targeting Pack (Version: 11.0.60130.00) Microsoft Portable Library Multi-Targeting Pack Language Pack - deu (Version: 11.0.50709.17929) Microsoft Report Viewer Add-On for Visual Studio 2012 (Version: 11.1.2802.16) Microsoft Report Viewer Add-On für Visual Studio 2012 (Version: 11.1.2802.16) Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731) Microsoft Report Viewer Redistributable 2008 SP1 Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Silverlight 4 SDK - Deutsch (Version: 4.0.60310.0) Microsoft Silverlight 5 SDK - DEU (Version: 5.0.61118.0) Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22) Microsoft SQL Server 2008 R2 (64-bit) Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1) Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0) Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0) Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0) Microsoft SQL Server 2012 Command Line Utilities (Version: 11.0.2100.60) Microsoft SQL Server 2012 Data-Tier App Framework (Version: 11.0.2316.0) Microsoft SQL Server 2012 Express LocalDB (Version: 11.0.2100.60) Microsoft SQL Server 2012 Management Objects (Version: 11.0.2100.60) Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60) Microsoft SQL Server 2012 Native Client (Version: 11.0.2100.60) Microsoft SQL Server 2012 Transact-SQL Compiler Service (Version: 11.0.2100.60) Microsoft SQL Server 2012 Transact-SQL ScriptDom (Version: 11.0.2100.60) Microsoft SQL Server 2012 T-SQL Language Service (Version: 11.0.2100.60) Microsoft SQL Server Browser (Version: 10.51.2500.0) Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (Version: 4.0.8876.1) Microsoft SQL Server Data Tools - DEU (11.1.20627.00) (Version: 11.1.20627.00) Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20627.00) (Version: 11.1.20627.00) Microsoft SQL Server System CLR Types (Version: 10.50.1600.1) Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1600.1) Microsoft SQL Server VSS Writer (Version: 10.51.2500.0) Microsoft VC9 runtime libraries (Version: 2.0.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 32bit Compilers - DEU Resources (Version: 11.0.60315) Microsoft Visual C++ 2012 Compilers - DEU Resources (Version: 11.0.50727) Microsoft Visual C++ 2012 Compilers - DEU Resources (Version: 11.0.60315) Microsoft Visual C++ 2012 Compilers (Version: 11.0.60315) Microsoft Visual C++ 2012 Core Libraries (Version: 11.0.51106) Microsoft Visual C++ 2012 Extended Libraries (Version: 11.0.60315) Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86-x64 Compilers (Version: 11.0.60315) Microsoft Visual J# .NET Redistributable Package 1.1 (Version: 1.1.4322) Microsoft Visual J# 2.0 Redistributable Package Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727) Microsoft Visual Studio .NET Professional 2003 - Deutsch Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 11.0.50727) Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 11.0.50727) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN (Version: 10.0.40303) Microsoft Visual Studio 2012 Devenv (Version: 11.0.50727) Microsoft Visual Studio 2012 IntelliTrace Core amd64 (Version: 11.0.60315) Microsoft Visual Studio 2012 IntelliTrace Core x86 (Version: 11.0.60315) Microsoft Visual Studio 2012 IntelliTrace Front End x86 (Version: 11.0.60315) Microsoft Visual Studio 2012 IntelliTraceFrontEndLoc (Version: 11.0.60315) Microsoft Visual Studio 2012 IntelliTraceLoc (Version: 11.0.60315) Microsoft Visual Studio 2012 SharePoint Developer Tools (Version: 11.0.50727) Microsoft Visual Studio 2012 SharePoint Developer Tools DEU Language Pack (Version: 11.0.50727) Microsoft Visual Studio 2012 Shell (Minimum) (Version: 11.0.50727) Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (Version: 11.0.50727) Microsoft Visual Studio 2012 Shell-(Mindest)-Ressourcen (Version: 11.0.50727) Microsoft Visual Studio 2012 Tools für SQL Server Compact 4.0 SP1 DEU (Version: 4.0.8876.1) Microsoft Visual Studio 2012-Leistungserfassungstools - DEU (Version: 11.0.50727) Microsoft Visual Studio 2012-Leistungserfassungstools (Version: 11.0.50727) Microsoft Visual Studio 2012-Vorbereitung (Version: 11.0.50727) Microsoft Visual Studio Premium 2012 - DEU (Version: 11.0.50727) Microsoft Visual Studio Premium 2012 (Version: 11.0.50727) Microsoft Visual Studio Professional 2012 - DEU (Version: 11.0.50727) Microsoft Visual Studio Professional 2012 (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.60315) Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - DEU (Version: 11.0.60315) Microsoft Visual Studio Team Foundation Server 2012 Storyboarding (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - DEU (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (Version: 11.0.50727) Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - DEU (Version: 11.0.50727) Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191) Microsoft Visual Studio Ultimate 2012 - DEU (Version: 11.0.50727) Microsoft Visual Studio Ultimate 2012 (Version: 11.0.50727) Microsoft Visual Studio Ultimate 2012 (Version: 11.0.50727.1) Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (Version: 11.0.50727) Microsoft Visual Studio Ultimate 2012 XAML UI Designer deu Resources (Version: 11.0.50727) Microsoft Web Deploy 3.0 (Version: 3.1236.1631) Microsoft Web Deploy dbSqlPackage Provider - DEU (Version: 10.3.20225.0) Microsoft Web Developer Tools 2012.2 - Visual Studio 2012 - deu (Version: 1.2.40308.0) Microsoft Web Developer Tools 2012.2 - Visual Studio 2012 (Version: 1.2.40308.0) Microsoft Web Platform Installer 4.0 (Version: 4.0.1622) Microsoft-System-CLR-Typen für SQL Server 2012 (Version: 11.0.2100.60) Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (Version: 11.0.2100.60) MiKTeX 2.9 (Version: 2.9) Movie Maker (Version: 16.4.3503.0728) Mozilla Firefox 9.0.1 (x86 de) (Version: 9.0.1) Mozilla Maintenance Service (Version: 17.0.5) Mozilla Thunderbird 17.0.5 (x86 de) (Version: 17.0.5) mp3-2-wav converter 1.14 MSDN Library für Visual Studio .NET 2003 - Deutsch (Version: 7.38.3093) MSVCRT (Version: 15.4.2862.0708) MSVCRT110 (Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1108.0727) MyPhoneExplorer (Version: 1.8.4) Need for Speed™ Most Wanted Notepad++ (Version: 5.9.8) Nur Entfernen der CopyTrans Suite möglich (Version: 2.34) NVIDIA PhysX (Version: 9.10.0513) OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140) Pando Media Booster (Version: 2.6.0.6) Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (Version: 4.0.30319) Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (Version: 10.0.40303) Personal Backup 5.3 (Version: 5.3) Photo Gallery (Version: 16.4.3503.0728) PNotes 9.1.0 (Version: 9.1.0) PreEmptive Analytics Client German Language Pack (Version: 1.0.2180.1) PreEmptive Analytics Visual Studio Components (Version: 1.0.2180.1) Protect Disc License Helper 1.0.118 (Version: 1.0.118) Realtek WLAN Driver (Version: 2.00.0016) RedMon - Redirection Port Monitor Sandcastle Documentation Compiler Tools (Version: 2.7.3.0) Sandcastle Help File Builder (Version: 1.9.7.0) Service Pack 1 para SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0) Skype™ 6.3 (Version: 6.3.107) Smart Flash Recovery v. 2.0 (Version: 2.0) SonicStage 4.3 (Version: 4.3) SopCast 2.0.4 (Version: 2.0.4) SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0) SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0) Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1) StarUML 5.0.2.1570 Steam (Version: 1.0.0.0) Supreme Commander - Forged Alliance (Version: 1.00.0000) TeamViewer 8 (Version: 8.0.16642) TortoiseGit 1.7.15.0 (64 bit) (Version: 1.7.15.0) TOSHIBA Value Added Package (Version: 1.5.10.64) UltraCompare (Version: 8.40.1008) UltraEdit (Version: 18.20.1021) Universal Document Converter (Demo) (Version: 5.3) Update for (KB2504637) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Update for Microsoft Visual Studio 2012 (KB2781514) (Version: 11.0.50727) Veetle TV (Version: 0.9.19) Video DVD Maker v3.30.0.75 Visual J# .NET Redistributable 1.1- German Language Pack (Version: 1.1.4322) Visual Studio .NET Professional 2003 - German (Version: 7.1.3088) Visual Studio 2012 Prerequisites - DEU Language Pack (Version: 11.0.50727) Visual Studio 2012 Prerequisites (Version: 11.0.50727) Visual Studio 2012 Update 2 (KB2707250) (Version: 11.0.60315) Visual Studio Extensions for Windows Library for JavaScript (Version: 1.0.9201.20602) Visual Studio.NET Baseline - German (Version: 7.1.3088) VMware Player (Version: 5.0.1) Vodafone Mobile Broadband (Version: 10.2.103.31248) WCF Data Services 5.0 (for OData v3) DEU Language Pack (Version: 5.0.50628.0) WCF Data Services 5.0 (for OData v3) Primary Components (Version: 5.0.50628.0) WCF Data Services Tools for Microsoft Visual Studio 2012 (Version: 5.0.50710.0) WCF Data Services Tools for Visual Studio 11 DEU Language Pack (Version: 5.0.50710.0) WCF RIA Services V1.0 SP2 (Version: 4.1.61829.0) web'n'walk Manager (Version: 11.002.07.22.55) Windows App Certification Kit Native Components (Version: 8.59.29736) Windows App Certification Kit x64 (Version: 8.59.29750) Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012 (Version: 1.8.60301.1601) Windows Azure Tools für LightSwitch HTML Client für Visual Studio 2012 (DEU) (Version: 1.8.60301.1601) Windows Live Communications Platform (Version: 16.4.3503.0728) Windows Live Essentials (Version: 16.4.3503.0728) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 16.4.3503.0728) Windows Live Photo Common (Version: 16.4.3503.0728) Windows Live PIMT Platform (Version: 16.4.3503.0728) Windows Live SOXE (Version: 16.4.3503.0728) Windows Live SOXE Definitions (Version: 16.4.3503.0728) Windows Live UX Platform (Version: 16.4.3503.0728) Windows Live UX Platform Language Pack (Version: 16.4.3503.0728) Windows Movie Maker 2.6 (Version: 2.6.4037.0) Windows Runtime Intellisense Content - de-de (Version: 8.59.25584) Windows Searchqu Toolbar (Version: 3.0.0.117623) Windows Software Development Kit (Version: 8.59.25584) Windows Software Development Kit DirectX x64 Remote (Version: 8.59.25584) Windows Software Development Kit DirectX x86 Remote (Version: 8.59.25584) Windows Software Development Kit for Windows Store Apps (Version: 8.59.25584) Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.59.25584) Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (Version: 8.59.25584) Windows XP Targeting with C++ (Version: 11.0.51106) x64 Components v3.7.8 (Version: 3.7.8) Xshell 4 (Version: 4.0.0125) Zero Assumption Recovery Version 9 ==================== Restore Points ========================= 01-06-2013 10:57:22 Punto de control programado 10-06-2013 10:27:37 Punto de control programado 17-06-2013 15:20:40 Punto de control programado 17-06-2013 15:48:49 Malwarebytes Anti-Rootkit Restore Point ==================== Scheduled Tasks (whitelisted) ============= Task: {04A007AA-538C-4A2E-A42C-7555B29AD735} - System32\Tasks\SidebarExecute => C:\Program Files\WINDOWS SIDEBAR\SIDEBAR.EXE [2010-11-20] (Microsoft Corporation) Task: {0845A508-EA04-43A5-8D98-15A8D1A171F7} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {086440A5-6829-45BB-BA10-A7C516A92915} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {11EC14ED-7BFD-4F41-A34B-B44FE589B803} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-05-17] () Task: {3CDB0E4B-7678-448F-BA05-A8D16BF6C564} - System32\Tasks\{BAB365AB-2FFE-4881-8EAA-E678C475463A} => C:\program files (x86)\internet explorer\iexplore.exe [2013-04-05] (Microsoft Corporation) Task: {487F8ABD-D01B-4A30-BAF0-E051A99B5C24} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {545928C3-460E-4230-933B-08588B165851} - System32\Tasks\{FCBDDFD3-061F-494A-83AB-110573E9AC7C} => C:\program files (x86)\internet explorer\iexplore.exe [2013-04-05] (Microsoft Corporation) Task: {62C3125E-2899-43C5-B02D-83983F92E4D6} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-04-19] (Microsoft Corporation) Task: {62D122C4-14B1-462A-9CEE-26D0156253B4} - System32\Tasks\{9C0CE24C-CBCD-441E-8230-55A7BD2F5FF9} => C:\program files (x86)\internet explorer\iexplore.exe [2013-04-05] (Microsoft Corporation) Task: {72EE78E9-3B84-4CFA-AD36-FBD8E1B9389A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {79783C67-3B31-4AAE-B803-F2C7D43C1078} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => C:\Windows\system32\schtasks.exe [2010-11-20] (Microsoft Corporation) Task: {80CA4B6C-33C4-4446-BB71-08A9575A9863} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo => C:\Windows\system32\gatherNetworkInfo.vbs [2009-06-10] () Task: {8B08E98B-B504-46DD-99AC-8A50F2F59936} - System32\Tasks\{F8EB152D-3656-48AE-967C-EF20E53E1FF9} => C:\program files (x86)\internet explorer\iexplore.exe [2013-04-05] (Microsoft Corporation) Task: {924251A2-6036-456F-B750-18E497534421} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [2012-07-23] (DealPly) Task: {93763F32-6305-4D18-B2CF-1B734BA5018C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-07-23] () Task: {A9B1A36E-5099-48E7-B53B-9394CB96D717} - System32\Tasks\User_Feed_Synchronization-{E80C6CA3-B72B-4C89-8494-842A4F0034F7} => C:\Windows\system32\msfeedssync.exe [2013-04-13] (Microsoft Corporation) Task: {AE74F541-E896-4BBC-AF1E-68B62AEA96B0} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.) Task: {B8DFDD43-571F-42A2-BE79-E98EDBD5A3B0} - System32\Tasks\{4354267D-613D-4B4D-98A0-B87B0315B5D5} => C:\program files (x86)\internet explorer\iexplore.exe [2013-04-05] (Microsoft Corporation) Task: {C5F0F066-AEEE-4E39-B6C1-A44F4A260749} - System32\Tasks\{EF940A7C-3BB1-4562-86F1-03D668474DB5} => C:\program files (x86)\internet explorer\iexplore.exe [2013-04-05] (Microsoft Corporation) Task: {CE3119B8-E3F6-4571-8035-34A5DCF0C51D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation) Task: {EA66FDC3-80D3-43BA-9066-9BB51F1B80AA} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3248064742-4290630259-595298440-1001 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {F5236155-3DDB-452C-8D91-D5919E4D33F3} - System32\Tasks\{405076E2-0E49-4A53-AFFE-F2E969E0585D} => C:\program files (x86)\internet explorer\iexplore.exe [2013-04-05] (Microsoft Corporation) Task: {FECD3867-C0BE-472D-B66C-9077E57B1F3D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) ==================== Faulty Device Manager Devices ============= Name: SM-Bus-Controller Description: SM-Bus-Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/17/2013 05:48:52 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: TraverseDir : Unable to push subdirectory. System Error: Error no especificado . Error: (06/17/2013 05:20:44 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: TraverseDir : Unable to push subdirectory. System Error: Error no especificado . Error: (06/17/2013 05:20:39 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: TraverseDir : Unable to push subdirectory. System Error: Error no especificado . Error: (06/13/2013 01:13:01 PM) (Source: MySQL) (User: ) Description: Column count of mysql.proc is wrong. Expected 20, found 16. Created with MySQL 50041, now running 50146. Please use mysql_upgrade to fix this error. Error: (06/13/2013 01:12:18 PM) (Source: MySQL) (User: ) Description: Event Scheduler: An error occurred when initializing system tables. Disabling the Event Scheduler. Error: (06/13/2013 01:12:18 PM) (Source: MySQL) (User: ) Description: Cannot open mysql.event Error: (06/13/2013 01:12:18 PM) (Source: MySQL) (User: ) Description: mysql.user has no `Event_priv` column at position 29 Error: (06/13/2013 01:12:18 PM) (Source: MySQL) (User: ) Description: Column count of mysql.db is wrong. Expected 22, found 20. Created with MySQL 50041, now running 50146. Please use mysql_upgrade to fix this error. Error: (06/13/2013 01:12:18 PM) (Source: MySQL) (User: ) Description: Can't open and lock privilege tables: Table 'mysql.servers' doesn't exist Error: (06/13/2013 01:12:17 PM) (Source: MySQL) (User: ) Description: Can't open the mysql.plugin table. Please run mysql_upgrade to create it. System errors: ============= Error: (06/18/2013 05:00:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1. Error: (06/17/2013 05:53:35 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1. Error: (06/17/2013 05:49:48 PM) (Source: DCOM) (User: ) Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C} Error: (06/17/2013 05:49:44 PM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (06/17/2013 05:49:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Centro de seguridad" wurde aufgrund folgenden Fehlers nicht gestartet: %%1314 Error: (06/17/2013 05:49:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Firewall de Windows" ist vom Dienst "Motor de filtrado de base" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1290 Error: (06/17/2013 05:49:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Motor de filtrado de base" wurde aufgrund folgenden Fehlers nicht gestartet: %%1290 Error: (06/17/2013 05:49:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Routing und RAS" ist vom Dienst "Motor de filtrado de base" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1290 Error: (06/17/2013 05:49:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Motor de filtrado de base" wurde aufgrund folgenden Fehlers nicht gestartet: %%1290 Error: (06/17/2013 05:49:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Conexión compartida a Internet (ICS)" ist vom Dienst "Motor de filtrado de base" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1290 Microsoft Office Sessions: ========================= Error: (06/17/2013 05:48:52 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: TraverseDir : Unable to push subdirectory. System Error: Error no especificado Error: (06/17/2013 05:20:44 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: TraverseDir : Unable to push subdirectory. System Error: Error no especificado Error: (06/17/2013 05:20:39 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: TraverseDir : Unable to push subdirectory. System Error: Error no especificado Error: (06/13/2013 01:13:01 PM) (Source: MySQL)(User: ) Description: Column count of mysql.proc is wrong. Expected 20, found 16. Created with MySQL 50041, now running 50146. Please use mysql_upgrade to fix this error. Error: (06/13/2013 01:12:18 PM) (Source: MySQL)(User: ) Description: Event Scheduler: An error occurred when initializing system tables. Disabling the Event Scheduler. Error: (06/13/2013 01:12:18 PM) (Source: MySQL)(User: ) Description: Cannot open mysql.event Error: (06/13/2013 01:12:18 PM) (Source: MySQL)(User: ) Description: mysql.user has no `Event_priv` column at position 29 Error: (06/13/2013 01:12:18 PM) (Source: MySQL)(User: ) Description: Column count of mysql.db is wrong. Expected 22, found 20. Created with MySQL 50041, now running 50146. Please use mysql_upgrade to fix this error. Error: (06/13/2013 01:12:18 PM) (Source: MySQL)(User: ) Description: Can't open and lock privilege tables: Table 'mysql.servers' doesn't exist Error: (06/13/2013 01:12:17 PM) (Source: MySQL)(User: ) Description: Can't open the mysql.plugin table. Please run mysql_upgrade to create it. ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 7658.18 MB Available physical RAM: 5833.25 MB Total Pagefile: 15314.54 MB Available Pagefile: 13361.1 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (WINDOWS) (Fixed) (Total:299.02 GB) (Free:51.17 GB) NTFS (Disk=0 Partition=2) Drive d: (Data) (Fixed) (Total:296.76 GB) (Free:67.06 GB) NTFS (Disk=0 Partition=3) Drive f: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)] Drive g: (STICK_NILS) (Removable) (Total:7.37 GB) (Free:7.32 GB) FAT32 (Disk=2 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: F8D79D6B) Partition 1: (Active) - (Size=400 MB) - (Type=27) Partition 2: (Not Active) - (Size=299 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=297 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ |
|
18.06.2013, 14:59
| #8 |
| /// Helfer-Team | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW Scan mit Combofix
dann: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
18.06.2013, 16:27
| #9 |
| | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW hey John, hier der log von combofix: ------------------------------------------- Code:
ATTFilter ComboFix 13-06-18.02 - Chris 18.06.2013 16:56:41.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.3082.18.7658.5850 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\download\SkypeSetup.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\program files (x86)\Smart Flash Recovery
c:\program files (x86)\Smart Flash Recovery\1-2-3 Spyware Free.url
c:\program files (x86)\Smart Flash Recovery\Customize Start Menu.url
c:\program files (x86)\Smart Flash Recovery\Document Trace Remover.url
c:\program files (x86)\Smart Flash Recovery\file_id.diz
c:\program files (x86)\Smart Flash Recovery\history.txt
c:\program files (x86)\Smart Flash Recovery\homepage.url
c:\program files (x86)\Smart Flash Recovery\license.txt
c:\program files (x86)\Smart Flash Recovery\My Privacy.url
c:\program files (x86)\Smart Flash Recovery\readme.txt
c:\program files (x86)\Smart Flash Recovery\Safe Surfer.url
c:\program files (x86)\Smart Flash Recovery\Smart PC.url
c:\program files (x86)\Smart Flash Recovery\SmartFlashRecovery.cnt
c:\program files (x86)\Smart Flash Recovery\SmartFlashRecovery.exe
c:\program files (x86)\Smart Flash Recovery\SmartFlashRecovery.hlp
c:\program files (x86)\Smart Flash Recovery\SmartPC.ico
c:\program files (x86)\Smart Flash Recovery\unins000.dat
c:\program files (x86)\Smart Flash Recovery\unins000.exe
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll
c:\program files (x86)\Windows Searchqu Toolbar\sysid.ini
c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\1-2-3 Spyware Free.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\Customize Start Menu.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\Document Trace Remover.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\My Privacy.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\Safe Surfer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Check other products\Smart PC.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery HomePage.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery ReadMe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Uninstall Smart Flash Recovery.lnk
c:\users\Chris\AppData\Local\assembly\tmp
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\zip32.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-18 bis 2013-06-18 ))))))))))))))))))))))))))))))
.
.
2013-06-18 15:15 . 2013-06-18 15:15 -------- d-----w- c:\users\pipo\AppData\Local\temp
2013-06-18 15:15 . 2013-06-18 15:15 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-06-18 15:15 . 2013-06-18 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-18 13:55 . 2013-06-18 13:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BC60D91-95B8-437A-8B58-FE3A0E0906EE}\offreg.dll
2013-06-18 03:14 . 2013-06-18 03:14 -------- d-----w- C:\FRST
2013-06-17 14:11 . 2013-06-17 14:11 -------- d-----w- c:\programdata\Malwarebytes
2013-05-27 16:39 . 2013-05-27 16:39 -------- d-----w- c:\users\Chris\AppData\Roaming\Schuler_Automation_GmbH_&
2013-05-27 16:39 . 2013-05-27 16:39 -------- d-----w- c:\users\Chris\AppData\Local\Schuler_Automation_GmbH_&
2013-05-27 03:47 . 2013-05-27 03:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-24 15:27 . 2013-05-24 15:27 -------- d-----w- c:\users\Chris\AppData\Roaming\Schuler_Automation_Gemmin
2013-05-24 15:27 . 2013-05-24 15:27 -------- d-----w- c:\users\Chris\AppData\Local\Schuler_Automation_Gemmin
2013-05-24 13:40 . 2013-05-24 13:40 -------- d-----w- c:\program files (x86)\NuGet
2013-05-24 13:06 . 2013-05-24 13:10 -------- d-----w- c:\windows\system32\1031
2013-05-24 12:06 . 2013-05-24 12:59 -------- d-----w- C:\c76b87029f7f806dab543256deac495e
2013-05-23 08:35 . 2013-05-23 08:35 -------- d-----w- c:\program files\Microsoft.NET
2013-05-20 18:15 . 2011-06-17 19:18 105824 ----a-w- c:\windows\system32\SQSRVRES.DLL
2013-05-20 17:37 . 2010-04-03 09:51 47456 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-20 17:37 . 2010-04-03 08:57 77152 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-05-20 17:36 . 2010-04-03 09:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2013-05-20 17:36 . 2010-04-03 08:57 79200 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2013-05-20 17:32 . 2013-05-20 17:32 -------- d-----w- c:\windows\system32\RsFx
2013-05-20 17:26 . 2013-05-20 17:26 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2013-05-20 17:18 . 2013-05-20 17:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-05-20 17:17 . 2013-05-20 17:17 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-05-20 17:16 . 2013-05-24 13:10 -------- d-----w- c:\windows\system32\1033
2013-05-20 17:16 . 2013-05-24 13:10 -------- d-----w- c:\windows\SysWow64\1033
2013-05-20 08:38 . 2013-05-20 08:38 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft_Corporation
2013-05-20 08:07 . 2013-04-05 04:43 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-20 08:07 . 2013-04-05 04:29 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-20 07:59 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 08:17 . 2012-04-01 07:56 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 08:17 . 2012-02-01 22:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-24 15:03 . 2013-01-08 14:24 3972320 ----a-w- c:\programdata\Microsoft\visualstudio\11.0\1031\ResourceCache.dll
2013-05-20 08:16 . 2012-02-01 22:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 11:47 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 08:10 . 2013-05-02 08:10 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-04-13 07:21 . 2013-04-13 07:21 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-13 07:21 . 2013-04-13 07:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-13 07:21 . 2013-04-13 07:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-13 07:21 . 2013-04-13 07:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-13 07:21 . 2013-04-13 07:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-13 07:21 . 2013-04-13 07:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-13 07:21 . 2013-04-13 07:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-13 07:21 . 2013-04-13 07:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-13 07:21 . 2013-04-13 07:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-13 07:21 . 2013-04-13 07:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-13 07:21 . 2013-04-13 07:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-13 07:21 . 2013-04-13 07:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-13 07:21 . 2013-04-13 07:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-13 07:21 . 2013-04-13 07:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-13 07:21 . 2013-04-13 07:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-13 07:21 . 2013-04-13 07:21 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-13 07:21 . 2013-04-13 07:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-13 07:21 . 2013-04-13 07:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-13 07:21 . 2013-04-13 07:21 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-13 07:21 . 2013-04-13 07:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-13 07:21 . 2013-04-13 07:21 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-13 07:21 . 2013-04-13 07:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-13 07:21 . 2013-04-13 07:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-13 07:21 . 2013-04-13 07:21 441856 ----a-w- c:\windows\system32\html.iec
2013-04-13 07:21 . 2013-04-13 07:21 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-13 07:21 . 2013-04-13 07:21 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-13 07:21 . 2013-04-13 07:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-13 07:21 . 2013-04-13 07:21 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-13 07:21 . 2013-04-13 07:21 235008 ----a-w- c:\windows\system32\url.dll
2013-04-13 07:21 . 2013-04-13 07:21 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-13 07:21 . 2013-04-13 07:21 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-13 07:21 . 2013-04-13 07:21 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-13 07:21 . 2013-04-13 07:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-13 07:21 . 2013-04-13 07:21 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-13 07:21 . 2013-04-13 07:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-13 07:21 . 2013-04-13 07:21 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-13 07:21 . 2013-04-13 07:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-13 07:21 . 2013-04-13 07:21 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-13 07:21 . 2013-04-13 07:21 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-13 07:21 . 2013-04-13 07:21 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-13 07:21 . 2013-04-13 07:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-13 07:21 . 2013-04-13 07:21 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-13 07:21 . 2013-04-13 07:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-13 07:21 . 2013-04-13 07:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-13 07:21 . 2013-04-13 07:21 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-13 07:21 . 2013-04-13 07:21 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-13 07:21 . 2013-04-13 07:21 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-13 07:21 . 2013-04-13 07:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-13 07:21 . 2013-04-13 07:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-13 05:49 . 2013-05-20 07:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-20 07:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-20 07:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-20 07:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-20 07:59 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-20 07:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 19:18 . 2013-04-04 19:25 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-04 19:18 . 2013-04-04 19:25 141376 ----a-w- c:\windows\system32\drivers\avfwot.sys
2013-04-04 19:18 . 2013-04-04 19:25 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-04 19:18 . 2013-04-04 19:25 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-04 19:18 . 2013-04-04 19:25 114608 ----a-w- c:\windows\system32\drivers\avfwim.sys
2013-03-21 09:27 . 2012-02-02 11:04 151552 ----a-w- c:\windows\KMSEmulator.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 12:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"DataCardMonitor"=c:\program files (x86)\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
"MobileBroadband"=c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
.
R2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;TsUsbFlt [x]
R4 GFNEXSrv;GFNEX Service;c:\windows\system32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;127.0.0.1;satg-redmine.sat.schuler.de
uInternet Settings,ProxyServer = satg-proxy.sat.schuler.de:3128
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://download.flatcast.net/objects/NpFv522.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\WIA6EB~1\Datamngr\BROWSE~1.DLL
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-syshost32 - c:\users\Chris\AppData\Local\{8B636E8B-A04E-160E-4F1E-23792E89FF27}\syshost.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-Smart Flash Recovery_is1 - c:\program files (x86)\Smart Flash Recovery\unins000.exe
AddRemove-Windows Searchqu Toolbar - c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-18 17:23:18
ComboFix-quarantined-files.txt 2013-06-18 15:23
.
Vor Suchlauf: 18 Verzeichnis(se), 54.216.511.488 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 54.090.784.768 Bytes frei
.
- - End Of File - - B075DC28F9D174BCD85A8569A7FB2993
A36C5E4F47E84449FF07ED3517B43A31
----------------------------------------------- Code:
ATTFilter # AdwCleaner v2.303 - Fichero creado el 18/06/2013 a 17:31:49
# Actualizado el 08/06/2013 por Xplode
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuario : Chris - CHRIS-NOTEBOOK
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\Chris\Desktop\adwcleaner.exe
# Opción [Supresión]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
Carpeta Suprimido : C:\Program Files (x86)\Ask.com
Carpeta Suprimido : C:\Program Files (x86)\FreeRIP3
Carpeta Suprimido : C:\ProgramData\Ask
Carpeta Suprimido : C:\ProgramData\Babylon
Carpeta Suprimido : C:\ProgramData\boost_interprocess
Carpeta Suprimido : C:\ProgramData\FreeRIP
Carpeta Suprimido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Carpeta Suprimido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeRIP3
Carpeta Suprimido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Carpeta Suprimido : C:\Users\Chris\AppData\LocalLow\AskToolbar
Carpeta Suprimido : C:\Users\Chris\AppData\LocalLow\searchquband
Carpeta Suprimido : C:\Users\Chris\AppData\LocalLow\Searchqutoolbar
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\Babylon
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\Media Finder
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\extensions\toolbar@ask.com
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\Searchqutoolbar
Carpeta Suprimido : C:\Users\Chris\AppData\Roaming\OpenCandy
Carpeta Suprimido : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Fichero Suprimido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Fichero Suprimido : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Fichero Suprimido : C:\user.js
Fichero Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\searchplugins\Askcom.xml
Fichero Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\searchplugins\babylon1.xml
Fichero Suprimido : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\searchplugins\Search_Results.xml
Suprimido al reiniciar : C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
***** [Registro] *****
Clave Supprimida : HKCU\Software\APN
Clave Supprimida : HKCU\Software\APN PIP
Clave Supprimida : HKCU\Software\AppDataLow\Software\AskToolbar
Clave Supprimida : HKCU\Software\AppDataLow\Software\searchqutoolbar
Clave Supprimida : HKCU\Software\Ask.com
Clave Supprimida : HKCU\Software\DataMngr_Toolbar
Clave Supprimida : HKCU\Software\DealPly
Clave Supprimida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clave Supprimida : HKCU\Software\MediaFinder
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKCU\Software\PIP
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKCU\Software\5948f8bb03be515
Clave Supprimida : HKCU\Software\effda7ae930d6da
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Clave Supprimida : HKLM\Software\APN
Clave Supprimida : HKLM\Software\AskToolbar
Clave Supprimida : HKLM\Software\Babylon
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Clave Supprimida : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clave Supprimida : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clave Supprimida : HKLM\SOFTWARE\Classes\MF
Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap
Clave Supprimida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Clave Supprimida : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Clave Supprimida : HKLM\Software\DataMngr
Clave Supprimida : HKLM\Software\DealPly
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Clave Supprimida : HKLM\Software\PIP
Clave Supprimida : HKLM\Software\SearchquMediabarTb
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Clave Supprimida : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
***** [Navegadores] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] El registro no contiene ninguna entrada ilegítima.
-\\ Mozilla Firefox v9.0.1 (de)
Fichero : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\prefs.js
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\343393lb.default\user.js ... Suprimido !
Supprimida : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Supprimida : user_pref("extensions.BabylonToolbar.admin", false);
Supprimida : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Supprimida : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Supprimida : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Supprimida : user_pref("extensions.BabylonToolbar.babExt", "");
Supprimida : user_pref("extensions.BabylonToolbar.babTrack", "affID=101067");
Supprimida : user_pref("extensions.BabylonToolbar.bbDpng", 1);
Supprimida : user_pref("extensions.BabylonToolbar.cntry", "DE");
Supprimida : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Supprimida : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Supprimida : user_pref("extensions.BabylonToolbar.dpkLst", "");
Supprimida : user_pref("extensions.BabylonToolbar.excTlbr", false);
Supprimida : user_pref("extensions.BabylonToolbar.hdrMd5", "EB51200BE29AC1357FCED309E89FEBBC");
Supprimida : user_pref("extensions.BabylonToolbar.hmpg", false);
Supprimida : user_pref("extensions.BabylonToolbar.id", "22ab479d00000000000000ffd6cb04c4");
Supprimida : user_pref("extensions.BabylonToolbar.instlDay", "15712");
Supprimida : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Supprimida : user_pref("extensions.BabylonToolbar.lastDP", 1);
Supprimida : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:01:54");
Supprimida : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Supprimida : user_pref("extensions.BabylonToolbar.newTab", true);
Supprimida : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Supprimida : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Supprimida : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"66\",\"lastVrsn\":\"66\",\"vrsnLoad\[...]
Supprimida : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Supprimida : user_pref("extensions.BabylonToolbar.propectorlck", 95633662);
Supprimida : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Supprimida : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Supprimida : user_pref("extensions.BabylonToolbar.rvrt", "false");
Supprimida : user_pref("extensions.BabylonToolbar.sg", "azb");
Supprimida : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Supprimida : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Supprimida : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Supprimida : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Supprimida : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Supprimida : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:01:54");
Supprimida : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Supprimida : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Supprimida : user_pref("extensions.BabylonToolbar_i.babExt", "");
Supprimida : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110231&tt=0213_1");
Supprimida : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Supprimida : user_pref("extensions.BabylonToolbar_i.hardId", "22ab479d000000000000386077ca45ff");
Supprimida : user_pref("extensions.BabylonToolbar_i.id", "22ab479d000000000000386077ca45ff");
Supprimida : user_pref("extensions.BabylonToolbar_i.instlDay", "15372");
Supprimida : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Supprimida : user_pref("extensions.BabylonToolbar_i.newTab", false);
Supprimida : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Supprimida : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Supprimida : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Supprimida : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Supprimida : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Supprimida : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Supprimida : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.210:50:45");
Supprimida : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
*************************
AdwCleaner[S1].txt - [17527 octets] - [18/06/2013 17:31:49]
########## EOF - C:\AdwCleaner[S1].txt - [17588 octets] ##########
|
|
18.06.2013, 17:43
| #10 |
| /// Helfer-Team | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
18.06.2013, 19:31
| #11 |
| | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW ..hier das log file von aswmbr: ------------------------------------ anmerkungen: -> "scan button" war erst deaktiviert, dann wollte ich einen screenshot machen und dann wurde der button aktiv -> absturz waehrend/nach dem scan; nochmal gestartet, AV scan als "None" eingestellt und dann gings ------------------------------------ Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-18 20:25:22
-----------------------------
20:25:22.138 OS Version: Windows x64 6.1.7601 Service Pack 1
20:25:22.138 Number of processors: 4 586 0x100
20:25:22.138 ComputerName: CHRIS-NOTEBOOK UserName: Chris
20:25:23.496 Initialize success
20:26:21.060 AVAST engine defs: 13061800
20:26:29.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
20:26:29.062 Disk 0 Vendor: TOSHIBA_MK6475GSX GT001M Size: 610480MB BusType: 11
20:26:29.234 Disk 0 MBR read successfully
20:26:29.250 Disk 0 MBR scan
20:26:29.265 Disk 0 Windows 7 default MBR code
20:26:29.281 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
20:26:29.312 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 306197 MB offset 821248
20:26:29.359 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 303882 MB offset 627912704
20:26:29.515 Disk 0 scanning C:\Windows\system32\drivers
20:26:50.980 Service scanning
20:28:06.641 Modules scanning
20:28:06.703 Disk 0 trace - called modules:
20:28:06.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:28:06.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e3c060]
20:28:06.843 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8007b6e680]
20:28:06.859 Scan finished successfully
20:29:16.685 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
20:29:16.700 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
|
|
19.06.2013, 07:21
| #12 |
| /// Helfer-Team | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW ok, das kann schon vorkommen. hast du die beiden weiteren Logs schon? |
|
19.06.2013, 22:08
| #13 |
| | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW ..nein ich habe noch kein weiteres log, ESET ist mir irgendwann zwischen der 15. und 18. stunde scanzeit durch den energiesparmodusvrausgeflogen, es gibt kein log, in der anzeige standen 2 founds von irgend einem ..agent.. ..die internetverbindung geht nicht mehr, HILFE!!!! ..nach 6 scans so ein sch.. ich brauch dringend den rechner und meine webseite gefixt, bitte um.schnelle pragmatische hilfe, danke ..uff! habe ESET deinstalliert und nach einem reboot komme ich wieder online, iexplorer ging auch da nicht sofort, erst Firefox online, dann iexplorer, jetzt kann ich erst mal arbeiten.. ..gibt es irgendetwas womit ich dieses ESET beschleunigen kann ? brauchen wir des unbedingt, oder gibt es alternativen ? ..vielen dank fuer eine kurze ruckmeldung & viele gruesse ------------------------------------------------------------ so, habe AVIRA de-installiert und wieder neu installiert, funktioniert jetzt wieder alles einwandfrei.. ..was soll ich jetzt tun ??? erneut ESET starten ? oder gibt's was anderes ..?? |
|
20.06.2013, 12:28
| #14 |
| /// Helfer-Team | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW mit SecurityCheck weitermachen. |
|
20.06.2013, 13:02
| #15 |
| | JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW .. hier das ergebnis vom securityCheck ------------------------------------- Code:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Visual Studio Extensions for Windows Library for JavaScript
Java(TM) 6 Update 35
JavaScript Tooling
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (9.0.1)
Mozilla Thunderbird (17.0.5)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
| Themen zu JS/EXP.Redir.EL.7 + JS/BlacoleRef.DH.1 + PHP/IRCBOT.DW |
| aufsetzen, avira, backup, editiere, editieren, einfach, folge, folgende, gefunde, gescannt, hallo zusammen, hoffe, js/blacoleref.dh.1, js/exp.redir.el.7, komplett, neu, php/ircbot.dw, quarantäne, sauber, schei, stick, versuche, webseite, wiederherstellen, woche, überhaupt, zusammen |
WARNUNG an die MITLESER: 
Linear-Darstellung
