http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner?

baby-lissa · 12.08.2013, 18:22

Mion mion, seit einiger Zeit habe ich den Internet explorer mit volgender Seite hxxp://www_getwindowinfo/ der immer aktiv ist, und als ich adwcleaner06 Installiert habe zum beseitigen kam das Nächszt Problem, der TBUpader.dll der immer starten will aber die Datei nicht findet, zudem kommt noch eine Fehlermeldung Server ausgelastet.
Wie bekomme ich den ganzen mist wieder vom PC? ADWClearner06 und ad aware habe nicht geholfen.
Kann mir hier jemande helfe?
Ich bin kein PC Spezialist also bitte alles in einfachen Worten und Programmen.
Danke im Vorraus

markusg · 12.08.2013, 18:23

Hi, gleich folgt eine Anweisung zu FRST, beachte bitte die Infos die ich in der Additions.txt für die Software liste möchte.
1.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

2.

Empfehlungen fürs Deinstallieren
Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte
hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig

baby-lissa · 12.08.2013, 18:35

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013 02
Ran by Lissi1 (administrator) on 12-08-2013 19:31:57
Running from C:\Users\Lissi1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTDT2QBV
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(Dropbox, Inc.) C:\Users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Windows Net) C:\Users\Lissi1\AppData\Roaming\Windows Net Data\net.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Lissi1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTDT2QBV\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Monitor] - C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [IntelliType Pro] - c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-15] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [HKCU] - C:\Windows\System32\oobe\info\HKCU.vbs [126 2009-11-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled ()
Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Lissi1\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {00B6DEF0-C572-45D3-AF51-CD416F2DA9C0} URL = hxxp://www.bing.com/search?FORM=BDT3DF&PC=BDT3&dt=080613&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - 63D76E6EC6B04284B071A585DCBE8EA6 URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=53E641BF-D5D6-4646-8077-EE58703B9D12&apn_sauid=45E38BAC-10B5-487C-BE1B-F389560F4295
BHO-x32: No Name - {120A8821-2BEE-4C29-BCDA-62C577781992} -  No File
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Deaktivierungs-Add-on für Browser von Google Analytics - {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll (Google, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: HomeTab - {ba696155-d96e-4281-b467-0367a0456474} -  No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM-x32 - No Name - !{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -  No File
Toolbar: HKLM-x32 - No Name - !{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - HomeTab - {ba696155-d96e-4281-b467-0367a0456474} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} -  No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Toolbar: HKCU - No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Chrome: 
=======
CHR HomePage: 		"homepage":	"",
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=080613"
CHR Extension: (Plus-HD-2.4) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.23.29_0
CHR Extension: (Skype Click to Call) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-02-14] (Lavasoft Limited)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-05] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-05] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 SonicStage Back-End Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe [112184 2007-02-05] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 SSScsiSV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe [75320 2007-02-05] (Sony Corporation)
R2 Crypkey License; crypserv.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-05] (Avira Operations GmbH & Co. KG)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-22] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-12 15:59 - 2013-08-12 15:59 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{87BB76C1-82E0-437C-A37C-0433E34C4B33}
2013-08-12 11:03 - 2013-08-12 11:03 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-12 10:59 - 2013-08-12 13:25 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-12 07:17 - 2013-08-12 15:17 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b4eb2f77-0b34-4a31-8e76-89b6cbcecc1b.job
2013-08-12 07:17 - 2013-08-12 13:24 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 33915243-1829-4197-b765-f2f614375d1b.job
2013-08-12 07:17 - 2013-08-12 07:17 - 00003590 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 33915243-1829-4197-b765-f2f614375d1b
2013-08-12 07:17 - 2013-08-12 07:17 - 00003516 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b4eb2f77-0b34-4a31-8e76-89b6cbcecc1b
2013-08-12 07:17 - 2013-08-12 07:17 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-12 06:44 - 2013-08-12 06:44 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-12 06:44 - 2013-08-12 06:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-12 06:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-11 20:06 - 2013-08-12 06:33 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2013-08-11 19:02 - 2013-08-12 19:02 - 00000468 _____ C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2013-08-11 19:02 - 2013-08-11 19:52 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Wise Registry Cleaner
2013-08-11 19:02 - 2013-08-11 19:03 - 00003340 _____ C:\Windows\System32\Tasks\Wise Registry Cleaner Schedule Task
2013-08-11 19:00 - 2013-08-11 19:00 - 00000000 ____D C:\Program Files (x86)\Wise
2013-08-11 18:22 - 2013-08-11 18:22 - 00002676 _____ C:\AdwCleaner[S12].txt
2013-08-11 18:22 - 2013-08-11 18:22 - 00002613 _____ C:\AdwCleaner[R19].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015178 _____ C:\AdwCleaner[R18].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015091 _____ C:\AdwCleaner[S11].txt
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 __SHD C:\found.000
2013-08-10 22:13 - 2013-08-10 22:13 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{FF9A8822-4474-4304-9014-9D112D469C43}
2013-08-09 19:38 - 2013-08-09 19:44 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-09 19:38 - 2013-08-09 19:39 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{776DAD39-B110-4BB8-8E5D-C94A0562B076}
2013-08-08 11:07 - 2013-08-08 11:07 - 00000085 _____ C:\Windows\wininit.ini
2013-08-07 20:00 - 2013-08-12 18:15 - 00001290 _____ C:\Windows\Tasks\Plus-HD-2.4-updater.job
2013-08-07 20:00 - 2013-08-07 20:00 - 00004320 _____ C:\Windows\System32\Tasks\Plus-HD-2.4-updater
2013-08-07 19:59 - 2013-08-12 18:15 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job
2013-08-07 19:59 - 2013-08-12 18:15 - 00001100 _____ C:\Windows\Tasks\Plus-HD-2.4-enabler.job
2013-08-07 19:59 - 2013-08-07 19:59 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-2.4-codedownloader
2013-08-07 19:59 - 2013-08-07 19:59 - 00004130 _____ C:\Windows\System32\Tasks\Plus-HD-2.4-enabler
2013-08-07 19:58 - 2013-08-12 18:15 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.4-chromeinstaller.job
2013-08-07 19:58 - 2013-08-11 16:06 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.4
2013-08-07 18:29 - 2013-08-07 18:29 - 00002180 _____ C:\AdwCleaner[S10].txt
2013-08-07 18:28 - 2013-08-07 18:28 - 00002117 _____ C:\AdwCleaner[R17].txt
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 10:31 - 2013-08-07 10:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-07 10:30 - 2013-08-07 11:35 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:27 - 2013-08-07 10:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lissi1\Downloads\SpyHunter-Installer.exe
2013-08-07 10:23 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-07 10:23 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-07 10:14 - 2013-08-07 10:14 - 00000000 ____D C:\FRST
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-06 18:55 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-06 18:55 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-06 18:20 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-06 18:20 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-06 18:20 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-06 18:20 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-06 18:20 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-06 18:20 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-06 18:20 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-06 18:20 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-06 18:20 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-06 18:20 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-06 18:20 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-06 18:20 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-06 18:20 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-06 18:20 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-06 18:20 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-06 18:20 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-06 18:20 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-06 18:20 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-06 18:20 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-06 18:20 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-06 18:18 - 2013-08-06 18:20 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 18:13 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAW.DLL
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:06 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 18:00 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-06 18:00 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-06 18:00 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-06 18:00 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-06 18:00 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-06 18:00 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:35 - 2013-08-06 14:44 - 00010360 _____ C:\Windows\IE10_main.log
2013-08-06 11:59 - 2013-08-06 11:59 - 00002055 _____ C:\AdwCleaner[R14].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001994 _____ C:\AdwCleaner[R13].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001933 _____ C:\AdwCleaner[R12].txt
2013-08-06 11:48 - 2013-08-06 11:48 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{E669DA13-D1D7-4467-8C6E-03285C19EF68}
2013-08-06 10:56 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-06 10:56 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-06 10:56 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-06 10:56 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-06 10:56 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-06 10:56 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-06 10:56 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-06 10:56 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-06 10:56 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-06 10:56 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-06 10:56 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-06 10:56 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-06 10:56 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-06 10:56 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-06 10:56 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-06 10:56 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-06 10:56 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-06 10:56 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-06 10:56 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-06 10:56 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-06 10:56 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-06 10:56 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-06 10:56 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-06 10:56 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-06 10:56 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-06 10:56 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-06 10:56 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-06 10:56 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-06 10:56 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-06 10:56 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-06 10:54 - 2013-05-08 08:39 - 01910632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-06 10:54 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-06 10:54 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-06 10:54 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-06 10:54 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-06 10:54 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-06 10:54 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-06 10:54 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-06 10:54 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-06 10:54 - 2013-01-03 08:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-08-06 10:54 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-08-06 10:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-06 10:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-06 10:53 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-06 10:53 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-06 10:53 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-06 10:53 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-06 10:53 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-06 10:53 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-06 10:53 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-08-06 10:53 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-08-06 10:53 - 2013-01-04 07:46 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-08-06 10:53 - 2013-01-04 06:51 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-06 10:53 - 2013-01-04 04:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-06 10:53 - 2013-01-04 04:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-06 10:53 - 2013-01-04 04:47 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-06 10:53 - 2013-01-04 04:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-06 10:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-06 10:52 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-06 10:52 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-06 10:52 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-06 10:51 - 2013-05-13 07:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-06 10:51 - 2013-05-13 07:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-06 10:51 - 2013-05-13 07:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-06 10:51 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-06 10:51 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-06 10:51 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-06 10:51 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-06 10:50 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-06 10:50 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-06 10:50 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-06 10:50 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-06 10:50 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-06 10:50 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-06 10:50 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-06 10:50 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-06 10:33 - 2013-08-06 10:33 - 00024422 _____ C:\ComboFix.txt
2013-08-06 10:18 - 2013-08-06 10:33 - 00000000 ____D C:\Qoobox
2013-08-06 10:18 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-06 10:18 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-06 10:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-06 10:18 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-06 10:17 - 2013-08-06 10:32 - 00000000 ____D C:\Windows\erdnt
2013-08-06 10:10 - 2013-08-06 10:10 - 00001872 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:08 - 2013-08-06 10:08 - 00001811 _____ C:\AdwCleaner[R10].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00002038 _____ C:\AdwCleaner[S7].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00001976 _____ C:\AdwCleaner[R9].txt
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:26 - 2013-08-07 00:09 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 12:26 - 2013-08-05 12:26 - 00001714 _____ C:\AdwCleaner[R8].txt
2013-08-05 12:21 - 2013-08-05 12:21 - 00001654 _____ C:\AdwCleaner[R7].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001596 _____ C:\AdwCleaner[S6].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001534 _____ C:\AdwCleaner[R6].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001726 _____ C:\AdwCleaner[S5].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001664 _____ C:\AdwCleaner[R5].txt
2013-08-05 12:01 - 2013-08-05 12:01 - 00666633 _____ C:\Users\Lissi1\Desktop\adwcleaner06.exe
2013-08-05 11:53 - 2013-08-05 11:53 - 00078778 _____ C:\AdwCleaner[R4].txt
2013-08-05 11:53 - 2013-08-05 11:53 - 00033765 _____ C:\AdwCleaner[S4].txt
2013-08-05 11:51 - 2013-08-05 11:51 - 00078717 _____ C:\AdwCleaner[R3].txt
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:42 - 2013-08-05 11:43 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:42 - 2013-08-05 11:35 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:42 - 2013-08-05 11:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-07-27 01:17 - 2013-07-28 13:18 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{FAF84326-4611-466D-B67A-0E297DF11DC0}
2013-07-26 13:22 - 2013-07-26 19:59 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-07-26 13:16 - 2013-07-26 13:16 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{2D21CAF1-E27F-424F-9F6A-3C2B7F8E8FE5}
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:34 - 2013-07-25 19:34 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{79D351A7-86AB-4734-97E9-C42B3C381CD0}
2013-07-25 19:22 - 2013-07-26 13:19 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-07-25 16:48 - 2013-07-25 19:12 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 18:20 - 2013-08-09 12:00 - 00003874 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-07-23 18:20 - 2013-08-01 03:08 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-23 18:20 - 2013-07-29 18:44 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{8B102F25-1113-48D3-9381-DA6E4B9A6BA8}
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 16:53 - 2013-07-22 17:03 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-22 14:42 - 2013-07-22 14:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{8EF11119-F58F-43BF-BC83-8F60387DADED}
2013-07-22 14:41 - 2013-07-14 19:47 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430 - Kopie.mov
2013-07-20 12:08 - 2013-07-20 12:08 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{A2FDA827-159E-4898-9016-E6A1408AFA4C}
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 16:37 - 2013-07-17 17:49 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 16:37 - 2013-07-17 17:49 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-14 18:38 - 2013-07-14 19:47 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430.mov

==================== One Month Modified Files and Folders =======

2013-08-12 19:27 - 2013-05-08 20:36 - 190989312 _____ C:\Users\Lissi1\Outlooklissa.pst
2013-08-12 19:16 - 2013-08-12 19:16 - 00065536 ___HT C:\Users\Lissi1\~Outlooklissa.pst.tmp
2013-08-12 19:16 - 2012-02-04 18:48 - 00000000 ____D C:\Users\Lissi1
2013-08-12 19:02 - 2013-08-11 19:02 - 00000468 _____ C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2013-08-12 18:55 - 2012-05-01 10:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-12 18:44 - 2012-02-04 18:44 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-12 18:23 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-12 18:23 - 2009-07-14 06:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-12 18:19 - 2012-12-24 23:53 - 00004086 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-08-12 18:19 - 2012-12-24 23:51 - 00004122 _____ C:\Windows\System32\Tasks\Software Updater
2013-08-12 18:17 - 2012-10-23 16:44 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Dropbox
2013-08-12 18:16 - 2012-04-13 16:05 - 03431936 ___SH C:\Users\Lissi1\Desktop\Thumbs.db
2013-08-12 18:15 - 2013-08-07 20:00 - 00001290 _____ C:\Windows\Tasks\Plus-HD-2.4-updater.job
2013-08-12 18:15 - 2013-08-07 19:59 - 00001202 _____ C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job
2013-08-12 18:15 - 2013-08-07 19:59 - 00001100 _____ C:\Windows\Tasks\Plus-HD-2.4-enabler.job
2013-08-12 18:15 - 2013-08-07 19:58 - 00001910 _____ C:\Windows\Tasks\Plus-HD-2.4-chromeinstaller.job
2013-08-12 18:15 - 2013-04-04 12:45 - 00009681 _____ C:\Windows\setupact.log
2013-08-12 18:15 - 2013-03-05 20:06 - 00007936 _____ C:\Windows\error.log
2013-08-12 18:15 - 2012-10-23 16:46 - 00000000 ___RD C:\Users\Lissi1\Dropbox
2013-08-12 18:15 - 2012-02-04 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-12 18:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-12 18:14 - 2013-03-05 20:05 - 00003165 _____ C:\Windows\errord.log
2013-08-12 16:15 - 2012-02-04 18:43 - 01513589 _____ C:\Windows\WindowsUpdate.log
2013-08-12 15:59 - 2013-08-12 15:59 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{87BB76C1-82E0-437C-A37C-0433E34C4B33}
2013-08-12 15:17 - 2013-08-12 07:17 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b4eb2f77-0b34-4a31-8e76-89b6cbcecc1b.job
2013-08-12 13:25 - 2013-08-12 10:59 - 00000000 ____D C:\Users\Lissi1\AppData\Local\adawarebp
2013-08-12 13:24 - 2013-08-12 07:17 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 33915243-1829-4197-b765-f2f614375d1b.job
2013-08-12 13:24 - 2012-11-13 07:22 - 00125256 _____ C:\Windows\PFRO.log
2013-08-12 11:03 - 2013-08-12 11:03 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Adobe
2013-08-12 07:17 - 2013-08-12 07:17 - 00003590 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 33915243-1829-4197-b765-f2f614375d1b
2013-08-12 07:17 - 2013-08-12 07:17 - 00003516 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task b4eb2f77-0b34-4a31-8e76-89b6cbcecc1b
2013-08-12 07:17 - 2013-08-12 07:17 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-08-12 07:17 - 2013-08-12 07:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-12 06:44 - 2013-08-12 06:44 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-12 06:44 - 2013-08-12 06:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-12 06:33 - 2013-08-11 20:06 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2013-08-11 20:54 - 2012-09-20 17:48 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Skype
2013-08-11 19:57 - 2012-12-24 23:48 - 00000000 ____D C:\Program Files (x86)\SelfUpdater
2013-08-11 19:52 - 2013-08-11 19:02 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Wise Registry Cleaner
2013-08-11 19:03 - 2013-08-11 19:02 - 00003340 _____ C:\Windows\System32\Tasks\Wise Registry Cleaner Schedule Task
2013-08-11 19:00 - 2013-08-11 19:00 - 00000000 ____D C:\Program Files (x86)\Wise
2013-08-11 18:22 - 2013-08-11 18:22 - 00002676 _____ C:\AdwCleaner[S12].txt
2013-08-11 18:22 - 2013-08-11 18:22 - 00002613 _____ C:\AdwCleaner[R19].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015178 _____ C:\AdwCleaner[R18].txt
2013-08-11 18:16 - 2013-08-11 18:16 - 00015091 _____ C:\AdwCleaner[S11].txt
2013-08-11 17:11 - 2012-05-09 15:14 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-08-11 16:44 - 2013-03-10 20:20 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\MyPhoneExplorer
2013-08-11 16:37 - 2013-08-11 16:37 - 00000000 __SHD C:\found.000
2013-08-11 16:06 - 2013-08-07 19:58 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.4
2013-08-10 22:13 - 2013-08-10 22:13 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{FF9A8822-4474-4304-9014-9D112D469C43}
2013-08-10 18:26 - 2013-03-10 20:25 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-08-10 18:25 - 2013-03-10 21:04 - 00002065 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2013-08-10 18:25 - 2013-03-10 21:04 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2013-08-09 19:44 - 2013-08-09 19:38 - 00000000 ____D C:\Users\Lissi1\Desktop\hagen
2013-08-09 19:39 - 2013-08-09 19:38 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{776DAD39-B110-4BB8-8E5D-C94A0562B076}
2013-08-09 12:00 - 2013-07-23 18:20 - 00003874 _____ C:\Windows\System32\Tasks\Freemium1ClickMaint
2013-08-08 11:07 - 2013-08-08 11:07 - 00000085 _____ C:\Windows\wininit.ini
2013-08-07 20:07 - 2012-05-09 15:16 - 00002592 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-07 20:00 - 2013-08-07 20:00 - 00004320 _____ C:\Windows\System32\Tasks\Plus-HD-2.4-updater
2013-08-07 19:59 - 2013-08-07 19:59 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-2.4-codedownloader
2013-08-07 19:59 - 2013-08-07 19:59 - 00004130 _____ C:\Windows\System32\Tasks\Plus-HD-2.4-enabler
2013-08-07 18:29 - 2013-08-07 18:29 - 00002180 _____ C:\AdwCleaner[S10].txt
2013-08-07 18:28 - 2013-08-07 18:28 - 00002117 _____ C:\AdwCleaner[R17].txt
2013-08-07 18:26 - 2011-07-18 23:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-07 11:35 - 2013-08-07 10:30 - 00000000 ____D C:\Windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 10:32 - 2013-08-07 10:32 - 00000000 _____ C:\autoexec.bat
2013-08-07 10:31 - 2013-08-07 10:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-07 10:27 - 2013-08-07 10:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lissi1\Downloads\SpyHunter-Installer.exe
2013-08-07 10:14 - 2013-08-07 10:14 - 00000000 ____D C:\FRST
2013-08-07 01:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-07 00:12 - 2013-08-07 00:12 - 00141008 _____ C:\Users\Lissi1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-07 00:10 - 2013-08-07 00:10 - 00524744 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-07 00:09 - 2013-08-05 12:26 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-06 18:38 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-06 18:38 - 2012-02-04 18:47 - 00000000 ___RD C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-06 18:34 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-06 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-06 18:33 - 2011-04-12 10:28 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-06 18:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-06 18:20 - 2013-08-06 18:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-06 18:12 - 2011-05-16 16:04 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-06 18:12 - 2011-05-16 16:04 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-06 18:12 - 2009-07-14 07:13 - 01519624 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-06 18:07 - 2013-08-06 18:07 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag (1).js
2013-08-06 18:07 - 2013-08-06 18:06 - 00003031 _____ C:\Users\Lissi1\Downloads\writeBatchmediaTag.js
2013-08-06 17:43 - 2011-07-18 22:54 - 00000000 ____D C:\Windows\Panther
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2013-08-06 17:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sl-SI
2013-08-06 14:51 - 2012-02-04 19:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-06 14:44 - 2013-08-06 14:35 - 00010360 _____ C:\Windows\IE10_main.log
2013-08-06 14:38 - 2013-08-06 14:38 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 14:38 - 2013-08-06 14:38 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-06 11:59 - 2013-08-06 11:59 - 00002055 _____ C:\AdwCleaner[R14].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001994 _____ C:\AdwCleaner[R13].txt
2013-08-06 11:58 - 2013-08-06 11:58 - 00001933 _____ C:\AdwCleaner[R12].txt
2013-08-06 11:48 - 2013-08-06 11:48 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{E669DA13-D1D7-4467-8C6E-03285C19EF68}
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-06 11:44 - 2012-11-24 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-08-06 10:33 - 2013-08-06 10:33 - 00024422 _____ C:\ComboFix.txt
2013-08-06 10:33 - 2013-08-06 10:18 - 00000000 ____D C:\Qoobox
2013-08-06 10:33 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-08-06 10:32 - 2013-08-06 10:17 - 00000000 ____D C:\Windows\erdnt
2013-08-06 10:28 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-08-06 10:10 - 2013-08-06 10:10 - 00001872 _____ C:\AdwCleaner[R11].txt
2013-08-06 10:08 - 2013-08-06 10:08 - 00001811 _____ C:\AdwCleaner[R10].txt
2013-08-05 22:44 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-05 19:23 - 2013-08-05 19:23 - 00002038 _____ C:\AdwCleaner[S7].txt
2013-08-05 19:23 - 2013-08-05 19:23 - 00001976 _____ C:\AdwCleaner[R9].txt
2013-08-05 16:22 - 2013-05-11 14:02 - 00000000 ____D C:\ProgramData\Avery
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 12:28 - 2013-08-05 12:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-05 12:26 - 2013-08-05 12:26 - 00001714 _____ C:\AdwCleaner[R8].txt
2013-08-05 12:21 - 2013-08-05 12:21 - 00001654 _____ C:\AdwCleaner[R7].txt
2013-08-05 12:09 - 2012-02-04 23:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\CheckPoint
2013-08-05 12:08 - 2013-08-05 12:08 - 00001596 _____ C:\AdwCleaner[S6].txt
2013-08-05 12:08 - 2013-08-05 12:08 - 00001534 _____ C:\AdwCleaner[R6].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001726 _____ C:\AdwCleaner[S5].txt
2013-08-05 12:02 - 2013-08-05 12:02 - 00001664 _____ C:\AdwCleaner[R5].txt
2013-08-05 12:01 - 2013-08-05 12:01 - 00666633 _____ C:\Users\Lissi1\Desktop\adwcleaner06.exe
2013-08-05 11:53 - 2013-08-05 11:53 - 00078778 _____ C:\AdwCleaner[R4].txt
2013-08-05 11:53 - 2013-08-05 11:53 - 00033765 _____ C:\AdwCleaner[S4].txt
2013-08-05 11:51 - 2013-08-05 11:51 - 00078717 _____ C:\AdwCleaner[R3].txt
2013-08-05 11:49 - 2013-08-05 11:49 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Avira
2013-08-05 11:44 - 2013-08-05 11:44 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-05 11:43 - 2013-08-05 11:42 - 00000000 ____D C:\ProgramData\Avira
2013-08-05 11:42 - 2013-08-05 11:42 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-05 11:35 - 2013-08-05 11:42 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-05 11:35 - 2013-08-05 11:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-01 03:08 - 2013-07-23 18:20 - 00032328 _____ C:\Windows\Launcher.exe
2013-07-29 18:44 - 2013-07-23 18:20 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-28 13:18 - 2013-07-27 01:17 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{FAF84326-4611-466D-B67A-0E297DF11DC0}
2013-07-26 19:59 - 2013-07-26 13:22 - 00000000 ____D C:\Users\Lissi1\Desktop\Lissi Teich
2013-07-26 13:19 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Lissi1\Desktop\MalleTauchen
2013-07-26 13:16 - 2013-07-26 13:16 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{2D21CAF1-E27F-424F-9F6A-3C2B7F8E8FE5}
2013-07-26 06:15 - 2013-07-26 06:15 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-07-25 19:34 - 2013-07-25 19:34 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{79D351A7-86AB-4734-97E9-C42B3C381CD0}
2013-07-25 19:12 - 2013-07-25 16:48 - 1071260076 _____ C:\Users\Lissi1\Downloads\Archiv20130709-1430.zip
2013-07-23 18:47 - 2013-07-23 18:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 18:20 - 2013-07-23 18:20 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{8B102F25-1113-48D3-9381-DA6E4B9A6BA8}
2013-07-22 17:03 - 2013-07-22 17:03 - 00004171 _____ C:\Users\Lissi1\Desktop\TauchenAlissa.wlmp
2013-07-22 17:03 - 2013-07-22 16:53 - 00004166 _____ C:\Users\Lissi1\Desktop\Tauchen1.wlmp
2013-07-22 14:43 - 2013-07-22 14:42 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{8EF11119-F58F-43BF-BC83-8F60387DADED}
2013-07-20 12:08 - 2013-07-20 12:08 - 00000000 ____D C:\Users\Lissi1\AppData\Local\{A2FDA827-159E-4898-9016-E6A1408AFA4C}
2013-07-18 20:44 - 2012-12-27 12:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\BOM
2013-07-17 18:43 - 2013-07-17 18:43 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Deployment
2013-07-17 18:43 - 2012-09-17 16:53 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Apps\2.0
2013-07-17 18:34 - 2013-02-09 17:40 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-07-17 18:34 - 2012-05-09 15:14 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\FreeFLVConverter
2013-07-17 18:34 - 2012-02-04 21:31 - 00000000 ____D C:\Program Files (x86)\ScanWizard 5
2013-07-17 18:34 - 2011-07-18 23:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-17 18:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-17 18:21 - 2011-04-12 10:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-17 18:13 - 2013-02-09 17:37 - 00000000 ____D C:\Users\Lissi1\AppData\Roaming\Ad-Aware Antivirus
2013-07-17 17:49 - 2013-07-17 16:37 - 00001447 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-17 17:49 - 2013-07-17 16:37 - 00001413 _____ C:\Users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-17 09:24 - 2012-02-04 18:44 - 00000000 ____D C:\Program Files\Google
2013-07-16 08:43 - 2012-02-04 19:47 - 00000000 ____D C:\Users\Lissi1\AppData\Local\Google
2013-07-16 08:43 - 2012-02-04 18:44 - 00000000 ____D C:\ProgramData\Google
2013-07-16 08:25 - 2012-05-01 10:51 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-16 08:25 - 2012-05-01 10:51 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-16 08:25 - 2011-10-14 14:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-14 19:47 - 2013-07-22 14:41 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430 - Kopie.mov
2013-07-14 19:47 - 2013-07-14 18:38 - 977585085 _____ C:\Users\Lissi1\Desktop\20130709-1430.mov

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 05:58

==================== End Of Log ============================

--- --- ---

Additions.txtFRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013 02
Ran by Lissi1 at 2013-08-12 19:34:11
Running from C:\Users\Lissi1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TTDT2QBV
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
Ad-Aware Antivirus (x32 Version: 10.5.0.4339)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Alamandi (x32)
AMD APP SDK Runtime (Version: 2.5.793.1)
AMD AVIVO64 Codecs (Version: 11.7.0.11013)
AMD Catalyst Install Manager (Version: 3.0.851.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61013.1636)
Angry Birds Star Wars (x32 Version: 1.0.0)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
AVIConverter 5.1.6 (x32 Version: 5.1.6)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
AVS Update Manager 1.0 (x32)
AVS Video Converter 8 (x32)
AVS4YOU Software Navigator 1.4 (x32)
Biet-O-Matic v2.14.8 (x32 Version: Biet-O-Matic v2.14.8)
Canon Easy-PhotoPrint EX (x32)
Canon iP4900 series Benutzerregistrierung (x32)
Canon iP4900 series On-screen Manual (x32)
Canon iP4900 series Printer Driver
Canon My Printer (x32)
Catalyst Control Center (x32 Version: 2011.1013.1702.28713)
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713)
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713)
CCC Help Danish (x32 Version: 2011.1013.1701.28713)
CCC Help Dutch (x32 Version: 2011.1013.1701.28713)
CCC Help English (x32 Version: 2011.1013.1701.28713)
CCC Help Finnish (x32 Version: 2011.1013.1701.28713)
CCC Help French (x32 Version: 2011.1013.1701.28713)
CCC Help German (x32 Version: 2011.1013.1701.28713)
CCC Help Italian (x32 Version: 2011.1013.1701.28713)
CCC Help Japanese (x32 Version: 2011.1013.1701.28713)
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713)
CCC Help Spanish (x32 Version: 2011.1013.1701.28713)
CCC Help Swedish (x32 Version: 2011.1013.1701.28713)
ccc-utility64 (Version: 2011.1013.1702.28713)
CD-LabelPrint (x32)
Color!It 1.5 Professional-E (x32)
ContentHD (x32 Version: 1.00.0002)
Contents (x32 Version: 1.6.0.367)
Contents (x32 Version: 1.6.1.137)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Corel Painter Photo Essentials 4 (x32 Version: 4.1)
Corel Painter Photo Essentials 4 (x32)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000)
Corel PaintShop Photo Pro X3 (x32 Version: 1.6.1.137)
Corel VideoStudio Pro X3 (x32 Version: 1.6.0.367)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink Power2Go (x32 Version: 7.0.0.1327)
CyberLink PowerDVD Copy (x32 Version: 1.5.1306)
CyberLink PowerRecover (x32 Version: 5.5.4125)
CyberLink WaveEditor (x32 Version: 1.0.1.2821)
D3DX10 (x32 Version: 15.4.2368.0902)
Deaktivierungs-Add-on für Browser von Google Analytics (x32 Version: 0.9.2.0)
Der wunderbare Zauberer von Oz (x32)
DeviceIO (x32 Version: 1.6.0.367)
DeviceIO (x32 Version: 1.6.1.137)
Die Sage von Kolossus (x32)
Dropbox (HKCU Version: 2.0.22)
DVD Shrink 3.2 (x32)
FarmFrenzy (x32)
FLV Media Player version 1.3 (x32 Version: 1.3)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Free Video to MP3 Converter version 5.0.24.430 (x32 Version: 5.0.24.430)
Free YouTube Download version 3.2.2.430 (x32 Version: 3.2.2.430)
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128)
Freez FLV to AVI/MPEG/WMV Converter (x32 Version: 1.6)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
ICA (x32 Version: 1.6.0.367)
ICA (x32 Version: 1.6.1.137)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002)
IPM_PSP_Pro (x32 Version: 1.00.0000)
IPM_VS_Pro (x32 Version: 13.0)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (x32 Version: 7.0.210)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kaufland Foto (x32 Version: 5.0.1)
Kernel for Outlook PST Repair Evaluation ver 13.02.01 (x32)
Klett Lernsoftware Mathematik - mathe live 5 BA (x32)
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Medion Home Cinema (x32 Version: 8.0.3216)
Memeo Instant Backup (x32 Version: 4.60.0.7943)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0)
Microtek FineReader OCR Engine (x32)
MLE (x32 Version: 1.0.0.23)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (HKCU)
MyPhoneExplorer (x32 Version: 1.8.4)
OpenMG Limited Patch 4.7-07-14-05-01 (x32)
OpenMG Secure Module (x32 Version: 4.7.00.12140)
OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
PSPH10Pro (x32 Version: 1.00.0000)
PSPPContent (x32 Version: 1.00.0000)
PSPPRO_DCRAW (x32 Version: 13.0.0)
PureHD (x32 Version: 1.6.0.367)
PureHD (x32 Version: 1.6.1.137)
QuickShare (x32 Version: 1.6.1.714)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.25.0)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Samsung Kies (x32 Version: 2.3.2.12064_9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
ScanWizard 5 (x32)
Setup (x32 Version: 1.6.0.367)
Setup (x32 Version: 1.6.1.137)
Share (x32 Version: 1.6.0.367)
Share (x32 Version: 1.6.1.137)
Share64 (Version: 1.6.0.367)
Share64 (Version: 1.6.1.137)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.5 (x32 Version: 6.5.158)
SmartSound Common Data (x32 Version: 1.1.0)
SmartSound Quicktracks 5 (x32 Version: 5.1.5)
SonicStage 4.3 (x32 Version: 4.3)
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0)
Stellar Phoenix Outlook PST Repair (x32 Version: 4.5.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 7 (x32 Version: 7.0.13852)
Uniblue DriverScanner (x32 Version: 4.0.9.10)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
VC 9.0 Runtime (x32 Version: 1.0.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Versandhelfer (x32 Version: 0.9.511)
VIO (x32 Version: 1.6.0.367)
VIO (x32 Version: 1.6.1.137)
VSClassic (x32 Version: 1.6.0.367)
VSPro (x32 Version: 1.6.0.367)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
Windows Utils (x32)
WinRAR 4.10 (64-Bit) (Version: 4.10.0)
Wise Registry Cleaner 7.82 (x32 Version: 7.82)
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303)
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

07-08-2013 08:30:52 Installed SpyHunter
07-08-2013 09:32:53 Removed SpyHunter
07-08-2013 09:32:54 Windows Update
07-08-2013 16:25:12 Free System Utilities
07-08-2013 16:26:51 Entfernt PC Inspector File Recovery
07-08-2013 17:57:21 Free System Utilities
07-08-2013 18:07:52 Free System Utilities 07.08.2013 20:07:51
08-08-2013 13:43:01 Free System Utilities 08.08.2013 15:41:50
08-08-2013 14:49:10 Free System Utilities 08.08.2013 16:49:10
09-08-2013 10:50:16 Free System Utilities 09.08.2013 12:50:10
09-08-2013 15:06:55 Free System Utilities 09.08.2013 17:06:54
11-08-2013 15:07:57 Free System Utilities
11-08-2013 16:31:08 Wiederherstellungsvorgang
11-08-2013 17:00:31 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-08-06 10:26 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {046FA198-336F-4B8F-A05D-B074ED8CAC06} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4060780361-2962197505-3855748707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {08AE6839-3B32-478C-9D97-C7ABF7DBB35D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4060780361-2962197505-3855748707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe No File
Task: {16009711-3FBE-4DBF-99F2-8AD1D74B2922} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe No File
Task: {1D57B99B-8AB2-4AC9-BE59-EEB8DF2B3D50} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {1FD084E7-0FD9-4836-94DB-B0DFFF45DBA7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {20B670F8-D495-43B4-B66F-6576E798D397} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File
Task: {2FB4A20B-1195-4F6F-98A9-B71131340E69} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {3438A74F-D30D-4DAE-AABD-8E4687FB1D39} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4060780361-2962197505-3855748707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {38490776-1286-491D-ABF7-4EF8E1016596} - System32\Tasks\Hoolapp Init => C:\Users\Lissi1\AppData\Roaming\HOOLAP~1\Hoolapp.exe No File
Task: {3A322291-9708-4AC4-BDA9-28080B9131D4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4060780361-2962197505-3855748707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe No File
Task: {3AA39623-4C26-4352-881B-32950C8DC3DC} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4060780361-2962197505-3855748707-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe No File
Task: {3EA0857D-4881-4604-B1DD-D0141F5D725A} - System32\Tasks\Browser Updater\Browser Updater => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {41F95C5D-50D6-4CAD-BE33-AAA9619969EE} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe No File
Task: {4294D513-D50C-4121-9732-0675460C6D57} - System32\Tasks\Plus-HD-2.4-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-chromeinstaller.exe No File
Task: {43F0A8BC-3F41-4656-B2EE-CC75C64FABA2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation)
Task: {45DAED8B-06FE-48E8-B603-79B9796F4EF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)
Task: {491EEB26-98AA-40E3-AF52-D1DD16938513} - System32\Tasks\Plus-HD-2.4-enabler => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-enabler.exe No File
Task: {4AA0C1DA-4F0B-4B12-BCF9-D46D829AC8EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04] (Google Inc.)
Task: {5FF3B954-CCE0-4AEC-BDFC-43073F0D0DD0} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Ui.exe [2013-07-17] ()
Task: {66700F3D-2ABE-4082-87B8-8D546CAE53C0} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {69AD682C-3980-4A53-AAEF-CD4D2636270D} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2013-07-19] (WiseCleaner.com)
Task: {759FB95A-54DA-4844-A13C-E32642F2E977} - System32\Tasks\Plus-HD-2.4-updater => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-updater.exe No File
Task: {81E6757E-5936-461A-8C17-008E67EEF5B6} - System32\Tasks\DealPly => C:\Users\Lissi1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File
Task: {86C19865-1960-4B4F-90EF-F356C010C886} - System32\Tasks\Software Updater => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Bootstrapper.exe [2013-07-06] ()
Task: {8BC70FDF-C6CF-421C-9767-ACF6CE5E9963} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {8EACA554-38B1-446E-96DA-237BADAF8C14} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4060780361-2962197505-3855748707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {900ADC48-B10E-458D-BCD8-941E98E5B974} - System32\Tasks\Freemium1ClickMaint => C:\Program Files (x86)\Covus Freemium\Free System Utilities\1Click.exe No File
Task: {90DB39C7-E1DE-4F1B-9AAA-9F0CE40B6EBC} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {9144BDC4-7FBD-4921-A320-DF00D2A8E251} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {9CE62795-67B5-4A69-9724-9B8D0C043D46} - System32\Tasks\Plus-HD-2.4-codedownloader => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-codedownloader.exe No File
Task: {AD703A90-8D87-444F-A712-45B4ABC66271} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {ADEB3839-1313-431B-9387-D0B711B9B657} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BF0DAFDB-2D29-4DC0-883A-6449CDD05DD5} - System32\Tasks\SUPERAntiSpyware Scheduled Task b4eb2f77-0b34-4a31-8e76-89b6cbcecc1b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {C3365C9E-CE3C-4414-89A8-558B613878AA} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation)
Task: {C86F2E05-0E17-4A66-88AB-FDA0560B733E} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe [2013-02-14] (Lavasoft Limited)
Task: {CDDF991A-9628-4933-BB0C-DA7D9E740C2F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4060780361-2962197505-3855748707-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {E2088BC0-2227-4FBB-8943-761C3507FF09} - System32\Tasks\SUPERAntiSpyware Scheduled Task 33915243-1829-4197-b765-f2f614375d1b => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {EE6C8F1E-50BA-409C-9705-B4AAA515AC87} - System32\Tasks\Hoolapp for Android => C:\Users\Lissi1\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.4-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.4-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.4-enabler.job => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.4-updater.job => C:\Program Files (x86)\Plus-HD-2.4\Plus-HD-2.4-updater.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 33915243-1829-4197-b765-f2f614375d1b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task b4eb2f77-0b34-4a31-8e76-89b6cbcecc1b.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/12/2013 06:15:15 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/12/2013 03:54:54 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/12/2013 01:24:42 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/12/2013 08:17:44 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Product: Skype Click to Call -- Error 1609. An error occurred while applying security settings. Users is not a valid user or group. This could be a problem with the package, or a problem connecting to a domain controller on the network. Check your network connection and click Retry, or Cancel to end the install. Unable to locate the user's SID, system error 1332(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/11/2013 08:16:23 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/11/2013 06:47:03 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x8000ffff.

Error: (08/11/2013 06:45:35 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/11/2013 06:36:58 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x8000ffff.

Error: (08/11/2013 06:36:12 PM) (Source: MemeoBackgroundService) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (08/11/2013 05:04:46 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Windows-Sicherung). Zusätzliche Informationen: 0x8000ffff.


System errors:
=============
Error: (08/12/2013 06:18:46 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EASYBOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{42036434-BD32-45B5-89BB-BED2AEAA9F2C}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (08/12/2013 04:33:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/12/2013 04:33:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/12/2013 04:33:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/12/2013 04:33:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/12/2013 04:33:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/12/2013 04:33:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/12/2013 04:32:58 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/12/2013 04:32:58 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/12/2013 04:32:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (07/23/2013 06:51:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: LISSI1-PC, Application Version: LISSI1-PC, Microsoft Office Version: 12.0.6612.1000. This session lasted LISSI1-PC seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/23/2013 06:50:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-08-06 10:26:37.912
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-06 10:26:37.881
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-05 16:09:11.869
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-05 14:22:39.572
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-05 12:49:07.294
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-05 12:36:28.451
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-05 12:21:33.053
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-05 11:30:50.054
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-05 11:11:14.377
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-05 11:06:07.710
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 63%
Total physical RAM: 4023.11 MB
Available physical RAM: 1484.23 MB
Total Pagefile: 8044.41 MB
Available Pagefile: 4637.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:1346.17 GB) (Free:1272.22 GB) NTFS (Disk=0 Partition=2)
Drive d: (Recover) (Fixed) (Total:50 GB) (Free:31.19 GB) NTFS (Disk=0 Partition=3)
Drive j: (Volume) (Fixed) (Total:1863.01 GB) (Free:195.27 GB) NTFS (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: C0F66F80)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-753589551104) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: BC49D5D0)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

markusg · 12.08.2013, 18:39

Die beschriftungen in der Additions.txt fehlen

baby-lissa · 12.08.2013, 19:04

d-Aware Antivirus (x32 Version: 10.5.0.4339) nötig
Adobe AIR (x32 Version: 3.1.0.4880) unbekannt
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) nötig
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) vermutlich nötig
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) nötig
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635) nötig
Alamandi (x32) unnötig
AMD APP SDK Runtime (Version: 2.5.793.1) vermutlich nötig
AMD AVIVO64 Codecs (Version: 11.7.0.11013) vermutlich nötig
AMD Catalyst Install Manager (Version: 3.0.851.0) nötig
AMD Drag and Drop Transcoding (Version: 2.00.0000) vermutlich nötig
AMD Media Foundation Decoders (Version: 1.0.61013.1636) vermutlich nötig
Angry Birds Star Wars (x32 Version: 1.0.0) unnötig
Apple Application Support (x32 Version: 2.3) unbekannt
Apple Software Update (x32 Version: 2.1.3.127) unbekannt
AVIConverter 5.1.6 (x32 Version: 5.1.6) nötig
Avira Free Antivirus (x32 Version: 13.0.0.3885) nötig
AVS Update Manager 1.0 (x32) unnötig
AVS Video Converter 8 (x32) unnötig
AVS4YOU Software Navigator 1.4 (x32) unnötig
Biet-O-Matic v2.14.8 (x32 Version: Biet-O-Matic v2.14.8) unnötig
Canon Easy-PhotoPrint EX (x32) nötig
Canon iP4900 series Benutzerregistrierung (x32) nötig
Canon iP4900 series On-screen Manual (x32) nötig
Canon iP4900 series Printer Driver nötig
Canon My Printer (x32) nötig
Catalyst Control Center (x32 Version: 2011.1013.1702.28713) vermutlich nötig
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713) vermutlich nötig
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713) vermutlich nötig
CCC Help Danish (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help Dutch (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help English (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help Finnish (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help French (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help German (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help Italian (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help Japanese (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help Spanish (x32 Version: 2011.1013.1701.28713) unbekannt
CCC Help Swedish (x32 Version: 2011.1013.1701.28713) unbekannt
ccc-utility64 (Version: 2011.1013.1702.28713) unbekannt
CD-LabelPrint (x32) nötig
Color!It 1.5 Professional-E (x32) nötig
ContentHD (x32 Version: 1.00.0002) unbekannt
Contents (x32 Version: 1.6.0.367) unbekannt
Contents (x32 Version: 1.6.1.137) unbekannt
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2) unbekannt
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) unbekannt
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2) unbekannt
Corel Painter Photo Essentials 4 (x32 Version: 4.1) nötig
Corel Painter Photo Essentials 4 (x32) nötig
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000) nötig
Corel PaintShop Photo Pro X3 (x32 Version: 1.6.1.137) nötig
Corel VideoStudio Pro X3 (x32 Version: 1.6.0.367) nötig
CyberLink LabelPrint (x32 Version: 2.5.3624) nötig
CyberLink Power2Go (x32 Version: 7.0.0.1327) nötig
CyberLink PowerDVD Copy (x32 Version: 1.5.1306) nötig
CyberLink PowerRecover (x32 Version: 5.5.4125) nötig
CyberLink WaveEditor (x32 Version: 1.0.1.2821) nötig
D3DX10 (x32 Version: 15.4.2368.0902) unbekannt
Deaktivierungs-Add-on für Browser von Google Analytics (x32 Version: 0.9.2.0) unbekannt
Der wunderbare Zauberer von Oz (x32) nötig
DeviceIO (x32 Version: 1.6.0.367) unbekannt
DeviceIO (x32 Version: 1.6.1.137) unbekannt
Die Sage von Kolossus (x32) nötig
Dropbox (HKCU Version: 2.0.22) nötig
DVD Shrink 3.2 (x32) nötig
FarmFrenzy (x32) nötig
FLV Media Player version 1.3 (x32 Version: 1.3) nötig
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2) unbekannt
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922) unbekannt
Free Video to MP3 Converter version 5.0.24.430 (x32 Version: 5.0.24.430)unnötig
Free YouTube Download version 3.2.2.430 (x32 Version: 3.2.2.430)unnötig
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128)unnötig
Freez FLV to AVI/MPEG/WMV Converter (x32 Version: 1.6) unnötig
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)unbekannt
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) unbekannt
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922) unbekannt
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) unbekannt
Google Chrome (x32 Version: 28.0.1500.95) unnötig
Google Update Helper (x32 Version: 1.3.21.153) unbekannt
ICA (x32 Version: 1.6.0.367) unbekannt
ICA (x32 Version: 1.6.1.137) unbekannt
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002) unbekannt
IPM_PSP_Pro (x32 Version: 1.00.0000) unbekannt
IPM_VS_Pro (x32 Version: 13.0) unbekannt
Java 7 Update 21 (64-bit) (Version: 7.0.210) nötig
Java 7 Update 21 (x32 Version: 7.0.210) unnötig
Java Auto Updater (x32 Version: 2.1.9.5) unbekannt
Junk Mail filter update (x32 Version: 15.4.3502.0922) unbekannt
Kaufland Foto (x32 Version: 5.0.1) nötig
Kernel for Outlook PST Repair Evaluation ver 13.02.01 (x32) nötig
Klett Lernsoftware Mathematik - mathe live 5 BA (x32) nötig
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2) unbekannt
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) nötig
Medion Home Cinema (x32 Version: 8.0.3216) nötig
Memeo Instant Backup (x32 Version: 4.60.0.7943) unbekannt
Mesh Runtime (x32 Version: 15.4.5722.2) unbekannt
Microsoft Application Error Reporting (Version: 12.0.6015.5000) unbekannt
Microsoft Office 2007 Service Pack 3 (SP3) (x32) nötig
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) nötig
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) vermutlich nötig
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlivh nötig
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1) vermutlich nötig
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) vermutlich nötig
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) vermutlich nötig
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000) vermutlich nötig
Microsoft Silverlight (Version: 5.1.20513.0) unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) unbekannt
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) unbekannt
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) unbekannt
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) unbekannt
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) unbekannt
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) unbekannt
Microsoft-Maus- und Tastatur-Center (Version: 2.0.162.0) nötig
Microtek FineReader OCR Engine (x32) unbekannt
MLE (x32 Version: 1.0.0.23) unbekannt
MSVC80_x64_v2 (Version: 1.0.3.0) unbekannt
MSVC80_x86_v2 (x32 Version: 1.0.3.0) unbekannt
MSVC90_x64 (Version: 1.0.1.2) unbekannt
MSVC90_x86 (x32 Version: 1.0.1.2) unbekannt
MSVCRT (x32 Version: 15.4.2862.0708) unbekannt
MSVCRT_amd64 (x32 Version: 15.4.2862.0708) unbekannt
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) unbekannt
MyFreeCodec (HKCU) unbekannt
MyPhoneExplorer (x32 Version: 1.8.4) nötig
OpenMG Limited Patch 4.7-07-14-05-01 (x32) unbekannt
OpenMG Secure Module (x32 Version: 4.7.00.12140) unbekannt
OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140) unbekannt
PlayReady PC Runtime amd64 (Version: 1.3.0) unbekannt
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922) unbekannt
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922) unbekannt
Pošta Windows Live (x32 Version: 15.4.3502.0922) unbekannt
PSPH10Pro (x32 Version: 1.00.0000) unbekannt
PSPPContent (x32 Version: 1.00.0000) unbekannt
PSPPRO_DCRAW (x32 Version: 13.0.0) unbekannt
PureHD (x32 Version: 1.6.0.367) unbekannt
PureHD (x32 Version: 1.6.1.137) unbekannt
QuickShare (x32 Version: 1.6.1.714) unbekannt
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) unbekannt
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6438) nötig
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.25.0) vermutlich nötig
rosoft .NET Framework 4 Client Profile (Version: 4.0.30320) unbekannt
Samsung Kies (x32 Version: 2.3.2.12064_9) nötig
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0) nötig
ScanWizard 5 (x32) nötig
Setup (x32 Version: 1.6.0.367) unbekannt
Setup (x32 Version: 1.6.1.137) unbekannt
Share (x32 Version: 1.6.0.367) unbekannt
Share (x32 Version: 1.6.1.137) unbekannt
Share64 (Version: 1.6.0.367) unbekannt
Share64 (Version: 1.6.1.137) unbekannt
Skype Click to Call (x32 Version: 6.3.11079) nötig
Skype™ 6.5 (x32 Version: 6.5.158) nötig
SmartSound Common Data (x32 Version: 1.1.0) unbekannt
SmartSound Quicktracks 5 (x32 Version: 5.1.5) unbekannt
SonicStage 4.3 (x32 Version: 4.3) unbekannt
Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0) unbekannt
Stellar Phoenix Outlook PST Repair (x32 Version: 4.5.0.0) nötig
SUPERAntiSpyware (Version: 5.6.1020) vermutlich nötig
swMSM (x32 Version: 12.0.0.1) unbekannt
TeamSpeak 3 Client (Version: 3.0.10) nötig
TeamViewer 7 (x32 Version: 7.0.13852) nötig
Uniblue DriverScanner (x32 Version: 4.0.9.10) unbekannt
Update for 2007 Microsoft Office System (KB967642) (x32) unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) unbekannt
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) unbekannt
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32) unbekannt
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32) unbekannt
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32) unbekannt
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32) unbekannt
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32) unbekannt
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32) unbekannt
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32) unbekannt
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32) unbekannt
Update für Microsoft Office Excel 2007 Help (KB963678) (x32) unbekannt
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32) unbekannt
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32) unbekannt
Update für Microsoft Office Word 2007 Help (KB963665) (x32) unbekannt
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2) unbekannt
VC 9.0 Runtime (x32 Version: 1.0.0) unbekannt
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) unbekannt
Versandhelfer (x32 Version: 0.9.511) unnötig
VIO (x32 Version: 1.6.0.367) unbekannt
VIO (x32 Version: 1.6.1.137) unbekannt
VSClassic (x32 Version: 1.6.0.367) unbekannt
VSPro (x32 Version: 1.6.0.367) unbekannt
Windows Live Communications Platform (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Essentials (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Essentials (x32 Version: 15.4.3555.0308) unbekannt
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Fotótár (x32 Version: 15.4.3502.0922) unbekannt
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) unbekannt
Windows Live Installer (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Language Selector (Version: 15.4.3555.0308) unbekannt
Windows Live Mail (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2) unbekannt
Windows Live Mesh (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) unbekannt
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) unbekannt
Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2) unbekannt
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2) unbekannt
Windows Live Messenger (x32 Version: 15.4.3538.0513) unnötig
Windows Live MIME IFilter (Version: 15.4.3502.0922) unbekannt
Windows Live Movie Maker (x32 Version: 15.4.3502.0922) nötig
Windows Live Photo Common (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) unbekannt
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) unbekannt
Windows Live Remote Client (Version: 15.4.5722.2) unbekannt
Windows Live Remote Client Resources (Version: 15.4.5722.2) unbekannt
Windows Live Remote Service (Version: 15.4.5722.2) unbekannt
Windows Live Remote Service Resources (Version: 15.4.5722.2) unbekannt
Windows Live SOXE (x32 Version: 15.4.3502.0922) unbekannt
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922) unbekannt
Windows Live UX Platform (x32 Version: 15.4.3502.0922) unbekannt
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) unbekannt
Windows Live Writer (x32 Version: 15.4.3502.0922) unbekannt
Windows Live Writer Resources (x32 Version: 15.4.3502.0922) unbekannt
Windows Media Encoder 9 Series (x32 Version: 9.00.2980) unbekannt
Windows Media Encoder 9 Series (x32) unbekannt
Windows Utils (x32) unbekannt
WinRAR 4.10 (64-Bit) (Version: 4.10.0) nötig
Wise Registry Cleaner 7.82 (x32 Version: 7.82) unnötig
WISO Steuer-Sparbuch 2012 (x32 Version: 19.00.7303) nötig
WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137) nötig
Yahoo! Messenger (x32) nötig
Yahoo! Software Update (x32) unbekannt
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922) unbekannt

sorry habe ich nachgeleifert

markusg · 12.08.2013, 19:15

Hi,
es sind 2 Logs zu erstellen, möglichst gleichzeitig posten.
1.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Alamandi
Angry
AVS: alle
Biet-O
Free : alle
Freez
Google Chrome
Java 7 : beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Spelling
SUPERAntiSpyware : weg damit, findet meist nur kookies. behalte malwarebytes, ist sinnvoller.
TeamViewer : würd ich nur bei Bedarf instalieren, wenns drauf bleiben soll, Upgrade auf Version8
Uniblue
Versandhelfer
Wise Registry : finger weg von registry cleanern, sie können dem System schaden.

starte neu.
2.
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

3.
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

baby-lissa · 12.08.2013, 19:28

was ist uniblue???

markusg · 12.08.2013, 19:39

driver scanner, sollte entweder in der systemsteuerung, programme deinstalieren oder in rewo stehen

baby-lissa · 12.08.2013, 20:05

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-08-12.01 - Lissi1 12.08.2013  20:53:39.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4023.1851 [GMT 2:00]
ausgeführt von:: c:\users\Lissi1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lissi1\~Outlooklissa.pst.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-12 bis 2013-08-12  ))))))))))))))))))))))))))))))
.
.
2013-08-12 19:01 . 2013-08-12 19:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-12 18:41 . 2013-08-12 18:41	312232	----a-w-	c:\windows\system32\javaws.exe
2013-08-12 18:41 . 2013-08-12 18:41	189352	----a-w-	c:\windows\system32\javaw.exe
2013-08-12 18:41 . 2013-08-12 18:41	188840	----a-w-	c:\windows\system32\java.exe
2013-08-12 18:41 . 2013-08-12 18:41	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-12 18:41 . 2013-08-12 18:41	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-12 18:41 . 2013-08-12 18:41	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-12 09:03 . 2013-08-12 18:39	--------	d-----w-	c:\users\Lissi1\AppData\Local\Adobe
2013-08-12 08:59 . 2013-08-12 11:25	--------	d-----w-	c:\users\Lissi1\AppData\Local\adawarebp
2013-08-12 05:17 . 2013-08-12 05:17	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 04:44 . 2013-08-12 04:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-12 04:44 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-08-11 18:06 . 2013-08-12 04:33	--------	d-----w-	c:\program files (x86)\Eusing Free Registry Cleaner
2013-08-11 14:37 . 2013-08-11 14:37	--------	d-----w-	C:\found.000
2013-08-07 17:58 . 2013-08-11 14:06	--------	d-----w-	c:\program files (x86)\Plus-HD-2.4
2013-08-07 08:31 . 2013-08-07 08:31	--------	d-----w-	c:\program files\Enigma Software Group
2013-08-07 08:30 . 2013-08-07 09:35	--------	d-----w-	c:\windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 08:30 . 2013-08-07 08:30	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-07 08:23 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-08-07 08:23 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-08-07 08:14 . 2013-08-07 08:14	--------	d-----w-	C:\FRST
2013-08-06 16:55 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-08-06 16:55 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-08-06 16:13 . 2012-03-14 03:00	385024	----a-w-	c:\windows\system32\CNMLMAW.DLL
2013-08-06 16:00 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-08-06 16:00 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-08-06 16:00 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-08-06 16:00 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-08-06 16:00 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-08-06 16:00 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-08-06 16:00 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-08-06 12:38 . 2013-08-06 12:38	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 08:54 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-08-06 08:54 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-08-06 08:54 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-08-06 08:54 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-06 08:54 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-08-06 08:54 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-08-06 08:54 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-08-06 08:54 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-08-06 08:54 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-08-06 08:54 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-08-06 08:54 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-08-06 08:52 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-08-06 08:52 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-08-06 08:52 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-08-06 08:52 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-08-06 08:52 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-06 08:52 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-08-06 08:52 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-08-06 08:52 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-06 08:52 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-08-06 08:51 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-06 08:51 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-08-06 08:51 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-06 08:51 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-08-06 08:51 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-08-06 08:51 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-06 08:51 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-08-06 08:51 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-06 08:51 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-06 08:51 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-08-06 08:50 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-06 08:50 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-06 08:50 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-06 08:50 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-08-06 08:50 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-08-06 08:50 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-08-06 08:50 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-08-06 08:50 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-08-05 10:28 . 2013-08-05 10:28	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 10:28 . 2013-08-05 10:28	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-05 10:26 . 2013-08-06 22:09	--------	d-----w-	c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 09:49 . 2013-08-05 09:49	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Avira
2013-08-05 09:44 . 2013-08-05 09:44	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-08-05 09:42 . 2013-08-05 09:35	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-08-05 09:42 . 2013-08-05 09:35	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-05 09:42 . 2013-08-05 09:35	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-05 09:42 . 2013-08-05 09:43	--------	d-----w-	c:\programdata\Avira
2013-08-05 09:42 . 2013-08-05 09:42	--------	d-----w-	c:\program files (x86)\Avira
2013-07-23 16:47 . 2013-07-23 16:47	--------	d-----w-	c:\users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 16:20 . 2013-07-29 16:44	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-23 16:20 . 2013-08-01 01:08	32328	----a-w-	c:\windows\Launcher.exe
2013-07-17 16:43 . 2013-07-17 16:43	--------	d-----w-	c:\users\Lissi1\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-12 18:41 . 2012-12-16 15:13	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-08-12 18:41 . 2011-07-18 21:14	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-23 22:57 . 2011-07-18 20:31	78277128	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 06:13 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-14 343168]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-05 345144]
.
c:\users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
net.lnk - c:\users\Lissi1\AppData\Roaming\Windows Net Data\net.exe [2013-7-23 709120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2012-2-4 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-5-17 1393744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 50864556
*Deregistered* - 50864556
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12 18:41]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} -
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
Toolbar-!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba696155-d96e-4281-b467-0367a0456474}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-4060780361-2962197505-3855748707-1000)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-12  21:03:01
ComboFix-quarantined-files.txt  2013-08-12 19:03
ComboFix2.txt  2013-08-06 08:33
.
Vor Suchlauf: 15 Verzeichnis(se), 1.376.416.366.592 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 1.376.293.629.952 Bytes frei
.
- - End Of File - - 75C97ADD0078F14CDF79A6EE2965772D

--- --- ---
D41D8CD98F00B204E9800998ECF8427E

soll jetzt ein Neustart gemacht werden oder erst TDSKiller laufen lassen?
WAS ist drivescanner? habe ich nicht in der Systemsteuerung

markusg · 12.08.2013, 20:06

Hi, warum wurde combofix schon mal ausgeführt?
poste mal noch die
ComboFix-quarantined-files.txt

baby-lissa · 12.08.2013, 20:14

ich habe combfix noch nie ausgefürt und das ist kleider alles was ich posten konnte

combofix hat nur die eine txt aufgemacht sonnst nichts

21:09:34.0661 3700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:09:34.0880 3700 ============================================================
21:09:34.0880 3700 Current date / time: 2013/08/12 21:09:34.0880
21:09:34.0880 3700 SystemInfo:
21:09:34.0880 3700
21:09:34.0880 3700 OS Version: 6.1.7601 ServicePack: 1.0
21:09:34.0880 3700 Product type: Workstation
21:09:34.0880 3700 ComputerName: LISSI1-PC
21:09:34.0880 3700 UserName: Lissi1
21:09:34.0880 3700 Windows directory: C:\Windows
21:09:34.0880 3700 System windows directory: C:\Windows
21:09:34.0880 3700 Running under WOW64
21:09:34.0880 3700 Processor architecture: Intel x64
21:09:34.0880 3700 Number of processors: 4
21:09:34.0880 3700 Page size: 0x1000
21:09:34.0880 3700 Boot type: Normal boot
21:09:34.0880 3700 ============================================================
21:09:35.0270 3700 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:35.0270 3700 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:35.0301 3700 ============================================================
21:09:35.0301 3700 \Device\Harddisk0\DR0:
21:09:35.0301 3700 MBR partitions:
21:09:35.0301 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:09:35.0301 3700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA8454800
21:09:35.0301 3700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA8487000, BlocksNum 0x6400000
21:09:35.0301 3700 \Device\Harddisk1\DR1:
21:09:35.0301 3700 MBR partitions:
21:09:35.0301 3700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
21:09:35.0301 3700 ============================================================
21:09:35.0316 3700 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:35.0363 3700 D: <-> \Device\Harddisk0\DR0\Partition3
21:09:35.0394 3700 J: <-> \Device\Harddisk1\DR1\Partition1
21:09:35.0394 3700 ============================================================
21:09:35.0394 3700 Initialize success
21:09:35.0394 3700 ============================================================
21:09:37.0968 2112 ============================================================
21:09:37.0968 2112 Scan started
21:09:37.0968 2112 Mode: Manual;
21:09:37.0968 2112 ============================================================
21:09:38.0499 2112 ================ Scan system memory ========================
21:09:38.0499 2112 System memory - ok
21:09:38.0499 2112 ================ Scan services =============================
21:09:38.0609 2112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:09:38.0609 2112 1394ohci - ok
21:09:38.0640 2112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:09:38.0640 2112 ACPI - ok
21:09:38.0687 2112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:09:38.0687 2112 AcpiPmi - ok
21:09:38.0765 2112 [ 3F59267F038747E89BA97CD11388748D ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
21:09:38.0765 2112 Ad-Aware Service - ok
21:09:38.0827 2112 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:38.0827 2112 AdobeARMservice - ok
21:09:38.0999 2112 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:38.0999 2112 AdobeFlashPlayerUpdateSvc - ok
21:09:39.0030 2112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:09:39.0046 2112 adp94xx - ok
21:09:39.0077 2112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:09:39.0077 2112 adpahci - ok
21:09:39.0108 2112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:09:39.0108 2112 adpu320 - ok
21:09:39.0139 2112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:09:39.0139 2112 AeLookupSvc - ok
21:09:39.0155 2112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:09:39.0171 2112 AFD - ok
21:09:39.0186 2112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:09:39.0202 2112 agp440 - ok
21:09:39.0202 2112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:09:39.0202 2112 ALG - ok
21:09:39.0233 2112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:09:39.0233 2112 aliide - ok
21:09:39.0264 2112 [ C08ADE825268D291AFE06EDA71415C7D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:09:39.0264 2112 AMD External Events Utility - ok
21:09:39.0280 2112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:09:39.0295 2112 amdide - okr

21:09:34.0661 3700 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:09:34.0880 3700 ============================================================
21:09:34.0880 3700 Current date / time: 2013/08/12 21:09:34.0880
21:09:34.0880 3700 SystemInfo:
21:09:34.0880 3700
21:09:34.0880 3700 OS Version: 6.1.7601 ServicePack: 1.0
21:09:34.0880 3700 Product type: Workstation
21:09:34.0880 3700 ComputerName: LISSI1-PC
21:09:34.0880 3700 UserName: Lissi1
21:09:34.0880 3700 Windows directory: C:\Windows
21:09:34.0880 3700 System windows directory: C:\Windows
21:09:34.0880 3700 Running under WOW64
21:09:34.0880 3700 Processor architecture: Intel x64
21:09:34.0880 3700 Number of processors: 4
21:09:34.0880 3700 Page size: 0x1000
21:09:34.0880 3700 Boot type: Normal boot
21:09:34.0880 3700 ============================================================
21:09:35.0270 3700 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:35.0270 3700 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:35.0301 3700 ============================================================
21:09:35.0301 3700 \Device\Harddisk0\DR0:
21:09:35.0301 3700 MBR partitions:
21:09:35.0301 3700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:09:35.0301 3700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA8454800
21:09:35.0301 3700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA8487000, BlocksNum 0x6400000
21:09:35.0301 3700 \Device\Harddisk1\DR1:
21:09:35.0301 3700 MBR partitions:
21:09:35.0301 3700 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
21:09:35.0301 3700 ============================================================
21:09:35.0316 3700 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:35.0363 3700 D: <-> \Device\Harddisk0\DR0\Partition3
21:09:35.0394 3700 J: <-> \Device\Harddisk1\DR1\Partition1
21:09:35.0394 3700 ============================================================
21:09:35.0394 3700 Initialize success
21:09:35.0394 3700 ============================================================
21:09:37.0968 2112 ============================================================
21:09:37.0968 2112 Scan started
21:09:37.0968 2112 Mode: Manual;
21:09:37.0968 2112 ============================================================
21:09:38.0499 2112 ================ Scan system memory ========================
21:09:38.0499 2112 System memory - ok
21:09:38.0499 2112 ================ Scan services =============================
21:09:38.0609 2112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:09:38.0609 2112 1394ohci - ok
21:09:38.0640 2112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:09:38.0640 2112 ACPI - ok
21:09:38.0687 2112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:09:38.0687 2112 AcpiPmi - ok
21:09:38.0765 2112 [ 3F59267F038747E89BA97CD11388748D ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
21:09:38.0765 2112 Ad-Aware Service - ok
21:09:38.0827 2112 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:38.0827 2112 AdobeARMservice - ok
21:09:38.0999 2112 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:38.0999 2112 AdobeFlashPlayerUpdateSvc - ok
21:09:39.0030 2112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:09:39.0046 2112 adp94xx - ok
21:09:39.0077 2112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:09:39.0077 2112 adpahci - ok
21:09:39.0108 2112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:09:39.0108 2112 adpu320 - ok
21:09:39.0139 2112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:09:39.0139 2112 AeLookupSvc - ok
21:09:39.0155 2112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:09:39.0171 2112 AFD - ok
21:09:39.0186 2112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:09:39.0202 2112 agp440 - ok
21:09:39.0202 2112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:09:39.0202 2112 ALG - ok
21:09:39.0233 2112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:09:39.0233 2112 aliide - ok
21:09:39.0264 2112 [ C08ADE825268D291AFE06EDA71415C7D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:09:39.0264 2112 AMD External Events Utility - ok
21:09:39.0280 2112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:09:39.0295 2112 amdide - ok

markusg · 12.08.2013, 20:16

Hi, combofix wurde bereits ausgeführt, und zwar am 08.06
navigiere bitte auf c: und poste mir die C:\ComboFix.txt
adwcleaner wurde auch schon ausgeführt
C:\AdwCleaner(nummer)txt benöitge ich auch
außerdem TDSS Killer nach anleitung konfigurieren, Log posten

baby-lissa · 12.08.2013, 20:27

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-08-12.01 - Lissi1 12.08.2013  20:53:39.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4023.1851 [GMT 2:00]
ausgeführt von:: c:\users\Lissi1\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lissi1\~Outlooklissa.pst.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-12 bis 2013-08-12  ))))))))))))))))))))))))))))))
.
.
2013-08-12 19:01 . 2013-08-12 19:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-12 18:41 . 2013-08-12 18:41	312232	----a-w-	c:\windows\system32\javaws.exe
2013-08-12 18:41 . 2013-08-12 18:41	189352	----a-w-	c:\windows\system32\javaw.exe
2013-08-12 18:41 . 2013-08-12 18:41	188840	----a-w-	c:\windows\system32\java.exe
2013-08-12 18:41 . 2013-08-12 18:41	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-12 18:41 . 2013-08-12 18:41	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-12 18:41 . 2013-08-12 18:41	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-12 09:03 . 2013-08-12 18:39	--------	d-----w-	c:\users\Lissi1\AppData\Local\Adobe
2013-08-12 08:59 . 2013-08-12 11:25	--------	d-----w-	c:\users\Lissi1\AppData\Local\adawarebp
2013-08-12 05:17 . 2013-08-12 05:17	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\SUPERAntiSpyware.com
2013-08-12 04:44 . 2013-08-12 04:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-12 04:44 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-08-11 18:06 . 2013-08-12 04:33	--------	d-----w-	c:\program files (x86)\Eusing Free Registry Cleaner
2013-08-11 14:37 . 2013-08-11 14:37	--------	d-----w-	C:\found.000
2013-08-07 17:58 . 2013-08-11 14:06	--------	d-----w-	c:\program files (x86)\Plus-HD-2.4
2013-08-07 08:31 . 2013-08-07 08:31	--------	d-----w-	c:\program files\Enigma Software Group
2013-08-07 08:30 . 2013-08-07 09:35	--------	d-----w-	c:\windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-08-07 08:30 . 2013-08-07 08:30	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-07 08:23 . 2013-04-17 07:02	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-08-07 08:23 . 2013-04-17 06:24	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-08-07 08:14 . 2013-08-07 08:14	--------	d-----w-	C:\FRST
2013-08-06 16:55 . 2013-04-02 22:51	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-08-06 16:55 . 2013-04-09 23:34	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-08-06 16:13 . 2012-03-14 03:00	385024	----a-w-	c:\windows\system32\CNMLMAW.DLL
2013-08-06 16:00 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-08-06 16:00 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-08-06 16:00 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-08-06 16:00 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-08-06 16:00 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-08-06 16:00 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-08-06 16:00 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-08-06 12:38 . 2013-08-06 12:38	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-06 08:54 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-08-06 08:54 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-08-06 08:54 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-08-06 08:54 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-08-06 08:54 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-08-06 08:54 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-08-06 08:54 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-08-06 08:54 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-08-06 08:54 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-08-06 08:54 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-08-06 08:54 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-08-06 08:52 . 2013-06-05 03:34	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-08-06 08:52 . 2013-05-10 05:49	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-08-06 08:52 . 2013-05-10 03:20	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-08-06 08:52 . 2013-04-10 05:48	1732608	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-08-06 08:52 . 2013-04-10 05:46	1367040	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-08-06 08:52 . 2013-04-10 05:46	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2013-08-06 08:52 . 2013-04-10 05:46	1393152	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-08-06 08:52 . 2013-04-10 05:03	936448	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-08-06 08:52 . 2013-01-24 06:01	223752	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-08-06 08:51 . 2013-05-13 05:51	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-08-06 08:51 . 2013-05-13 05:51	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-08-06 08:51 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-08-06 08:51 . 2013-05-13 03:43	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-08-06 08:51 . 2013-05-13 03:08	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-08-06 08:51 . 2013-05-13 05:51	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-08-06 08:51 . 2013-05-13 05:50	52224	----a-w-	c:\windows\system32\certenc.dll
2013-08-06 08:51 . 2013-05-13 04:45	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-08-06 08:51 . 2013-05-13 04:45	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-08-06 08:51 . 2013-05-13 03:08	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-08-06 08:50 . 2013-03-19 06:04	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-08-06 08:50 . 2013-03-19 05:04	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-08-06 08:50 . 2013-03-19 05:04	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-08-06 08:50 . 2013-03-19 03:06	112640	----a-w-	c:\windows\system32\smss.exe
2013-08-06 08:50 . 2013-03-19 05:46	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-08-06 08:50 . 2013-03-19 04:47	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-08-06 08:50 . 2013-04-25 23:30	1505280	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-08-06 08:50 . 2013-03-31 22:52	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-08-05 10:28 . 2013-08-05 10:28	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 10:28 . 2013-08-05 10:28	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-05 10:26 . 2013-08-06 22:09	--------	d-----w-	c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 09:49 . 2013-08-05 09:49	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Avira
2013-08-05 09:44 . 2013-08-05 09:44	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-08-05 09:42 . 2013-08-05 09:35	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-08-05 09:42 . 2013-08-05 09:35	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-05 09:42 . 2013-08-05 09:35	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-05 09:42 . 2013-08-05 09:43	--------	d-----w-	c:\programdata\Avira
2013-08-05 09:42 . 2013-08-05 09:42	--------	d-----w-	c:\program files (x86)\Avira
2013-07-23 16:47 . 2013-07-23 16:47	--------	d-----w-	c:\users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 16:20 . 2013-07-29 16:44	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-23 16:20 . 2013-08-01 01:08	32328	----a-w-	c:\windows\Launcher.exe
2013-07-17 16:43 . 2013-07-17 16:43	--------	d-----w-	c:\users\Lissi1\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-12 18:41 . 2012-12-16 15:13	1093032	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-08-12 18:41 . 2011-07-18 21:14	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-23 22:57 . 2011-07-18 20:31	78277128	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 06:13 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-14 343168]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-05 345144]
.
c:\users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
net.lnk - c:\users\Lissi1\AppData\Roaming\Windows Net Data\net.exe [2013-7-23 709120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2012-2-4 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-5-17 1393744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 50864556
*Deregistered* - 50864556
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12 18:41]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
2013-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} -
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
Toolbar-!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba696155-d96e-4281-b467-0367a0456474}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-4060780361-2962197505-3855748707-1000)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-12  21:03:01
ComboFix-quarantined-files.txt  2013-08-12 19:03
ComboFix2.txt  2013-08-06 08:33
.
Vor Suchlauf: 15 Verzeichnis(se), 1.376.416.366.592 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 1.376.293.629.952 Bytes frei
.
- - End Of File - - 75C97ADD0078F14CDF79A6EE2965772D

--- --- ---
D41D8CD98F00B204E9800998ECF8427E

also combfix wurde noch nie ausgeführtAdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.100 - Datei am 16/12/2012 um 16:36:49 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lissi1 - LISSI1-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lissi1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITKH2QGW\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\BrowserCompanion
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\Windows Searchqu Toolbar
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Lissi1\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Lissi1\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Lissi1\AppData\LocalLow\bbrs_002.tb
Ordner Gefunden : C:\Users\Lissi1\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Lissi1\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Lissi1\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Lissi1\AppData\Roaming\BrowserCompanion
Ordner Gefunden : C:\Users\Lissi1\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\Software\BrowserMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gefunden : HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gefunden : HKU\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKU\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109958&tt=120912_pcp_3812_1&babsrc=NT_ss&mntrId=204c3cc00000000000006c626d8c2b78

*************************

AdwCleaner[R1].txt - [19427 octets] - [16/12/2012 16:36:49]

########## EOF - C:\AdwCleaner[R1].txt - [19488 octets] ##########

--- --- ---

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 11/08/2013 um 18:22:17 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lissi1 - LISSI1-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lissi1\Desktop\adwcleaner06.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gelöscht : C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v28.0.1500.95

Datei : C:\Users\Lissi1\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R10].txt - [1811 octets] - [06/08/2013 10:08:35]
AdwCleaner[R11].txt - [1872 octets] - [06/08/2013 10:10:31]
AdwCleaner[R12].txt - [1933 octets] - [06/08/2013 11:58:38]
AdwCleaner[R13].txt - [1994 octets] - [06/08/2013 11:58:54]
AdwCleaner[R14].txt - [2055 octets] - [06/08/2013 11:59:28]
AdwCleaner[R17].txt - [2117 octets] - [07/08/2013 18:28:41]
AdwCleaner[R18].txt - [15178 octets] - [11/08/2013 18:16:18]
AdwCleaner[R19].txt - [2613 octets] - [11/08/2013 18:22:01]
AdwCleaner[R1].txt - [19448 octets] - [16/12/2012 17:36:49]
AdwCleaner[R2].txt - [877 octets] - [16/12/2012 17:52:35]
AdwCleaner[R3].txt - [78717 octets] - [05/08/2013 11:51:39]
AdwCleaner[R4].txt - [78778 octets] - [05/08/2013 11:53:06]
AdwCleaner[R5].txt - [1664 octets] - [05/08/2013 12:02:00]
AdwCleaner[R6].txt - [1534 octets] - [05/08/2013 12:08:03]
AdwCleaner[R7].txt - [1654 octets] - [05/08/2013 12:21:17]
AdwCleaner[R8].txt - [1714 octets] - [05/08/2013 12:26:45]
AdwCleaner[R9].txt - [1976 octets] - [05/08/2013 19:23:07]
AdwCleaner[S10].txt - [2180 octets] - [07/08/2013 18:29:03]
AdwCleaner[S11].txt - [15091 octets] - [11/08/2013 18:16:40]
AdwCleaner[S12].txt - [2125 octets] - [11/08/2013 18:22:17]
AdwCleaner[S1].txt - [18899 octets] - [16/12/2012 17:37:22]
AdwCleaner[S2].txt - [820 octets] - [16/12/2012 17:48:57]
AdwCleaner[S3].txt - [938 octets] - [16/12/2012 17:52:45]
AdwCleaner[S4].txt - [33765 octets] - [05/08/2013 11:53:23]
AdwCleaner[S5].txt - [1726 octets] - [05/08/2013 12:02:18]
AdwCleaner[S6].txt - [1596 octets] - [05/08/2013 12:08:14]
AdwCleaner[S7].txt - [2038 octets] - [05/08/2013 19:23:32]

########## EOF - C:\AdwCleaner[S12].txt - [2606 octets] ##########

--- --- ---

ADWCleaner wursde mehrmals ausgeführt, insgesammt 12 mal

tdskiller ist gepostet

2013-08-12 19:01:56 . 2013-08-12 19:01:56 377 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2013-08-08 09:07:04 . 2013-08-08 09:07:12 85 ----a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir
2013-08-06 08:33:14 . 2013-08-06 08:33:14 0 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-08-06 08:32:24 . 2013-08-12 19:01:58 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}.reg.dat
2013-08-06 08:32:24 . 2013-08-12 19:01:58 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}.reg.dat
2013-08-06 08:32:23 . 2013-08-12 19:01:58 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}.reg.dat
2013-08-06 08:32:23 . 2013-08-06 08:32:23 113 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2013-08-06 08:32:23 . 2013-08-06 08:32:23 113 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}.reg.dat
2013-08-06 08:32:12 . 2013-08-06 08:32:12 311 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-ZoneAlarm Installer.reg.dat
2013-08-06 08:32:11 . 2013-08-06 08:32:11 177 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-DriverScanner.reg.dat
2013-08-06 08:32:11 . 2013-08-12 19:01:47 2,166 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{ba696155-d96e-4281-b467-0367a0456474}.reg.dat
2013-08-06 08:32:11 . 2013-08-12 19:01:47 125 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2013-08-06 08:32:11 . 2013-08-12 19:01:47 125 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}.reg.dat
2013-08-06 08:32:10 . 2013-08-12 19:01:47 1,069 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{ba696155-d96e-4281-b467-0367a0456474}.reg.dat
2013-08-06 08:25:36 . 2013-08-12 18:59:02 9,034 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-08-06 08:18:40 . 2013-08-12 18:52:38 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-12-24 21:33:53 . 2012-12-24 21:33:53 1,758,720 ----atw- C:\Qoobox\Quarantine\C\Users\Lissi1\AppData\Roaming\Microsoft\engine_vx.dll.vir
2012-03-27 12:02:23 . 2012-03-27 12:02:23 8 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\19795AD46B.sys.vir
2012-02-04 18:57:29 . 1998-11-17 12:44:44 328,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\IsUn0407.exe.vir

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-08-05.03 - Lissi1 06.08.2013  10:20:55.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4023.1577 [GMT 2:00]
ausgeführt von:: c:\users\Lissi1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HN7EU4GZ\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\19795AD46B.sys
c:\users\Lissi1\AppData\Roaming\Microsoft\engine_vx.dll
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-06 bis 2013-08-06  ))))))))))))))))))))))))))))))
.
.
2013-08-06 08:26 . 2013-08-06 08:26	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-05 10:28 . 2013-08-05 10:28	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Malwarebytes
2013-08-05 10:28 . 2013-08-05 10:28	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-05 10:28 . 2013-08-05 10:28	--------	d-----w-	c:\programdata\Malwarebytes
2013-08-05 10:28 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-08-05 10:26 . 2013-08-05 10:26	--------	d-----w-	c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-08-05 09:49 . 2013-08-05 09:49	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Avira
2013-08-05 09:44 . 2013-08-05 09:44	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-08-05 09:42 . 2013-08-05 09:35	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-08-05 09:42 . 2013-08-05 09:35	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-05 09:42 . 2013-08-05 09:35	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-05 09:42 . 2013-08-05 09:43	--------	d-----w-	c:\programdata\Avira
2013-08-05 09:42 . 2013-08-05 09:42	--------	d-----w-	c:\program files (x86)\Avira
2013-07-23 16:47 . 2013-07-23 16:47	--------	d-----w-	c:\users\Lissi1\AppData\Local\FreeSystemUtilities
2013-07-23 16:20 . 2013-07-29 16:44	--------	d-----w-	c:\users\Lissi1\AppData\Roaming\Windows Net Data
2013-07-23 16:20 . 2013-08-01 01:08	32328	----a-w-	c:\windows\Launcher.exe
2013-07-23 16:19 . 2013-07-23 16:19	--------	d-----w-	c:\programdata\FreeSystemUtilities
2013-07-23 16:18 . 2013-07-23 16:18	--------	d-----w-	c:\programdata\Package Cache
2013-07-17 16:43 . 2013-07-17 16:43	--------	d-----w-	c:\users\Lissi1\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-16 06:25 . 2012-05-01 08:51	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-16 06:25 . 2011-10-14 12:15	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 06:13 . 2011-03-29 01:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-11 07:39 . 2012-02-24 15:55	3402	--sha-w-	c:\programdata\KGyGaAvL.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-14 343168]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-05 345144]
.
c:\users\Lissi1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lissi1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
net.lnk - c:\users\Lissi1\AppData\Roaming\Windows Net Data\net.exe [2013-7-23 709120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2012-2-4 344064]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-5-17 1393744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Lissi1\AppData\Local\Temp\Rar$EXa0.359\Run\a2ddax64.sys;c:\users\Lissi1\AppData\Local\Temp\Rar$EXa0.359\Run\a2ddax64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-02 15:55	1173456	----a-w-	c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 06:25]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 16:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Lissi1\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = about:newtab
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay
IE: {{92808042-fb78-4fa0-bb4f-c9a95e0e9c10} - {ba696155-d96e-4281-b467-0367a0456474} -
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
Toolbar-!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{ba696155-d96e-4281-b467-0367a0456474} - (no file)
Wow6432Node-HKCU-Run-DriverScanner - c:\program files (x86)\Uniblue\DriverScanner\launcher.exe
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
Toolbar-!{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4060780361-2962197505-3855748707-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ba696155-d96e-4281-b467-0367a0456474}]
@Denied: (A 2) (Administrators)
@Denied: (A 2) (S-1-5-21-4060780361-2962197505-3855748707-1000)
"Flags"=dword:00000400
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{722b3793-5367-4446-b6bb-db89b05c1f24}\LocalServer32]
@DACL=(02 0000)
@=expand:"%SystemRoot%\\System32\\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {722b3793-5367-4446-b6bb-db89b05c1f24}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\crypserv.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-06  10:33:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-06 08:33
.
Vor Suchlauf: 11 Verzeichnis(se), 1.368.118.669.312 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 1.367.759.712.256 Bytes frei
.
- - End Of File - - 25322264282D6DD98948261655E28D25

--- --- ---
D41D8CD98F00B204E9800998ECF8427E

markusg · 12.08.2013, 20:27

Hi das ist das combofix log von heute, liegen dort noch mehr?

und ich sag dir gern noch mal, dass es bereits ausgeführt wurde, ich sehe das in combofix und im frst Log. poste mir außerdem mal das neueste ADW cleaner log, das ist aus 2012.

baby-lissa · 12.08.2013, 20:33

ich habe die alles gepostet was uner combofix zu finden ist, ich habe combofix voerher noch nie gehört also kann es auch nicht gelaufen sein auf dem rechner!!! ich bin der einzige der ihn benutzt und ich habe combo noch nie geladen.

alle adw logs sind da 01 und 12

combo hat meinen ganzen pc umgebau nach dem scan ich habe kein explorer mehr sondern in como plore und der arbeitsplatz heist jetzt c: combofix

das zum schon mal gelaufen
das program zerledert gerde stück für stück meinen pc

http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner?

Plagegeister aller Art und deren Bekämpfung: http://www_getwindowinfo/ und TBUpdater.dll nervern seit einiger Zeit, wie bekomme ich die vom Rechner?