nach eigenständiger Entfernung Probleme mit VISTA SP1

spikehansley · 28.03.2014, 14:58

hallo zusammen,

ich hatte ein paar malware "Sachen" auf meinem laptop.
dann bin ich wie folgt vorgegangen :

1. AntiMalware Bytes
2. ADW Cleaner
3. Tempfilecleaner
4. combofix
5. eset

nun habe ich das problem, dass ich nichts mehr installieren kann. zuerst kam die Meldung, dass .net framework fehlt. den stand alone installer davon konnte ich nicht installieren. fehler.
avira, kaspersky, Fehler. bei avira hies der fehler "could not install msi package".

wenn ich windows update laufen lassen möchte, ging das schon nicht. fehler !!! dann habe ich rausgefunden, dass durch das aktualisieren der Intel Rapid Storage Technology Driver das wieder geht. zumindest lädt er alle ca. 121 updates runter. danach fängt er an sie zu installieren. dann 10 Jahre später Neustadt. nun konfiguriert er die updates, was fehlschlägt. dann macht er alles wieder rückgängig : LOOP !

sfc: /scannow bringt keine Abhilfe.
das servicepack 2 kann ich auch nicht installieren, Fehler
so ist der aktuelle stand :-(((

ich würde mich freuen, wenn mir jemand einen

cosinus · 28.03.2014, 15:11

Zitat:

1. AntiMalware Bytes
2. ADW Cleaner
3. Tempfilecleaner
4. combofix
5. eset

Das ist das Problem wenn man auf eigene Faust Combofix ausführt. Wir warnen immer wieder davor.

Warum läuft dein Vista nur mit SP1?

Was wurde gefunden, was wurde alles enfernt?

spikehansley · 28.03.2014, 15:24

ja, ich habe die warnhinweise auch gelesen. dachte nur, wird schon klappen. war leichtsinnig.

es wurden ca. 10 verschiedene malwares im Malwarebytes angezeigt. ich habe das log nicht mehr

das sp2 habe ich nicht installiert, weil ich immer dachte, brauche ich nicht. das sieht aber wohl anders aus.

cosinus · 29.03.2014, 00:49

Logs findest du in Malwarebytes selbst.

Außerdem red ich auch noch von allen anderen Logs (combofix, adwcleaner etc)
Kann jetzt nicht dein Ernst sein, dass du alle gelöscht hast?

wenn doch, ist Hilfe nicht mehr möglich, da niemand mehr nachvollziehen kann was mit deinem System passiert ist

spikehansley · 29.03.2014, 07:20

hallo, ich habe jetzt noch zwei logs gefunden.

hier

Code:

ATTFilter

ComboFix 13-04-01.01 - Acer 27.03.2014   6:53.1.2 - x86

MicrosoftÆ Windows Vistaô Home Premium   6.0.6001.1.1252.49.1031.18.1915.1158 [GMT 1:00]

ausgef¸hrt von:: c:\users\user\Desktop\Trojaner entfernen\4. Scan mit Combofix\combofix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Lˆschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\user\AppData\Local\ext_offermosquito_uninst.exe

c:\windows\system32\pt

c:\windows\system32\pt\toscdspd.cpl.mui

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-02-27 bis 2014-03-27  ))))))))))))))))))))))))))))))

.

.

2014-03-27 05:58 . 2014-03-27 05:58	--------	d-----w-	c:\users\user1\AppData\Local\temp

2014-03-27 05:58 . 2014-03-27 05:58	--------	d-----w-	c:\users\Default\AppData\Local\temp

2014-03-26 19:07 . 2014-03-27 05:41	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-03-26 19:06 . 2014-03-26 19:06	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 

2014-03-26 19:06 . 2014-03-26 19:06	--------	d-----w-	c:\programdata\Malwarebytes

2014-03-26 19:06 . 2014-03-05 08:26	51416	----a-w-	c:\windows\system32\drivers\mwac.sys

2014-03-26 19:06 . 2014-03-05 08:26	73432	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys

2014-03-26 19:06 . 2014-03-05 08:26	23256	----a-w-	c:\windows\system32\drivers\mbam.sys

2014-03-26 08:58 . 2013-04-29 07:17	47632	----a-w-	c:\windows\system32\drivers\PSKMAD.sys

2014-03-26 08:43 . 2014-03-26 08:48	--------	d-----w-	c:\users\user\AppData\Roaming\QuickScan

2014-03-26 08:34 . 2014-03-26 08:35	--------	d-----w-	C:\AdwCleaner

2014-03-25 12:51 . 2014-03-26 07:08	--------	d-----w-	c:\programdata\Package Cache

2014-03-25 12:45 . 2014-03-26 07:08	--------	d-----w-	C:\OETemp

2014-03-19 10:59 . 2014-03-19 10:59	--------	d-----w-	c:\users\user\AppData\Local\Scansoft

2014-03-17 11:43 . 2014-03-17 11:43	--------	d-----w-	c:\programdata\InstallShield

2014-03-15 22:10 . 2014-03-15 22:10	--------	d-----w-	c:\users\user\AppData\Roaming\Helper

2014-03-15 22:10 . 2014-03-15 22:10	--------	d-----w-	c:\users\user\AppData\Local\Temp4692faee989ebd3dc9e66fd91d2d8c4a

2014-03-15 22:04 . 2014-03-15 22:04	--------	d-----w-	c:\users\user\ChromeExtensions

2014-03-15 22:04 . 2014-03-15 22:04	--------	d-----w-	c:\users\user\AppData\Local\Temp980e3c1db7890a9aa6b2d0911b25867e

2014-03-15 21:10 . 2014-03-15 21:10	--------	d-----w-	c:\program files\Microsoft Silverlight

2014-03-15 21:08 . 2011-03-25 21:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll

2014-03-15 21:08 . 2011-05-13 13:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll

2014-03-15 21:08 . 2014-03-26 07:01	--------	d-----w-	c:\users\user\AppData\Roaming\DesktopIconForAmazon

2014-03-15 21:08 . 2014-03-15 21:08	--------	d-----w-	c:\users\user\AppData\Roaming\OCS

2014-03-15 20:59 . 2014-03-27 05:47	--------	d-----w-	c:\users\user\AppData\Roaming\Security System 2

2014-03-15 20:59 . 2014-03-15 20:59	128000	----a-w-	c:\program files\Uninstall Information\97\4450\uninstall.exe

2014-03-15 20:59 . 2014-03-27 05:37	--------	d-----w-	c:\users\user\AppData\Local\ext_offermosquito

2014-03-15 20:59 . 2014-03-27 05:41	--------	d-----w-	c:\users\user\AppData\Roaming\Fifth

2014-03-15 20:59 . 2014-03-15 20:59	--------	d-----w-	c:\users\user\AppData\Roaming\Intermediate

2014-03-15 20:59 . 2014-03-15 20:59	--------	d-----w-	c:\users\user\AppData\Roaming\DataMgr

2014-03-15 20:59 . 2014-03-15 20:59	--------	d-----w-	c:\users\user\AppData\Roaming\SSync

2014-03-15 20:56 . 2014-03-15 20:56	--------	d-----w-	c:\users\user\AppData\Roaming\Common

2014-03-15 20:56 . 2014-03-15 20:56	--------	d-----w-	c:\program files\Common Files\Windows Live

2014-03-15 20:51 . 2014-03-15 20:51	--------	d-----w-	c:\program files\Common Files\Adobe

2014-03-15 20:44 . 2014-03-15 20:44	--------	d-----w-	c:\users\user\AppData\Roaming\FreePDFReader

2014-03-15 20:44 . 2014-03-15 20:44	--------	d-----w-	c:\program files\FreePDFReader

2014-03-15 20:44 . 2014-03-26 07:03	--------	d-----w-	c:\users\user\AppData\Roaming\PerformerSoft

2014-03-15 20:30 . 2014-03-15 20:30	--------	d-----w-	c:\users\user\AppData\Roaming\ControlCenter4

2014-03-15 20:29 . 2014-03-15 20:29	--------	d-----w-	c:\users\user\AppData\Roaming\FLEXnet

2014-03-15 20:22 . 2014-03-15 20:22	--------	d-----w-	C:\Brother

2014-03-15 20:19 . 2014-03-15 20:19	--------	d-----w-	c:\programdata\zeon

2014-03-15 20:18 . 2014-03-15 20:18	--------	d-----w-	c:\users\user\AppData\Roaming\Nuance

2014-03-15 20:17 . 2014-03-17 11:41	--------	d-----w-	c:\programdata\ScanSoft

2014-03-15 20:16 . 2014-03-17 11:41	--------	d-----w-	c:\program files\Common Files\ScanSoft Shared

2014-03-15 20:16 . 2014-03-17 11:45	--------	d-----w-	c:\program files\Nuance

2014-03-15 20:16 . 2014-03-15 20:19	--------	d-----w-	c:\programdata\Nuance

2014-03-15 20:16 . 2014-03-15 20:16	--------	d-----w-	c:\programdata\FLEXnet

2014-03-15 20:15 . 2014-03-15 20:15	--------	d-----w-	c:\program files\MSXML 4.0

2014-03-15 20:15 . 2014-03-15 20:26	--------	d-----w-	c:\programdata\Brother

2014-03-11 20:16 . 2009-04-22 15:35	9728	----a-w-	c:\windows\system32\drivers\massfilter.sys

2014-03-11 20:16 . 2009-03-10 14:38	110080	----a-w-	c:\windows\system32\drivers\ZTEusbnet.sys

2014-03-11 20:16 . 2009-02-02 17:14	105344	----a-w-	c:\windows\system32\drivers\ZTEusbnmea.sys

2014-03-11 20:16 . 2009-02-02 17:14	104960	----a-w-	c:\windows\system32\drivers\ZTEusbser6k.sys

2014-03-11 20:16 . 2009-02-02 17:14	104960	----a-w-	c:\windows\system32\drivers\ZTEusbmdm6k.sys

2014-03-11 20:15 . 2014-03-11 20:15	--------	d-----w-	c:\windows\system32\SupportAppCB

2014-03-11 20:15 . 2014-03-11 20:18	--------	d-----w-	c:\program files\Join Air

2014-03-04 13:10 . 2014-03-04 13:10	--------	d-----w-	c:\users\user\AppData\Local\Macromedia

2014-03-04 13:09 . 2014-03-04 13:09	--------	d-----w-	c:\programdata\McAfee

2014-03-04 13:09 . 2014-03-13 11:54	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe

2014-03-04 13:09 . 2014-03-13 11:54	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl

2014-03-04 13:09 . 2014-03-04 13:09	--------	d-----w-	c:\windows\system32\Macromed

2014-03-04 13:09 . 2014-03-15 20:53	--------	d-----w-	c:\users\user\AppData\Local\Adobe

2014-03-04 13:02 . 2014-03-04 13:02	--------	d-----w-	c:\users\user\AppData\Local\Mozilla

2014-03-04 13:01 . 2014-03-04 13:01	--------	d-----w-	c:\program files\Mozilla Maintenance Service

2014-02-25 11:59 . 2014-02-25 11:59	--------	d-----w-	c:\users\user\AppData\Roaming\OpenOffice

2014-02-25 11:56 . 2014-02-25 11:57	--------	d-----w-	c:\program files\OpenOffice 4

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-21 09:14 . 2014-02-21 09:16	4096	---ha-w-	c:\windows\system32\drivers\._rtl8187B.sys

2014-01-16 00:40 . 2014-01-16 00:40	487016	----a-w-	C:\SecurityScanner.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\System32\drivers\asyncmac.sys

[-] 2008-01-21 . 53B202ABEE6455406254444303E87BE1 . 17408 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.0.6001.18000_none_2457cee334d93e6f\asyncmac.sys

.

[-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\System32\drivers\beep.sys

[-] 2008-01-21 . 67E506B75BD5326A3EC7B70BD014DFB6 . 6144 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

.

[-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\System32\drivers\null.sys

[-] 2008-01-21 . C5DBBCDA07D780BDA9B685DF333BB41E . 4608 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.0.6001.18000_none_a965ed7d1afd0ac7\null.sys

.

[-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\System32\browser.dll

[-] 2008-01-21 . A3629A0C4226F9E9C72FAAEEBC3AD33C . 81920 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6001.18000_none_78e926b99dfe756d\browser.dll

.

[-] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\System32\lsass.exe

[-] 2008-01-21 . DCF733788C7D088D814E5F80EB4B3E0F . 9728 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe

.

[-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\System32\netman.dll

[-] 2008-01-21 . C8052711DAECC48B982434C5116CA401 . 274432 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

.

[-] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\System32\comres.dll

[-] 2008-01-21 . 4211249955AF9133E2E357CC92B54DFD . 1291264 . . [2001.12.6930.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll

.

[-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\System32\qmgr.dll

[-] 2008-01-21 . 02ED7B4DBC2A3232A389106DA7515C3D . 758272 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll

.

[-] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6000.16386] . . c:\windows\System32\rpcss.dll

[-] 2008-01-21 . 33FB1F0193EE2051067441492D56113C . 547328 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll

.

[-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\System32\services.exe

[-] 2008-01-21 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

.

[-] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe

[-] 2008-01-21 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe

.

[-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\System32\winlogon.exe

[-] 2008-01-21 . C2610B6BDBEFC053BBDAB4F1B965CB24 . 314880 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

.

[-] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\System32\wuauclt.exe

[-] 2008-01-21 . 8E93CDF0EA8EDBA63F07E2898A9B2147 . 43008 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.0.6001.18000_none_a052d92e34802200\wuauclt.exe

[-] 2006-11-02 . FF81090B6EF1A42A19DF226632711D25 . 41472 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_6.0.6000.16386_none_acab9aecacae685d\wuauclt.exe

.

[-] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\System32\drivers\tdx.sys

[-] 2008-01-21 . D09276B1FAB033CE1D40DCBDF303D10F . 71680 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

.

[-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\System32\comctl32.dll

[-] 2008-01-21 . 50CDFD99E606D172875E73B87C64053D . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\comctl32.dll

[-] 2008-01-21 . 58D3C1519096F3D9E07EEC5F5FC64885 . 531968 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18000_none_886786f450a74a05\comctl32.dll

[-] 2008-01-21 . A5BB4537004C8DCC096A952EF1E20FE9 . 1684480 . . [6.10] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

[-] 2006-11-02 . B28A9B2300A250B703D44C1759AF2605 . 1648128 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

[-] 2006-11-02 . 4A05089F43041903A3C523A3C16E3350 . 537088 . . [5.82] . . c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll

.

[-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\cryptsvc.dll

[-] 2008-01-21 . 6DE363F9F99334514C46AEC02D3E3678 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll

.

[-] 2008-01-21 . F4BF4FA769DB51B106D2B4B35256988B . 262144 . . [2001.12.6931.18000] . . c:\windows\System32\es.dll

[-] 2008-01-21 . F4BF4FA769DB51B106D2B4B35256988B . 262144 . . [2001.12.6931.18000] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll

.

[-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\System32\imm32.dll

[-] 2008-01-21 . EC17194A193CD8E90D27CFB93DFA9A2E . 114688 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll

.

[-] 2008-01-21 . DC2338093F91BA4E0512208E60206DDD . 888320 . . [6.0.6001.18000] . . c:\windows\System32\kernel32.dll

[-] 2008-01-21 . DC2338093F91BA4E0512208E60206DDD . 888320 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll

.

[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\System32\linkinfo.dll

[-] 2006-11-02 . 24F90AEFEBE601D427CB4511E74CDCB6 . 22016 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.0.6000.16386_none_362e7020a86900de\linkinfo.dll

.

[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\System32\lpk.dll

[-] 2008-01-21 . DD496299B7351E16E602FC4299345A33 . 23552 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\lpk.dll

.

[-] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6000.16386] . . c:\windows\System32\mshtml.dll

[-] 2008-01-21 . 48E05FD07045BB2E5CFC43C970CAF1E7 . 3578368 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18000_none_1343129c22297b1c\mshtml.dll

.

[-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\System32\msvcrt.dll

[-] 2008-01-21 . 04CBEAA089B6A752B3EB660BEE8C4964 . 680448 . . [7.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll

.

[-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6000.16386] . . c:\windows\System32\mswsock.dll

[-] 2008-01-21 . 89FD0595EEA4E505CABEFCF7008F2612 . 223232 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

.

[-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll

[-] 2008-01-21 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

.

[-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\System32\powrprof.dll

[-] 2008-01-21 . 51832219A52C3535BF4771C375E63F9B . 97280 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll

.

[-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll

[-] 2008-01-21 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

.

[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\sfc.dll

[-] 2006-11-02 . F4E1AA5D59C849A4AB47E895DC76B9C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll

.

[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6000.16386] . . c:\windows\System32\svchost.exe

[-] 2008-01-21 . 3794B461C45882E06856F282EEF025AF . 21504 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

.

[-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\System32\tapisrv.dll

[-] 2008-01-21 . 680916BB09EE0F3A6ACA7C274B0D633F . 242688 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.0.6001.18000_none_e33cd8dbe4f2987f\tapisrv.dll

.

[-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\System32\user32.dll

[-] 2008-01-21 . B974D9F06DC7D1908E825DC201681269 . 627200 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

.

[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\System32\userinit.exe

[-] 2008-01-21 . 0E135526E9785D085BCD9AEDE6FBCBF9 . 25088 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

.

[-] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6000.16386] . . c:\windows\System32\wininet.dll

[-] 2008-01-21 . 455D715A840579BDC1CF8E5C1DA76849 . 825856 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll

.

[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\System32\ws2_32.dll

[-] 2008-01-21 . B304D47D5744BA20FCB99FB8B2C07B0B . 179200 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

.

[-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ws2help.dll

[-] 2006-11-02 . 17C0671BF57057108A6D949510EE42C8 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\ws2help.dll

.

[-] 2008-01-21 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6000.16386] . . c:\windows\explorer.exe

[-] 2008-01-21 . FFA764631CB70A30065C12EF8E174F9F . 2927104 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

.

[-] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6000.16386] . . c:\windows\regedit.exe

[-] 2008-01-21 . 467A3B03E924B7B7EDD16D34740574B0 . 134656 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

.

[-] 2008-01-21 . 3B634E4BE373D6D987EBF906B43FAAB3 . 1315328 . . [6.0.6000.16386] . . c:\windows\System32\ole32.dll

[-] 2008-01-21 . 3B634E4BE373D6D987EBF906B43FAAB3 . 1315328 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll

.

[-] 2008-01-21 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\System32\usp10.dll

[-] 2008-01-21 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll

.

[-] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\ksuser.dll

[-] 2006-11-02 . 919CC2A0476D5A6A4C935D4B88E29912 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.0.6001.18000_none_e8019c5c974c4491\ksuser.dll

.

[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\System32\ctfmon.exe

[-] 2006-11-02 . 22BFD03DF51065A9ED8D17F8FB72296B . 8704 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

.

[-] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll

[-] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll

.

[-] 2006-11-02 . 2EC53B5A351C4D443896DBAD117F7E82 . 4608 . . [6.0.6000.16386] . . c:\windows\System32\msimg32.dll

[-] 2006-11-02 . 2EC53B5A351C4D443896DBAD117F7E82 . 4608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.0.6000.16386_none_7535161f1f2100ed\msimg32.dll

.

[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\System32\cngaudit.dll

[-] 2006-11-02 . 7F15B4953378C8B5161D65C26D5FED4D . 11776 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.

[-] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\System32\wininit.exe

[-] 2008-01-21 . 101BA3EA053480BB5D957EF37C06B5ED . 96768 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

.

[-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\System32\regsvc.dll

[-] 2008-01-21 . CC4E32400F3C7253400CF8F3F3A0B676 . 106496 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.0.6001.18000_none_896605b983775101\regsvc.dll

.

[-] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll

[-] 2008-01-21 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll

[-] 2008-01-21 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll

[-] 2008-01-21 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll

.

[-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll

[-] 2008-01-21 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll

.

[-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\System32\termsrv.dll

[-] 2008-01-21 . D605031E225AACCBCEB5B76A4F1603A6 . 448512 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll

.

[-] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\System32\hnetcfg.dll

[-] 2008-01-21 . A952D0DED445F26AEFCF593A935AB300 . 289792 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.0.6001.18000_none_b03645b494998691\hnetcfg.dll

.

[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll

[-] 2008-01-21 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6001.18000_none_f900daa442864318\ias.dll

.

[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll

[-] 2006-11-02 09:46 . BA8639F9EB0F74F2946DE6DE1AF4691F . 924944 . . [4.1.6140] . . c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.0.6000.16386_none_f0dc500958a528b5\mfc40u.dll

.

[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\System32\upnphost.dll

[-] 2008-01-21 . 68308183F4AE0BE7BF8ECD07CB297999 . 259072 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.0.6001.18000_none_c1e834753483fdcf\upnphost.dll

.

[-] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\System32\dsound.dll

[-] 2008-01-21 . 8A7B8DA5CA558D2DE47086BB23556543 . 444416 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.0.6001.18000_none_589bbe5841e2df00\dsound.dll

.

[-] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\System32\d3d9.dll

[-] 2008-01-21 . FAB8F08EC64A54917C07BDB6DC811C95 . 1788928 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.0.6001.18000_none_c24d6ca560c635f9\d3d9.dll

.

[-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll

[-] 2008-01-21 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll

.

[-] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\System32\olepro32.dll

[-] 2008-01-21 02:23 . AE70AE6F0760793D4893C3735EEC7292 . 88576 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.0.6001.18000_none_3a13ba9301b4467e\olepro32.dll

.

[-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\System32\perfctrs.dll

[-] 2006-11-02 . BA7C3E9DD6B1A632124C8659E8014028 . 39424 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.0.6001.18000_none_31733dc35d19d298\perfctrs.dll

.

[-] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\System32\version.dll

[-] 2008-01-21 . 187D588F7A1A45DE48B8540401A90850 . 20480 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\version.dll

.

[-] 2008-01-21 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe

.

[-] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\System32\w32time.dll

[-] 2008-01-21 . 1CF9206966A8458CDA9A8B20DF8AB7D3 . 282624 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.0.6001.18000_none_88a763af6d4aa52f\w32time.dll

.

[-] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll

[-] 2008-01-21 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll

.

[-] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\System32\midimap.dll

[-] 2008-01-21 . D7F1F6C72276A15579D5761098018891 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.0.6001.18000_none_8cfdc804108fe1a6\midimap.dll

.

[-] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\System32\rasadhlp.dll

[-] 2006-11-02 . A7D525E5C0D91C8C1D84C6BCD25AD77D . 10240 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasadhlp.dll

.

[-] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\System32\WSHTCPIP.DLL

[-] 2008-01-21 . 22CFAEB9172F5F198048401485CD0571 . 9216 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.0.6001.18000_none_cbb305c23187855a\WSHTCPIP.DLL

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-12 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-12 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-12 145944]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]

"NDSTray.exe"="NDSTray.exe" [BU]

"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-08-31 132608]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2008-07-09 46368]

"PPort11reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - MBAMWEBACCESSCONTROL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-20 09:39	1150280	----a-w-	c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2014-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-04 11:54]

.

2014-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-24 20:33]

.

2014-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-24 20:33]

.

.

------- Zus‰tzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

IE: Mit PDF Viewer Plus ˆffnen - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 10.1.2.1

FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - user.js: extensions.blocklist.enabled - false

FF - user.js: app.update.auto - false

.

- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -

.

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2014-03-27 06:58

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteintr‰ge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2014-03-27  07:02:02

ComboFix-quarantined-files.txt  2014-03-27 06:02

.

Vor Suchlauf: 9 Verzeichnis(se), 193.412.591.616 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 193.380.524.032 Bytes frei

.

- - End Of File - - C14A57CF5F12E15B289910E17D1DB472

und hier

Code:

ATTFilter

# AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 09:34:31
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : Acer - user
# Gestartet von : C:\Users\user\Downloads\adwcleaner_3.022.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : AddonsHelper
Dienst Gefunden : SearchAnonymizer

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Windows\system32\roboot.exe
Ordner Gefunden C:\ProgramData\DNSErrorHelper
Ordner Gefunden C:\Users\user.TOS\AppData\Local\Temp\OCS

***** [ Verkn¸pfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schl¸ssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schl¸ssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schl¸ssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchAnonymizer
Schl¸ssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schl¸ssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schl¸ssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Schl¸ssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schl¸ssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferMosquito
Schl¸ssel Gefunden : HKCU\Software\OCS
Schl¸ssel Gefunden : HKCU\Software\OfferMosquito
Schl¸ssel Gefunden : HKCU\Software\Softonic
Schl¸ssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Schl¸ssel Gefunden : HKLM\Software\Speedchecker Limited
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Ocs_SM]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6001.18000

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.firetab.org/?type=ds3hp
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.firetab.org/?type=ds3nt

-\\ Mozilla Firefox v27.0.1 (de)

-\\ Google Chrome v33.0.1750.154

*************************

AdwCleaner[R0].txt - [3360 octets] - [26/03/2014 09:34:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3420 octets] ##########

vielleicht kann mir noch jemand helfen. Danke !

cosinus · 29.03.2014, 12:43

Was ist jetzt mit den Logs von Malwarebytes?
Die sind im Programm selbst zu finden. Unter MBBAM 1.75:

Bei MBAM 2.0 findet man die Logs unter Verlauf oben rechts

spikehansley · 29.03.2014, 13:39

hab es tatsächlich noch gefunden :-))

Code:

ATTFilter

<?xml version="1.0" encoding="UTF-16" ?>

<mbam-log>

<header>

<date>2014/03/27 06:37:06 +0100</date>

<log>mbam-log-2014-03-26 (20-08-56).xml</log>

<isadmin>yes</isadmin>

</header>

<engine>

<version>2.00.0.1000</version>

<rules-database>v2014.03.26.06</rules-database>

<swissarmy-database>v2014.03.25.01</swissarmy-database>

<license>trial</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>

<system>

<osversion>Windows Vista Service Pack 1</osversion>

<arch>x86</arch>

<username>user</username>

<filesys>NTFS</filesys>

</system>

<summary>

<type>threat</type>

<result>completed</result>

<objects>234762</objects>

<time>37687</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>2</folders>

<files>9</files>

<sectors>0</sectors>

</summary>

<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<shuriken>enabled</shuriken>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items>

<folder><path>C:\Users\user\AppData\Roaming\freegames111</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>fae4c93ec6b5d0664fcf5ef1da28926e</hash></folder>

<folder><path>C:\Users\user\AppData\Roaming\speedtest127</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>3f9f5fa83645162040e193bc7b878b75</hash></folder>

<file><path>C:\Users\user\Downloads\SoftonicDownloader_fuer_windows-live-fotogalerie.exe</path><vendor>PUP.Optional.Softonic.A</vendor><action>success</action><hash>04da55b2fe7d40f64dec9e794fb2669a</hash></file>

<file><path>C:\Users\user\Downloads\FreePDFReaderSetup(1).exe</path><vendor>PUP.Optional.InstallBrain</vendor><action>success</action><hash>e3fbd1360873b18512ab4fe5dc24fb05</hash></file>

<file><path>C:\Users\user\Downloads\FreePDFReaderSetup.exe</path><vendor>PUP.Optional.InstallBrain</vendor><action>success</action><hash>7b639671542737fffdc07db75da338c8</hash></file>

<file><path>C:\Users\user\Downloads\Windows Live Fotogalerie Installer.exe</path><vendor>PUP.Optional.DownloadSponsor</vendor><action>success</action><hash>fbe38f78a1da4ee81c716b79996a6a96</hash></file>

<file><path>C:\Users\user\AppData\Local\omesuperv.exe</path><vendor>PUP.Optional.OfferMosquito.A</vendor><action>success</action><hash>36a828dff28933035af4cb53fd0337c9</hash></file>

<file><path>C:\Users\user\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll</path><vendor>PUP.Optional.OfferMosquito.A</vendor><action>success</action><hash>2ab42bdc5c1f1422a6a862bc4cb4e020</hash></file>

<file><path>C:\Users\user\AppData\Roaming\freegames111\freegames111.xpi</path><vendor>PUP.Optional.FreeGames.A</vendor><action>success</action><hash>fae4c93ec6b5d0664fcf5ef1da28926e</hash></file>

<file><path>C:\Users\user\AppData\Roaming\speedtest127\speedtest127.xpi</path><vendor>PUP.Optional.SpeedTest.A</vendor><action>success</action><hash>3f9f5fa83645162040e193bc7b878b75</hash></file>

<file><path>C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\prefs.js</path><vendor>PUP.Optional.Trovigo.A</vendor><action>replaced</action><baddata>user_pref(&quot;browser.search.selectedEngine&quot;, &quot;hxxp://www.trovigo.com/Results.aspx?gd=&amp;ctid=CT3324415&amp;octid=EB_ORIGINAL_CTID&amp;SearchSource=58&amp;CUI=&amp;UM=4&amp;UP=SPE2FF63DE-B413-42D5-B448-ADCB8CE5CAA4&amp;q={searchTerms}&amp;SSPV=&quot;);</baddata><gooddata></gooddata><hash>29b587808bf0c86eea212d0343c1ef11</hash></file>

</items>

</mbam-log>

und hier

Code:

ATTFilter

<?xml version="1.0" encoding="UTF-8" ?>

<logs>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:07:02.501950+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="30f877a0-4583-4bcc-935f-e2f743ec60ad" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:07:02.517550+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="f95914c5-e25f-4494-9684-3485a12347a2" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:07:02.548750+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="edea3cb1-6d29-48aa-8e91-591872427bfc" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:07:03.079150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="c4279fc0-a1d6-4b54-a48c-4ce872f41a09" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="0" datetime="2014-03-26T20:07:21.346750+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="ACER" last_modified_tag="9bbd8245-3194-4696-9c8d-5dd77658ca20" subtype="Malware Protection" action="Quarantine" filename="C:\Users\user.Acer\Downloads\iLividSetup-r887-n-bf.exe" hash="0544936ccbafce68e6bd47043cc55ea2" malwaretype="File" vendor="PUP.Optional.Bandoo"></record>

   <record severity="debug" LoggingEventType="0" datetime="2014-03-26T20:07:28.004150+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="ACER" last_modified_tag="f4f36a97-1452-44a3-81f7-ac63655c4711" subtype="Malware Protection" action="Quarantine" filename="C:\Users\user.Acer\downloads\ilividsetup-r887-n-bf.exe" hash="0544936ccbafce68e6bd47043cc55ea2" malwaretype="File" vendor="PUP.Optional.Bandoo"></record>

   <record severity="debug" code="1" LoggingEventType="2" message="SDKQuarantine" datetime="2014-03-26T20:07:28.113350+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="30ecf143-20c4-40d1-9f64-beb6293f9145" result="Failed" filename="C:\Users\user.Acer\downloads\ilividsetup-r887-n-bf.exe"></record>

   <record severity="debug" code="1" LoggingEventType="4" message="SDKQuarantine" datetime="2014-03-26T20:07:28.128950+01:00" source="Protection" type="Error" username="SYSTEM" systemname="ACER" last_modified_tag="30ecf143-20c4-40d1-9f64-beb6293f9145" result="Failed" filename="C:\Users\user.Acer\downloads\ilividsetup-r887-n-bf.exe"></record>

   <record severity="debug" LoggingEventType="0" datetime="2014-03-26T20:07:31.383350+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="ACER" last_modified_tag="559231f7-a67a-43c7-9456-02835c5fc133" subtype="Malware Protection" action="Quarantine" filename="C:\Users\user.Acer\downloads\ilividsetup-r887-n-bf.exe" hash="0544936ccbafce68e6bd47043cc55ea2" malwaretype="File" vendor="PUP.Optional.Bandoo"></record>

   <record severity="debug" code="1" LoggingEventType="2" message="SDKQuarantine" datetime="2014-03-26T20:07:31.502350+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="cc9386a5-fb07-4491-8efc-711e07d7da4b" result="Failed" filename="C:\Users\user.Acer\downloads\ilividsetup-r887-n-bf.exe"></record>

   <record severity="debug" code="1" LoggingEventType="4" message="SDKQuarantine" datetime="2014-03-26T20:07:31.507350+01:00" source="Protection" type="Error" username="SYSTEM" systemname="ACER" last_modified_tag="cc9386a5-fb07-4491-8efc-711e07d7da4b" result="Failed" filename="C:\Users\user.Acer\downloads\ilividsetup-r887-n-bf.exe"></record>

   <record severity="debug" LoggingEventType="1" datetime="2014-03-26T20:07:53.829550+01:00" source="Manual" type="Update" username="SYSTEM" systemname="ACER" fromVersion="2014.2.20.1" last_modified_tag="50b31512-bcc8-4be0-88b9-fec5f7574bbd" name="Rootkit Database" toVersion="2014.3.25.1"></record>

   <record severity="debug" LoggingEventType="1" datetime="2014-03-26T20:08:56.369950+01:00" source="Manual" type="Update" username="SYSTEM" systemname="ACER" fromVersion="2014.3.4.9" last_modified_tag="45b23f67-ea79-4538-af8b-14bcff25beef" name="Malware Database" toVersion="2014.3.26.6"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:08:58.617150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="68b24e66-8c2f-431b-b152-290e254d4880" result="Starting" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:08:58.625150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="12450b5d-109d-4f6a-9d4d-2b0b64227738" result="Stopping" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:08:58.782150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="a7f36b24-999b-409a-a975-cf0a807ba479" result="Stopped" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:09:05.958150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="808ad9ed-1709-40c0-97d7-5ef720c6b5b1" result="Success" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:09:06.020150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="a50cc184-7785-489f-b135-954d1a66e1f9" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-03-26T20:09:06.724150+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ACER" last_modified_tag="cb7aaef5-c8bf-4611-8d4a-42091047b4d3" result="Started" subtype="Malicious Website Protection"></record>

</logs>

cosinus · 29.03.2014, 13:41

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

spikehansley · 29.03.2014, 14:39

einmal

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01

Ran by Acer at 2014-03-29 14:25:46

Running from C:\Users\user\Desktop

Boot Mode: Normal

==========================================================





==================== Security Center ========================



AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



==================== Installed Programs ======================



Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Brother MFL-Pro Suite DCP-7055 (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)

CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - ACER)

FreePDFReader (HKLM\...\FreePDFReader) (Version:  - FreePDFConverter)

Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Chrome Frame (HKLM\...\{4F2EAFFD-6D9A-3804-A77B-5A450D3201F6}) (Version: 65.107.16494 - Google, Inc.)

Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)

Join Air (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Office Outlook 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Outlook 2010 (HKLM\...\Office14.OUTLOOK) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)

Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)

Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)

REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - REALTEK Semiconductor Corp.)

ScanSoft PaperPort 11 (HKLM\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)

Scansoft PDF Professional (Version:  - ) Hidden


ACER Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{C8694FF0-8203-483B-A07A-2BC40433167D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOK_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version:  - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOK_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version:  - Microsoft)



==================== Restore Points  =========================



27-03-2014 12:21:21 Windows Vista™ Service Pack 2

27-03-2014 12:31:24 Gerätetreiber-Paketinstallation: Intel IDE ATA/ATAPI-Controller

27-03-2014 13:24:01 Windows Update

27-03-2014 19:32:50 Windows Vista™ Service Pack 2

27-03-2014 20:51:17 Windows Update

28-03-2014 02:00:44 Windows Update

28-03-2014 06:00:35 Windows Update

28-03-2014 06:30:06 Windows Update

28-03-2014 07:18:37 Windows Update

28-03-2014 13:59:52 Windows Update

29-03-2014 06:02:19 Windows Update



==================== Hosts content: ==========================



2006-11-02 11:23 - 2014-03-27 06:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost



==================== Scheduled Tasks (whitelisted) =============



Task: {0AD00EFB-CCD6-419F-8E82-2EDD0F65380D} - System32\Tasks\Fifth => C:\Users\user\AppData\Roaming\Fifth\Fifth.exe [2014-03-04] () <==== ATTENTION

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {21A83EEE-FD7F-4826-8885-AF59F42AB342} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13] (Adobe Systems Incorporated)

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {40EF26FE-84E8-4FE3-A39F-BEEC037F7932} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)

Task: {9E4C6F46-4FB7-42B2-A3E2-887BD19119BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-24] (Google Inc.)

Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries

Task: {DA86A1CC-0754-4E6E-B031-E5586BB7FC35} - System32\Tasks\OMESupervisor => C:\Users\user\AppData\Local\omesuperv.exe <==== ATTENTION

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

Task: {F1F2DCC3-ECFD-47FF-8747-06A77F91AA38} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - ACER => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe



==================== Loaded Modules (whitelisted) =============



2014-03-11 21:15 - 2009-08-31 10:43 - 00132608 _____ () C:\Program Files\Join Air\UIExec.exe

2014-03-15 21:21 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

2014-03-11 21:15 - 2009-08-31 10:43 - 00241664 _____ () C:\Program Files\Join Air\AssistantServices.exe

2014-03-27 13:31 - 2009-12-23 17:32 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll



==================== Alternate Data Streams (whitelisted) =========





==================== Safe Mode (whitelisted) ===================





==================== Disabled items from MSCONFIG ==============





==================== Faulty Device Manager Devices =============





==================== Event log errors: =========================



Application errors:

==================

Error: (03/29/2014 02:25:22 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 01:31:04 PM) (Source: LoadPerf) (User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 01:27:15 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 09:56:57 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 09:18:54 AM) (Source: LoadPerf) (User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 09:14:59 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 08:53:44 AM) (Source: LoadPerf) (User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 08:48:06 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 07:49:43 AM) (Source: LoadPerf) (User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 07:48:26 AM) (Source: LoadPerf) (User: )

Description: 扨湩怀¶က16





System errors:

=============



Microsoft Office Sessions:

=========================

Error: (03/29/2014 02:25:22 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 01:31:04 PM) (Source: LoadPerf)(User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 01:27:15 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 09:56:57 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 09:18:54 AM) (Source: LoadPerf)(User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 09:14:59 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 08:53:44 AM) (Source: LoadPerf)(User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 08:48:06 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003



Error: (03/29/2014 07:49:43 AM) (Source: LoadPerf)(User: )

Description: 扨湩怀¶က16



Error: (03/29/2014 07:48:26 AM) (Source: LoadPerf)(User: )

Description: 扨湩怀¶က16





CodeIntegrity Errors:

===================================

  Date: 2014-03-29 14:25:24.024

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-29 14:25:23.930

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-29 14:25:23.837

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-29 14:25:23.759

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-29 14:25:23.649

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-29 14:25:23.571

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-29 14:25:23.462

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-29 14:25:23.369

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-27 20:32:45.168

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.



  Date: 2014-03-27 20:32:45.075

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.





==================== Memory info =========================== 



Percentage of memory in use: 39%

Total physical RAM: 1915.25 MB

Available physical RAM: 1162.29 MB

Total Pagefile: 4071.81 MB

Available Pagefile: 3363.34 MB

Total Virtual: 2047.88 MB

Available Virtual: 1894.95 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:228.95 GB) (Free:188.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (DATA) (Fixed) (Total:213.65 GB) (Free:182.96 GB) NTFS

Drive e: (RECOVERY) (Fixed) (Total:23.17 GB) (Free:23.07 GB) NTFS



==================== MBR & Partition Table ==================



========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: BBD4AC46)



Partition: GPT Partition Type.



==================== End Of Log ============================

zweimal

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by user (administrator) on ACER-PC on 29-03-2014 14:25:17
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Join Air\UIExec.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ACER) C:\Program Files\ACER\TOSCDSPD\TOSCDSPD.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Program Files\Join Air\AssistantServices.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [UIExec] - C:\Program Files\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKU\S-1-5-21-3372144804-2533914639-1054969159-1000\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3372144804-2533914639-1054969159-1000\...\Run: [TOSCDSPD] - C:\Program Files\ACER\TOSCDSPD\toscdspd.exe [430080 2008-04-24] (ACER)
HKU\S-1-5-21-3372144804-2533914639-1054969159-1000\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {08BD8B7C-6EDF-4F08-ABA9-7F9CC9DE4D42} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4c3a222c-6862-4f84-b021-6864cc3a0544&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {1B0644E5-C15F-4AEF-8C10-472C93242465} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4c3a222c-6862-4f84-b021-6864cc3a0544&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {3BC3ABF4-4751-4BE8-92E4-A42397EF76FB} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4c3a222c-6862-4f84-b021-6864cc3a0544&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {8455DAAD-5A91-4CD3-B8D7-EA4B09AA41F2} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4c3a222c-6862-4f84-b021-6864cc3a0544&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {8C151852-D48F-4A5A-98DE-31893ADCE34A} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4c3a222c-6862-4f84-b021-6864cc3a0544&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {E04011E0-4782-41BC-A17E-FD55BCA1D569} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4c3a222c-6862-4f84-b021-6864cc3a0544&pid=fotofreeware&mode=bounce&k=0
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\user.js
FF DefaultSearchEngine: Conduit Search
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\user\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\searchplugins\de2b94fc-51e4-4a40-b737-711ad7e33c69.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\searchplugins\{272BDC81-5292-4FAE-9491-FBA3FF104A82}.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\searchplugins\{300E9015-F74C-4ACC-B898-FD12C8BDDF8D}.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\searchplugins\{763C485D-1C65-4092-8959-0BD7FEAC0A8E}.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\searchplugins\{B468D502-C186-4DA0-A4ED-B672D23E7675}.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\searchplugins\{E0B9B3B0-212D-4AEE-BBF0-16360D253EB3}.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\searchplugins\{F612F2A0-0E1E-4266-8F32-5E822EDEAC20}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\Extensions\amazon-icon@giga.de [2014-03-15]
FF Extension: FireJump - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\Extensions\firejump@firejump.net [2014-03-15]
FF Extension: Bitdefender QuickScan - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-03-26]
FF Extension: OfferMosquito - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\cjxsd530.default\Extensions\om@offermosquito.com.xpi [2014-02-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome: 
=======
CHR HomePage: hxxp://www.trovigo.com/?gd=&ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE2FF63DE-B413-42D5-B448-ADCB8CE5CAA4&SSPV=
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-24]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-24]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-24]
CHR Extension: (Amazon-Icon) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2014-03-26]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-24]
CHR HKLM\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\user\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-03-15]

========================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [241664 2009-08-31] ()
S2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [X]
S2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [X]

==================== Drivers (Whitelisted) ====================

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-03-27] (Malwarebytes Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [290304 2007-12-26] (Realtek Semiconductor Corporation                           )
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\TOSHIB~1.TOS\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 14:25 - 2014-03-29 14:25 - 00013632 _____ () C:\Users\user\Desktop\FRST.txt
2014-03-29 14:25 - 2014-03-29 14:25 - 00000000 ____D () C:\FRST
2014-03-29 14:24 - 2014-03-13 18:57 - 01145856 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-03-28 08:19 - 2014-03-28 08:21 - 00000000 ____D () C:\e60b5eb8aa7bcb42c3d84e89169f93
2014-03-28 08:01 - 2014-03-28 08:01 - 18733360 _____ (Microsoft Corporation) C:\Users\user\Downloads\IE9-WindowsVista-x86-deu.exe
2014-03-28 07:27 - 2014-03-28 07:27 - 00000000 ____D () C:\Users\user\AppData\Local\WindowsUpdate
2014-03-28 07:26 - 2014-03-28 07:27 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\user\Downloads\avira_de_av___ws(1).exe
2014-03-28 07:26 - 2014-03-28 07:26 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\user\Downloads\avira_de_av___ws.exe
2014-03-28 07:15 - 2013-04-16 16:46 - 00000413 _____ () C:\Users\user\Desktop\Reset_Windows_Update_History.bat
2014-03-27 20:53 - 2014-03-27 20:53 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-27 15:14 - 2013-12-18 07:13 - 00231584 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-27 15:09 - 2014-03-27 15:10 - 00258750 _____ () C:\Windows\msxml4-KB973685-enu.LOG
2014-03-27 14:29 - 2014-03-27 14:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-27 13:44 - 2014-03-27 13:46 - 00000000 ____D () C:\a36f62b2c58cedcf59e4f8a0
2014-03-27 13:34 - 2014-03-27 13:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\Intel Corporation
2014-03-27 13:31 - 2009-12-17 10:25 - 00433176 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2014-03-27 13:20 - 2014-03-27 13:20 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-03-27 13:20 - 2009-04-11 12:36 - 365230920 _____ (Microsoft Corporation) C:\Users\user\Desktop\Windows6.0-KB948465-X86.exe
2014-03-27 08:14 - 2014-03-27 08:15 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-27 08:11 - 2014-03-27 08:11 - 00162010 _____ () C:\Users\user\Downloads\DIAG_MATS_NETWORK_global.DiagCab
2014-03-27 08:10 - 2014-03-27 08:10 - 00000776 _____ () C:\Windows\ie8_main.log
2014-03-27 07:19 - 2012-09-20 02:17 - 01005568 _____ (Microsoft Corporation) C:\Users\user\Desktop\dotNetFx45_Full_setup.exe
2014-03-27 07:09 - 2014-03-27 07:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-03-27 07:08 - 2014-02-25 16:01 - 257813336 _____ () C:\Users\user\Desktop\kis14.0.0.4651de-de.exe
2014-03-27 07:02 - 2014-03-27 07:02 - 00034750 _____ () C:\ComboFix.txt
2014-03-27 06:51 - 2014-03-27 08:15 - 00000000 ____D () C:\Windows\erdnt
2014-03-26 20:07 - 2014-03-27 06:41 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-26 20:06 - 2014-03-26 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 19:40 - 2014-03-26 19:40 - 00002140 _____ () C:\Users\user\Desktop\attach.txt
2014-03-26 19:10 - 2014-03-26 19:10 - 00000861 _____ () C:\AdwCleaner[S1].txt
2014-03-26 19:10 - 2014-03-26 19:10 - 00000800 _____ () C:\AdwCleaner[R1].txt
2014-03-26 10:18 - 2014-03-26 10:18 - 08326064 _____ (McAfee, Inc.) C:\Users\user\Downloads\SecurityScan_Release.exe
2014-03-26 09:58 - 2014-03-26 09:58 - 00000000 ____D () C:\Program Files\Panda Security
2014-03-26 09:58 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-03-26 09:57 - 2014-03-26 09:58 - 28413552 _____ (Panda Security ) C:\Users\user\Downloads\PandaCloudCleaner.exe
2014-03-26 09:51 - 2014-03-26 09:51 - 00185944 _____ (Лаборатория Касперского) C:\Users\user\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5623(1).exe
2014-03-26 09:45 - 2014-03-26 09:45 - 00185944 _____ (Лаборатория Касперского) C:\Users\user\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5623.exe
2014-03-26 09:43 - 2014-03-26 09:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-26 09:34 - 2014-03-26 09:35 - 00000000 ____D () C:\AdwCleaner
2014-03-26 09:31 - 2014-03-26 09:32 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.2.25.exe
2014-03-26 09:28 - 2014-03-26 09:28 - 01950720 _____ () C:\Users\user\Downloads\adwcleaner_3.022.exe
2014-03-26 09:26 - 2014-03-26 09:31 - 138607664 _____ () C:\Users\user\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-03-26 07:48 - 2014-03-26 10:18 - 00000424 _____ () C:\AVScanner.ini
2014-03-25 13:51 - 2014-03-28 07:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-19 11:59 - 2014-03-19 11:59 - 00000000 ____D () C:\Users\user\AppData\Local\Scansoft
2014-03-17 12:51 - 2014-03-17 12:51 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2014-03-17 12:43 - 2014-03-17 12:43 - 00000000 ____D () C:\ProgramData\InstallShield
2014-03-15 23:10 - 2014-03-15 23:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Helper
2014-03-15 23:10 - 2014-03-15 23:10 - 00000000 ____D () C:\Users\user\AppData\Local\Temp4692faee989ebd3dc9e66fd91d2d8c4a
2014-03-15 23:04 - 2014-03-15 23:04 - 00000000 ____D () C:\Users\user\ChromeExtensions
2014-03-15 23:04 - 2014-03-15 23:04 - 00000000 ____D () C:\Users\user\AppData\Local\Temp980e3c1db7890a9aa6b2d0911b25867e
2014-03-15 23:04 - 2014-03-15 23:04 - 00000000 ____D () C:\Users\user\AppData\Local\{2BE34C9D-9174-4AD3-A478-E970F0DAF4E1}
2014-03-15 23:03 - 2014-03-15 23:03 - 01058296 _____ () C:\Users\user\Downloads\Windows-Live-Fotogalerie-lnstall.exe
2014-03-15 22:41 - 2014-03-15 22:41 - 01292648 _____ (Microsoft Corporation) C:\Users\user\Downloads\wlsetup-web.exe
2014-03-15 22:41 - 2014-03-15 22:41 - 00000000 ____D () C:\Users\user\AppData\Local\{2481AE9D-1E93-46DF-80EC-4A54C4325E39}
2014-03-15 22:10 - 2014-03-29 07:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 22:08 - 2014-03-26 08:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\DesktopIconForAmazon
2014-03-15 22:08 - 2014-03-15 22:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera
2014-03-15 22:08 - 2014-03-15 22:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\OCS
2014-03-15 22:08 - 2011-05-13 14:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-03-15 22:08 - 2011-03-25 22:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-03-15 22:03 - 2014-03-15 22:08 - 142608624 _____ (Microsoft Corporation) C:\Users\user\Downloads\wlsetup-all_de_16.4.3505.0912.exe
2014-03-15 21:59 - 2014-03-29 14:24 - 00000000 ____D () C:\Users\user\AppData\Roaming\Fifth
2014-03-15 21:59 - 2014-03-27 06:47 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security System 2
2014-03-15 21:59 - 2014-03-27 06:37 - 00000000 ____D () C:\Users\user\AppData\Local\ext_offermosquito
2014-03-15 21:59 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\SSync
2014-03-15 21:59 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\Intermediate
2014-03-15 21:59 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\DataMgr
2014-03-15 21:56 - 2014-03-15 21:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Common
2014-03-15 21:56 - 2014-03-15 21:56 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-03-15 21:52 - 2014-03-15 21:52 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-15 21:51 - 2014-03-15 21:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-15 21:51 - 2014-03-15 21:51 - 00000000 ____D () C:\Program Files\Adobe
2014-03-15 21:50 - 2014-03-19 12:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-15 21:44 - 2014-03-26 08:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\PerformerSoft
2014-03-15 21:44 - 2014-03-15 21:44 - 05241504 _____ () C:\Users\user\Downloads\util_su_password_25675A.exe
2014-03-15 21:44 - 2014-03-15 21:44 - 00000864 _____ () C:\Users\user\Desktop\FreePDFReader.lnk
2014-03-15 21:44 - 2014-03-15 21:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\FreePDFReader
2014-03-15 21:44 - 2014-03-15 21:44 - 00000000 ____D () C:\Program Files\FreePDFReader
2014-03-15 21:30 - 2014-03-15 21:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\ControlCenter4
2014-03-15 21:29 - 2014-03-15 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\FLEXnet
2014-03-15 21:27 - 2014-03-15 21:27 - 00001921 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-03-15 21:22 - 2014-03-15 21:22 - 00000000 ____D () C:\Brother
2014-03-15 21:21 - 2014-03-17 21:49 - 00000000 ____D () C:\Program Files\Brother
2014-03-15 21:21 - 2014-03-15 21:22 - 00000000 ____D () C:\Program Files\Browny02
2014-03-15 21:21 - 2014-03-15 21:21 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-03-15 21:21 - 2014-03-15 21:21 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-03-15 21:21 - 2010-08-02 20:57 - 00217088 _____ (brother) C:\Windows\system32\NSSearch.dll
2014-03-15 21:21 - 2010-06-10 07:09 - 01475072 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrWi209d.dll
2014-03-15 21:21 - 2010-06-07 12:18 - 00055808 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrUsi09d.dll
2014-03-15 21:21 - 2010-05-10 09:45 - 00103736 _____ (Brother Industries Ltd) C:\Windows\system32\BRRBTOOL.EXE
2014-03-15 21:21 - 2010-04-02 06:33 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\system32\BRLM03A.DLL
2014-03-15 21:21 - 2010-04-01 11:28 - 00217088 _____ (Brother Industries, Ltd.) C:\Windows\system32\BrJDec.dll
2014-03-15 21:21 - 2010-03-15 19:45 - 00073728 _____ (Brother Industries Ltd.) C:\Windows\system32\BrDctF2.dll
2014-03-15 21:21 - 2010-02-05 11:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\system32\BroSNMP.dll
2014-03-15 21:21 - 2009-01-15 19:20 - 00003072 _____ (Brother Industries Ltd.) C:\Windows\system32\BrDctF2S.dll
2014-03-15 21:21 - 2007-12-13 22:16 - 00005632 _____ (Brother Industries Ltd.) C:\Windows\system32\BrDctF2L.dll
2014-03-15 21:21 - 2005-01-17 08:10 - 00045056 _____ () C:\Windows\system32\BRTCPCON.DLL
2014-03-15 21:21 - 2004-08-09 08:00 - 00000114 _____ () C:\Windows\system32\BRLMW03A.INI
2014-03-15 21:21 - 2004-08-09 07:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRLMW03A.DLL
2014-03-15 21:21 - 1999-10-26 17:00 - 00000050 _____ () C:\Windows\system32\BRADM10A.DAT
2014-03-15 21:19 - 2014-03-15 21:19 - 00000000 ____D () C:\ProgramData\zeon
2014-03-15 21:18 - 2014-03-15 21:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Nuance
2014-03-15 21:17 - 2014-03-17 12:41 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-03-15 21:16 - 2014-03-17 12:45 - 00000000 ____D () C:\Program Files\Nuance
2014-03-15 21:16 - 2014-03-17 12:41 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-03-15 21:16 - 2014-03-15 21:19 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-15 21:16 - 2014-03-15 21:16 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-15 21:15 - 2014-03-15 21:26 - 00000000 ____D () C:\ProgramData\Brother
2014-03-15 21:15 - 2014-03-15 21:15 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-15 18:35 - 2014-03-15 18:35 - 00003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-13 14:19 - 2014-03-13 14:19 - 00008565 _____ () C:\Users\user\Desktop\versuch.odt
2014-03-13 14:10 - 2014-03-13 14:10 - 00000360 _____ () C:\Users\user\Desktop\IBK - Verknüpfung.lnk
2014-03-13 14:10 - 2014-03-13 14:10 - 00000360 _____ () C:\Users\user\Desktop\DSK - Verknüpfung.lnk
2014-03-11 21:18 - 2009-08-19 15:52 - 00000625 _____ () C:\NetworkCfg.xml
2014-03-11 21:16 - 2014-03-11 21:17 - 00013810 _____ () C:\Windows\ZTEInstallInfo.log
2014-03-11 21:16 - 2009-04-22 16:35 - 00009728 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\massfilter.sys
2014-03-11 21:16 - 2009-03-10 15:38 - 00110080 _____ (ZTE Corporation) C:\Windows\system32\Drivers\ZTEusbnet.sys
2014-03-11 21:16 - 2009-02-02 18:14 - 00105344 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys
2014-03-11 21:16 - 2009-02-02 18:14 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys
2014-03-11 21:16 - 2009-02-02 18:14 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys
2014-03-11 21:15 - 2014-03-11 21:18 - 00000000 ____D () C:\Program Files\Join Air
2014-03-11 21:15 - 2014-03-11 21:15 - 00001483 _____ () C:\Users\Public\Desktop\Join Air.lnk
2014-03-11 21:15 - 2014-03-11 21:15 - 00000000 ____D () C:\Windows\system32\SupportAppCB
2014-03-06 10:02 - 2014-03-06 15:00 - 00018764 _____ () C:\Users\user\Desktop\für Max Josef - Versuch.odt
2014-03-04 14:10 - 2014-03-15 21:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-03-04 14:10 - 2014-03-04 14:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Macromedia
2014-03-04 14:10 - 2014-03-04 14:10 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2014-03-04 14:09 - 2014-03-29 13:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 14:09 - 2014-03-15 21:53 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-03-04 14:09 - 2014-03-13 12:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-04 14:09 - 2014-03-13 12:54 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-04 14:09 - 2014-03-04 14:09 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-04 14:09 - 2014-03-04 14:09 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-04 14:02 - 2014-03-04 14:02 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-03-04 14:02 - 2014-03-04 14:02 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2014-03-04 14:01 - 2014-03-04 14:01 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 14:01 - 2014-03-04 14:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-04 14:01 - 2014-03-04 14:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 14:01 - 2014-03-04 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-03-29 14:25 - 2014-03-29 14:25 - 00013632 _____ () C:\Users\user\Desktop\FRST.txt
2014-03-29 14:25 - 2014-03-29 14:25 - 00000000 ____D () C:\FRST
2014-03-29 14:24 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\Fifth
2014-03-29 14:24 - 2014-02-24 21:33 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 14:24 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 14:24 - 2006-11-02 13:47 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 14:24 - 2006-11-02 13:47 - 00004192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 13:55 - 2008-01-21 02:35 - 01232828 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 13:55 - 2006-11-02 14:01 - 00023928 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-29 13:54 - 2014-03-04 14:09 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 13:51 - 2014-02-24 21:33 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 09:56 - 2014-02-13 09:43 - 00058672 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-29 09:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-29 09:14 - 2006-11-02 13:47 - 00264488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-29 09:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-03-29 09:11 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-03-29 09:11 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Movie Maker
2014-03-29 07:36 - 2014-02-24 21:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-29 07:16 - 2014-03-15 22:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-28 08:21 - 2014-03-28 08:19 - 00000000 ____D () C:\e60b5eb8aa7bcb42c3d84e89169f93
2014-03-28 08:01 - 2014-03-28 08:01 - 18733360 _____ (Microsoft Corporation) C:\Users\user\Downloads\IE9-WindowsVista-x86-deu.exe
2014-03-28 07:31 - 2014-03-25 13:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-28 07:27 - 2014-03-28 07:27 - 00000000 ____D () C:\Users\user\AppData\Local\WindowsUpdate
2014-03-28 07:27 - 2014-03-28 07:26 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\user\Downloads\avira_de_av___ws(1).exe
2014-03-28 07:26 - 2014-03-28 07:26 - 04413904 _____ (Avira Operations GmbH & Co. KG) C:\Users\user\Downloads\avira_de_av___ws.exe
2014-03-28 07:15 - 2006-11-02 13:52 - 00102487 _____ () C:\Windows\setupact.log
2014-03-28 03:35 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-28 03:14 - 2008-01-21 03:47 - 00022120 _____ () C:\Windows\PFRO.log
2014-03-28 03:03 - 2014-02-24 21:15 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-03-27 21:12 - 2008-01-21 08:15 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2014-03-27 21:12 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-27 21:12 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2014-03-27 21:12 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-27 21:12 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-27 21:12 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Collaboration
2014-03-27 21:12 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Calendar
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\th-TH
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\SLUI
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\it-IT
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\he-IL
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\et-EE
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\el-GR
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\IME
2014-03-27 21:12 - 2006-11-02 12:18 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-27 20:53 - 2014-03-27 20:53 - 00000000 ____D () C:\Windows\system32\SPReview
2014-03-27 15:10 - 2014-03-27 15:09 - 00258750 _____ () C:\Windows\msxml4-KB973685-enu.LOG
2014-03-27 15:03 - 2014-02-13 09:43 - 00000000 ____D () C:\Users\user
2014-03-27 14:31 - 2014-03-27 14:29 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-27 13:46 - 2014-03-27 13:44 - 00000000 ____D () C:\a36f62b2c58cedcf59e4f8a0
2014-03-27 13:34 - 2014-03-27 13:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\Intel Corporation
2014-03-27 13:33 - 2014-02-13 10:02 - 00000000 ____D () C:\Program Files\Intel
2014-03-27 13:33 - 2014-02-13 09:58 - 00000000 ____D () C:\Windows\system32\Lang
2014-03-27 13:20 - 2014-03-27 13:20 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-03-27 08:15 - 2014-03-27 08:14 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-27 08:15 - 2014-03-27 06:51 - 00000000 ____D () C:\Windows\erdnt
2014-03-27 08:11 - 2014-03-27 08:11 - 00162010 _____ () C:\Users\user\Downloads\DIAG_MATS_NETWORK_global.DiagCab
2014-03-27 08:10 - 2014-03-27 08:10 - 00000776 _____ () C:\Windows\ie8_main.log
2014-03-27 07:10 - 2014-03-27 07:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2014-03-27 07:02 - 2014-03-27 07:02 - 00034750 _____ () C:\ComboFix.txt
2014-03-27 07:02 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-03-27 07:02 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-03-27 06:58 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-27 06:47 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\Security System 2
2014-03-27 06:41 - 2014-03-26 20:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 06:37 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Local\ext_offermosquito
2014-03-27 06:37 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\Performance
2014-03-26 20:06 - 2014-03-26 20:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-26 19:40 - 2014-03-26 19:40 - 00002140 _____ () C:\Users\user\Desktop\attach.txt
2014-03-26 19:10 - 2014-03-26 19:10 - 00000861 _____ () C:\AdwCleaner[S1].txt
2014-03-26 19:10 - 2014-03-26 19:10 - 00000800 _____ () C:\AdwCleaner[R1].txt
2014-03-26 10:18 - 2014-03-26 10:18 - 08326064 _____ (McAfee, Inc.) C:\Users\user\Downloads\SecurityScan_Release.exe
2014-03-26 10:18 - 2014-03-26 07:48 - 00000424 _____ () C:\AVScanner.ini
2014-03-26 09:58 - 2014-03-26 09:58 - 00000000 ____D () C:\Program Files\Panda Security
2014-03-26 09:58 - 2014-03-26 09:57 - 28413552 _____ (Panda Security ) C:\Users\user\Downloads\PandaCloudCleaner.exe
2014-03-26 09:51 - 2014-03-26 09:51 - 00185944 _____ (Лаборатория Касперского) C:\Users\user\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5623(1).exe
2014-03-26 09:48 - 2014-03-26 09:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\QuickScan
2014-03-26 09:45 - 2014-03-26 09:45 - 00185944 _____ (Лаборатория Касперского) C:\Users\user\Downloads\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5623.exe
2014-03-26 09:41 - 2014-02-13 09:43 - 00000680 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2014-03-26 09:35 - 2014-03-26 09:34 - 00000000 ____D () C:\AdwCleaner
2014-03-26 09:32 - 2014-03-26 09:31 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\user\Downloads\spybot-2.2.25.exe
2014-03-26 09:31 - 2014-03-26 09:26 - 138607664 _____ () C:\Users\user\Downloads\avira_free_antivirus_de_14.0.3.350.exe
2014-03-26 09:28 - 2014-03-26 09:28 - 01950720 _____ () C:\Users\user\Downloads\adwcleaner_3.022.exe
2014-03-26 08:03 - 2014-03-15 21:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\PerformerSoft
2014-03-26 08:01 - 2014-03-15 22:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\DesktopIconForAmazon
2014-03-21 13:47 - 2014-02-24 21:16 - 00002721 _____ () C:\Users\user\Desktop\Microsoft Outlook 2010.lnk
2014-03-20 10:43 - 2014-02-24 21:34 - 00001963 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 12:00 - 2014-03-15 21:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-19 11:59 - 2014-03-19 11:59 - 00000000 ____D () C:\Users\user\AppData\Local\Scansoft
2014-03-17 21:49 - 2014-03-15 21:21 - 00000000 ____D () C:\Program Files\Brother
2014-03-17 21:49 - 2014-02-13 09:59 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-17 12:51 - 2014-03-17 12:51 - 00000050 _____ () C:\Windows\system32\bridf08b.dat
2014-03-17 12:45 - 2014-03-15 21:16 - 00000000 ____D () C:\Program Files\Nuance
2014-03-17 12:43 - 2014-03-17 12:43 - 00000000 ____D () C:\ProgramData\InstallShield
2014-03-17 12:41 - 2014-03-15 21:17 - 00000000 ____D () C:\ProgramData\ScanSoft
2014-03-17 12:41 - 2014-03-15 21:16 - 00000000 ____D () C:\Program Files\Common Files\ScanSoft Shared
2014-03-17 12:41 - 2014-02-13 10:01 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-03-15 23:10 - 2014-03-15 23:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Helper
2014-03-15 23:10 - 2014-03-15 23:10 - 00000000 ____D () C:\Users\user\AppData\Local\Temp4692faee989ebd3dc9e66fd91d2d8c4a
2014-03-15 23:04 - 2014-03-15 23:04 - 00000000 ____D () C:\Users\user\ChromeExtensions
2014-03-15 23:04 - 2014-03-15 23:04 - 00000000 ____D () C:\Users\user\AppData\Local\Temp980e3c1db7890a9aa6b2d0911b25867e
2014-03-15 23:04 - 2014-03-15 23:04 - 00000000 ____D () C:\Users\user\AppData\Local\{2BE34C9D-9174-4AD3-A478-E970F0DAF4E1}
2014-03-15 23:03 - 2014-03-15 23:03 - 01058296 _____ () C:\Users\user\Downloads\Windows-Live-Fotogalerie-lnstall.exe
2014-03-15 22:41 - 2014-03-15 22:41 - 01292648 _____ (Microsoft Corporation) C:\Users\user\Downloads\wlsetup-web.exe
2014-03-15 22:41 - 2014-03-15 22:41 - 00000000 ____D () C:\Users\user\AppData\Local\{2481AE9D-1E93-46DF-80EC-4A54C4325E39}
2014-03-15 22:08 - 2014-03-15 22:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\Opera
2014-03-15 22:08 - 2014-03-15 22:08 - 00000000 ____D () C:\Users\user\AppData\Roaming\OCS
2014-03-15 22:08 - 2014-03-15 22:03 - 142608624 _____ (Microsoft Corporation) C:\Users\user\Downloads\wlsetup-all_de_16.4.3505.0912.exe
2014-03-15 21:59 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\SSync
2014-03-15 21:59 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\Intermediate
2014-03-15 21:59 - 2014-03-15 21:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\DataMgr
2014-03-15 21:58 - 2014-02-24 21:33 - 00000000 ____D () C:\Users\user\AppData\Local\Google
2014-03-15 21:58 - 2014-02-24 21:33 - 00000000 ____D () C:\Program Files\Google
2014-03-15 21:56 - 2014-03-15 21:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Common
2014-03-15 21:56 - 2014-03-15 21:56 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-03-15 21:53 - 2014-03-04 14:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe
2014-03-15 21:53 - 2014-03-04 14:09 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-03-15 21:52 - 2014-03-15 21:52 - 00001892 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-15 21:51 - 2014-03-15 21:51 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-15 21:51 - 2014-03-15 21:51 - 00000000 ____D () C:\Program Files\Adobe
2014-03-15 21:44 - 2014-03-15 21:44 - 05241504 _____ () C:\Users\user\Downloads\util_su_password_25675A.exe
2014-03-15 21:44 - 2014-03-15 21:44 - 00000864 _____ () C:\Users\user\Desktop\FreePDFReader.lnk
2014-03-15 21:44 - 2014-03-15 21:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\FreePDFReader
2014-03-15 21:44 - 2014-03-15 21:44 - 00000000 ____D () C:\Program Files\FreePDFReader
2014-03-15 21:30 - 2014-03-15 21:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\ControlCenter4
2014-03-15 21:29 - 2014-03-15 21:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\FLEXnet
2014-03-15 21:27 - 2014-03-15 21:27 - 00001921 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-03-15 21:26 - 2014-03-15 21:15 - 00000000 ____D () C:\ProgramData\Brother
2014-03-15 21:26 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2014-03-15 21:22 - 2014-03-15 21:22 - 00000000 ____D () C:\Brother
2014-03-15 21:22 - 2014-03-15 21:21 - 00000000 ____D () C:\Program Files\Browny02
2014-03-15 21:21 - 2014-03-15 21:21 - 00000000 ____D () C:\ProgramData\ControlCenter4
2014-03-15 21:21 - 2014-03-15 21:21 - 00000000 ____D () C:\Program Files\ControlCenter4
2014-03-15 21:19 - 2014-03-15 21:19 - 00000000 ____D () C:\ProgramData\zeon
2014-03-15 21:19 - 2014-03-15 21:16 - 00000000 ____D () C:\ProgramData\Nuance
2014-03-15 21:18 - 2014-03-15 21:18 - 00000000 ____D () C:\Users\user\AppData\Roaming\Nuance
2014-03-15 21:16 - 2014-03-15 21:16 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-03-15 21:15 - 2014-03-15 21:15 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-03-15 18:35 - 2014-03-15 18:35 - 00003584 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-13 18:57 - 2014-03-29 14:24 - 01145856 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-03-13 14:19 - 2014-03-13 14:19 - 00008565 _____ () C:\Users\user\Desktop\versuch.odt
2014-03-13 14:10 - 2014-03-13 14:10 - 00000360 _____ () C:\Users\user\Desktop\IBK - Verknüpfung.lnk
2014-03-13 14:10 - 2014-03-13 14:10 - 00000360 _____ () C:\Users\user\Desktop\DSK - Verknüpfung.lnk
2014-03-13 12:54 - 2014-03-04 14:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-13 12:54 - 2014-03-04 14:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 21:18 - 2014-03-11 21:15 - 00000000 ____D () C:\Program Files\Join Air
2014-03-11 21:17 - 2014-03-11 21:16 - 00013810 _____ () C:\Windows\ZTEInstallInfo.log
2014-03-11 21:15 - 2014-03-11 21:15 - 00001483 _____ () C:\Users\Public\Desktop\Join Air.lnk
2014-03-11 21:15 - 2014-03-11 21:15 - 00000000 ____D () C:\Windows\system32\SupportAppCB
2014-03-06 15:00 - 2014-03-06 10:02 - 00018764 _____ () C:\Users\user\Desktop\für Max Josef - Versuch.odt
2014-03-04 14:10 - 2014-03-04 14:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Macromedia
2014-03-04 14:10 - 2014-03-04 14:10 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia
2014-03-04 14:09 - 2014-03-04 14:09 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-04 14:09 - 2014-03-04 14:09 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-04 14:02 - 2014-03-04 14:02 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-03-04 14:02 - 2014-03-04 14:02 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla
2014-03-04 14:01 - 2014-03-04 14:01 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-04 14:01 - 2014-03-04 14:01 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-04 14:01 - 2014-03-04 14:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 14:01 - 2014-03-04 14:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-02 14:03 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-29 13:31

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 29.03.2014, 14:41

Probier mal eine Reperatur von Windows hiermit => http://www.trojaner-board.de/126216-...tml#post946713

spikehansley · 30.03.2014, 10:44

ok, bin dabei !

habe gestern alles nach Anleitung gemacht und abends dann noch "windows update" gestartet. es ist der gleiche Fehler.

er installiert immer alle updates. dann Neustart. dann "updates werden konfiguriert" hier geht er von Phase 1-3 auch komplett durch bis 100% und das steht dann eine weile. danach werden immer alle Änderungen wieder rückgängig gemacht.

was kann das denn jetzt noch sein ?

windows bringt den Fehler "800F0826"

Der Rechner wurde vor kurzem wegen einer defekten Platte von einem Image wieder hergestellt. kann das damit zusammenhängen ?

übrigens ist die Meldung vom Servicepack 2 diese hier : "Der Schlüssel der Konfigurationsregistrierung ist unzulässig"

cosinus · 30.03.2014, 23:16

Probier mal eine manuelle Installation des SP2:

SP2/IE9 für Windows Vista (32-Bit)

Das SP2 von hier downloaden => Detail Seite Windows Vista SP2 (348.3MB)
Alle Programme beenden, Internetverbindung trennen, Virenscanner abstellen!
SP2 installieren, Anweisungen folgen - Installation kann eine gute Stunde dauern!!
IE9-Setup laden und ausführen => Windows Internet Explorer 9 für Windows Vista und Windows Server 2008

(Der IE9 erfordert ein installiertes SP2)

Achte beim Setup des IE wieder darauf, dass vorher möglichst alle Programme beendet und der Virenscanner deaktiviert wurde. Im Setup selbst bitte nicht an dem Verbesserungsprogramm teilnehmen (oder wie MS das nennt) und auch KEINE Updates über das Setup installieren. Die installieren wir später, ich sag dir dann wie. Melde dich wenn SP2/IE9 drauf sind.

spikehansley · 31.03.2014, 06:13

Morgen, die von mir versuchte Installation war bereits die manuelle. ich hatte es mir schon runtergeladen.

Nachdem Windows Update fehlgeschlagen ist, hatte ich das versucht. allerdings mit bestehender Internet Verbindung.

soll ich es noch einmal versuchen ?

cosinus · 31.03.2014, 09:07

Dann kannst du hier nicht mehr viel machen. Bevor du noch weiter dran rumfummelst und weitere Zeit verplemperst kannst du auch lieber gleich eine saubere Neuinstallation machen. Dann vllt auch gleich mit Windows 7 oder sowas wie Lubuntu oder Xubuntu wenn man nicht auf Windows-Only-Software angewiesen ist.

spikehansley · 31.03.2014, 10:20

ok, ich danke dir trotzdem !!!

29.03.2014, 12:43	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	nach eigenständiger Entfernung Probleme mit VISTA SP1 Was ist jetzt mit den Logs von Malwarebytes? Die sind im Programm selbst zu finden. Unter MBBAM 1.75: Bei MBAM 2.0 findet man die Logs unter Verlauf oben rechts __________________ --> nach eigenständiger Entfernung Probleme mit VISTA SP1

29.03.2014, 14:41	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	nach eigenständiger Entfernung Probleme mit VISTA SP1 Probier mal eine Reperatur von Windows hiermit => http://www.trojaner-board.de/126216-...tml#post946713 __________________ Logfiles bitte immer in CODE-Tags posten

nach eigenständiger Entfernung Probleme mit VISTA SP1

Plagegeister aller Art und deren Bekämpfung: nach eigenständiger Entfernung Probleme mit VISTA SP1