db29.exe. kommt immer wieder trotz virenscan und quarantäne

kleine20 · 15.02.2015, 20:07

Code:

ATTFilter

ComboFix 15-02-13.02 - Kerstin 15.02.2015  16:58:38.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2037.574 [GMT 1:00]
ausgeführt von:: c:\users\Kerstin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\install.exe
C:\LIL7654.tmp
C:\LIL7663.tmp
C:\LIL7664.tmp
C:\LIL7692.tmp
c:\programdata\374311380
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mfhkgfigejkhikbkfkkglinnkfojkdek_0
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mfhkgfigejkhikbkfkkglinnkfojkdek_0\3
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\background.html
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\chromeCoreFilesIndex.txt
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\crossriderManifest.json
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\manifest.xml
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins.json
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\1.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\102.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\104.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\13.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\14.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\155.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\17.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\177.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\182.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\183.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\184.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\19.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\191.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\193.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\195.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\207.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\21.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\211.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\22.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\220.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\221.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\242.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\246.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\257.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\262.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\263.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\267.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\28.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\4.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\47.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\64.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\7.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\72.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\78.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\80.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\9.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\91.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\93.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\plugins\97.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\userCode\background.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\extensionData\userCode\extension.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\icons\actions\1.png
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\icons\icon128.png
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\icons\icon16.png
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\icons\icon48.png
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\api\chrome.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\api\cookie.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\api\message.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\api\monitor.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\api\pageAction.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\api\pageActionBG.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\background.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\app_api.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\bg_app_api.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\consts.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\cookie_store.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\crossriderAPI.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\delegate.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\events.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\extensionDataStore.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\installer.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\logFile.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\logging.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\onBGDocumentLoad.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\popupResource\newPopup.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\popupResource\popup.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\reports.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\storageWrapper.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\updateManager.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\util.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\lib\xhr.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\main.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\js\platformVersion.js
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\manifest.json
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.13_0\popup.html
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\000202.ldb
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\000204.ldb
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\000207.ldb
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\000210.ldb
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\000211.log
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\CURRENT
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\LOCK
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\LOG
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\LOG.old
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfhkgfigejkhikbkfkkglinnkfojkdek\MANIFEST-000209
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhkgfigejkhikbkfkkglinnkfojkdek_0.localstorage-journal
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhkgfigejkhikbkfkkglinnkfojkdek_0.localstorage
c:\users\Kerstin\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Kerstin\AppData\Local\nso4FB.tmp
c:\users\Kerstin\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
c:\windows\Tasks\FF Watcher {702CC857-65AF-49A7-833D-5615C60C637D}.job
c:\windows\Tasks\FF Watcher {900BD071-9C0E-4A65-A289-3F4BDE1F81B6}.job
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-15 bis 2015-02-15  ))))))))))))))))))))))))))))))
.
.
2015-02-15 16:17 . 2015-02-15 16:17	0	----a-w-	c:\windows\SysWow64\shoA06B.tmp
2015-02-15 16:16 . 2015-02-15 16:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-15 14:52 . 2015-02-15 14:52	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-02-14 23:37 . 2015-02-14 23:37	0	----a-w-	c:\windows\SysWow64\sho50B4.tmp
2015-02-14 23:25 . 2014-10-13 05:57	206080	----a-w-	c:\windows\system32\drivers\ssudmdm.sys
2015-02-14 23:25 . 2014-10-13 05:57	110336	----a-w-	c:\windows\system32\drivers\ssudbus.sys
2015-02-14 23:25 . 2015-02-14 23:25	--------	d-----w-	c:\program files\SAMSUNG
2015-02-14 21:08 . 2015-02-14 21:14	--------	d-----w-	C:\FRST
2015-02-14 00:41 . 2015-02-14 23:25	--------	d-----w-	c:\programdata\Samsung
2015-02-13 23:49 . 2015-02-13 23:50	--------	d-----w-	c:\users\Kerstin\AppData\Roaming\Samsung
2015-02-13 23:49 . 2014-05-07 16:42	144664	----a-w-	c:\windows\SysWow64\secman.dll
2015-02-13 23:49 . 2015-02-13 23:49	--------	d-----w-	c:\program files (x86)\Samsung
2015-02-13 23:00 . 2015-02-13 23:00	--------	d-----w-	c:\users\Kerstin\AppData\Roaming\MyPhoneExplorer
2015-02-13 22:58 . 2015-02-13 22:59	--------	d-----w-	c:\program files (x86)\MyPhoneExplorer
2015-02-12 15:57 . 2015-02-12 15:57	--------	d-----w-	c:\program files (x86)\iTunes
2015-02-12 15:57 . 2015-02-12 15:57	--------	d-----w-	c:\program files\iPod
2015-02-12 15:57 . 2015-02-12 15:59	--------	d-----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-12 15:57 . 2015-02-12 15:59	--------	d-----w-	c:\program files\iTunes
2015-02-11 13:47 . 2015-02-11 13:47	0	----a-w-	c:\windows\SysWow64\sho8A0A.tmp
2015-02-10 18:38 . 2015-02-10 18:50	--------	d-----w-	c:\users\Kerstin\.VirtualBox
2015-02-10 18:38 . 2015-02-10 18:54	--------	d-----w-	c:\users\Kerstin\AppData\Local\Genymobile
2015-02-10 18:36 . 2013-04-12 10:41	237840	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2015-02-10 18:33 . 2013-04-12 10:40	120080	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
2015-02-10 18:31 . 2015-02-10 18:31	--------	d-----w-	c:\program files\Genymobile
2015-02-10 18:29 . 2015-02-10 18:29	--------	d-----w-	c:\users\Kerstin\AppData\Local\Temp515a80549b13c62719b8b0be014862d3
2015-01-31 21:17 . 2015-01-31 21:17	0	----a-w-	c:\windows\SysWow64\sho83D.tmp
2015-01-24 23:12 . 2015-01-24 23:12	0	----a-w-	c:\windows\SysWow64\sho29F1.tmp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-07 18:29 . 2014-05-04 20:42	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-07 18:29 . 2014-05-04 20:42	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-01 01:23 . 2015-01-01 01:23	0	----a-w-	c:\windows\SysWow64\shoF0A.tmp
2014-12-30 01:17 . 2014-12-30 01:17	0	----a-w-	c:\windows\SysWow64\shoA701.tmp
2014-12-28 01:20 . 2014-12-28 01:20	0	----a-w-	c:\windows\SysWow64\shoDA71.tmp
2014-12-13 21:21 . 2014-12-13 21:21	0	----a-w-	c:\windows\SysWow64\shoE8F2.tmp
2014-12-13 05:09 . 2014-12-18 08:43	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 08:43	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-10 22:53 . 2014-12-10 22:53	0	----a-w-	c:\windows\SysWow64\sho7C29.tmp
2014-12-10 22:38 . 2014-05-06 18:00	112710672	----a-w-	c:\windows\system32\MRT.exe
2014-12-04 02:50 . 2014-12-10 15:59	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 15:59	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 15:59	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 15:59	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 15:59	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 15:59	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 15:59	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 15:59	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-11-29 16:02 . 2014-11-29 16:02	0	----a-w-	c:\windows\SysWow64\shoD22.tmp
2014-11-27 01:43 . 2014-12-10 16:00	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 15:59	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 16:00	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 16:00	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 16:00	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 15:59	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 16:00	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 16:00	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 15:59	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 16:00	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 16:00	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 16:00	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 16:00	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 15:59	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 15:59	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 16:00	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 16:00	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 16:00	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 16:00	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 15:59	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 15:59	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 16:00	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 16:00	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 16:00	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 16:00	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 16:00	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 16:00	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 16:00	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 16:00	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 15:59	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 16:00	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 15:59	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 16:00	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 16:00	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 15:59	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 16:00	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 16:00	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 16:00	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 16:00	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 16:00	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2014-05-12 15:49	90416	----a-w-	c:\program files (x86)\Coupon Downloader\Coupon Downloader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Kerstin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-02-15 1676344]
"Spotify"="c:\users\Kerstin\AppData\Roaming\Spotify\spotify.exe" [2015-02-15 6737976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-11 702768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-01-19 126712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1029unic.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 rqpbhevlkc64;rqpbhevlkc64;c:\program files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E;c:\program files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S3 igddim64;igddim64;c:\windows\system32\DRIVERS\igddim64.sys;c:\windows\SYSNATIVE\DRIVERS\igddim64.sys [x]
S3 imgkmd64;imgkmd64;c:\windows\system32\DRIVERS\imgkmd64.sys;c:\windows\SYSNATIVE\DRIVERS\imgkmd64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-06 23:12	1086280	----a-w-	c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-16 18:46]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-16 18:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"ESET-Phase2"="c:\programdata\ESET\ESET-phase2.exe" [2010-11-10 1100656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-30 159744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-30 384512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-30 403456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc8qrgBOhqWBn7kuAVVgEJVs0L86QrR_l8h9uutX0rgf97u6zEC5OFGSB1d7wjH6OaZdwls4zeoclA06b6XaurradvW_LAZ0Ol06w1pYLst07Gbu_WQb5M1f_IsS2Miy
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_howCorPPPyzMfc8qrgBOhqWBn7kuAVVgEJVs0L86QrR_l8h9uutX0rgf97u6zEC5OFGSB1d7wjH6Oarpbx1exyiHUnMhhXy_o6EJJs4zfSUIz50GIpXGRBEJ1UbqhJFPvkmIaXdKWcFi&q={searchTerms}
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\vokiukc3.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.1und1.de/tb/mff_startpage|hxxp://www.giga.de/androidnews/
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Browser Infrastructure Helper - c:\users\Kerstin\AppData\Local\Smartbar\Application\SnapDo.exe
Wow6432Node-HKLM-Run-fst_de_7 - (no file)
Wow6432Node-HKLM-Run-Registry Helper - c:\program files (x86)\Registry Helper\RegistryHelper.Exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\temp\db29.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-02-15  17:27:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-02-15 16:27
.
Vor Suchlauf: 23 Verzeichnis(se), 174.718.869.504 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 179.362.250.752 Bytes frei
.
- - End Of File - - 92AA4B1DEFF0AAD5B5016FEB47AF39FB

coupondownloader war nicht im revo uninstaller vorhanden nur snap.do

db29.exe. kommt immer wieder trotz virenscan und quarantäne

Plagegeister aller Art und deren Bekämpfung: db29.exe. kommt immer wieder trotz virenscan und quarantäne

db29.exe. kommt immer wieder trotz virenscan und quarantäne

Ähnliche Themen: db29.exe. kommt immer wieder trotz virenscan und quarantäne