Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: bizcoaching problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 05.07.2013, 09:31   #1
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Mein Vater hat ein ernsthaftes Bizcoaching Problem auf seinem Rechner und ich würde ihm gerne weiterhelfen, obwohl ich selber keine Ahnung habe. Daher bin ich sehr froh, dass ich dieses Forum gefunden habe und würde mich tierisch freuen, wenn jemand Zeit hätte, mir zu antworten!
Heute morgen habe ich den Adw Cleaner durchlaufen lassen, dabei ergab sich folgendes Logfile:

Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 05/07/2013 um 09:44:03 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Gottfried-admin - GOTFRIEDLIMPERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gotfried  Limpert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Q083BE2\adwcleaner_2.3.0.4.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : BrowserDefendert

***** [Dateien / Ordner] *****

Datei Gefunden : \user.js
Datei Gefunden : C:\Users\Gotfried  Limpert\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Users\Gotfried  Limpert\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\Gottfried-admin\Desktop\Check for Updates.lnk
Datei Gefunden : C:\Users\Gottfried-admin\Desktop\eBay.lnk
Datei Gefunden : C:\Users\Gottfried-admin\Desktop\Optimizer Pro.lnk
Datei Gefunden : C:\Windows\tasks\LyricsPal Update.job
Ordner Gefunden : C:\Program Files (x86)\Advanced System Protector
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\Complitly
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\Program Files (x86)\Delta
Ordner Gefunden : C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro
Ordner Gefunden : C:\Program Files (x86)\PricePeep
Ordner Gefunden : C:\Program Files (x86)\XingHaoLyrics
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserDefender
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Ordner Gefunden : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Gotfried  Limpert\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Gotfried  Limpert\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Gotfried  Limpert\AppData\LocalLow\Delta
Ordner Gefunden : C:\Users\Gotfried  Limpert\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Gotfried  Limpert\AppData\Roaming\Complitly
Ordner Gefunden : C:\Users\Gotfried  Limpert\AppData\Roaming\Iminent
Ordner Gefunden : C:\Users\GOTTFR~1\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\GOTTFR~1\AppData\Local\Temp\Iminent
Ordner Gefunden : C:\Users\GOTTFR~1\AppData\Local\Temp\Smartbar
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\APN
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Smartbar
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Roaming\BabSolution
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Roaming\Delta
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Roaming\Optimizer Pro
Ordner Gefunden : C:\Users\Hermine\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Hermine\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Hermine\AppData\LocalLow\Delta
Ordner Gefunden : C:\Users\Hermine\AppData\Roaming\Iminent
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Complitly
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\SmartbarBackup
Schlüssel Gefunden : HKCU\Software\SmartbarLog
Schlüssel Gefunden : HKCU\Software\Somoto
Schlüssel Gefunden : HKCU\Software\59558bd1b369ba47
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031554.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031554.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031554.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0031554.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\Software\Delta
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311121157}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311151154}
Schlüssel Gefunden : HKLM\Software\SimplyGen
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\59558bd1b369ba47
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311121157}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311151154}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311121157}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311151154}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@xinghao.net
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKU\S-1-5-21-2011122950-1746063082-2906833487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-2011122950-1746063082-2906833487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2011122950-1746063082-2906833487-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Schlüssel Gefunden : HKU\S-1-5-21-2011122950-1746063082-2906833487-1006\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-2011122950-1746063082-2906833487-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [lrcspal@xinghao.net]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=2CE81C6F65FC1ED9&affID=120519&tsp=4930

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Gotfried  Limpert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Hermine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.21] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gefunden [l.24] : keyword = "delta-search.com",
Gefunden [l.26] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CE81C6F65FC1ED9&affID=120519&tsp=4930",

*************************

AdwCleaner[R1].txt - [35978 octets] - [05/07/2013 09:44:03]

########## EOF - \AdwCleaner[R1].txt - [36039 octets] ##########
         
Tschüß, angelio

Alt 05.07.2013, 10:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bizcoaching problem - Standard

bizcoaching problem



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 05.07.2013, 21:41   #3
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Danke für die Antwort!
Mein Papa hat lediglich Avira Free Antivirus auf seinem Rechner,
der hatte das letzte Mal einen Fund (index [4].htm JS/Blacole Ref.CZ.3) und den in Quarantäne geschoben.
Ansonsten habe ich noch keine Logfiles, die ich einreichen könnte.
__________________

Alt 06.07.2013, 12:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bizcoaching problem - Standard

bizcoaching problem



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.07.2013, 14:55   #5
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Hallo Cosinus,

kurze Zwischenmeldung: ich hab's nicht geschafft den Echtzeitscanner von Avira zu deaktivieren (er meinte, dazu hätte ich kein Recht), das ist mir aber auch erst eingefallen, als ich GMER schon gestartet habe.

Ist der scan dadurch jetzt wertlos, oder hab ich was kaputt gemacht?

Dann hab ich auch die GMER Datei nicht mehr gefunden, obwohl sie auf dem Desktop sein sollte - im Suchlauf durch den Rechner hab ich schließlich nur eine Verknüpfung gefunden, die sich nicht hochladen lässt.

Tut mir leid :-( - hättest du noch 'nen Tipp?


Alt 06.07.2013, 19:59   #6
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Juhuuuu,

ich hab's geschafft den Virenscanner zu deaktivieren und beim dritten Scan hat das auch mit dem Protokoll geklappt - ich hoffe nur es unterscheidet sich nicht von den zwei vorherigen.

Könntest du mir eine kurze Zwischenbilanz geben, ob soweit alles richtig war?

Alt 07.07.2013, 13:14   #7
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Hallo Cosinus,

hier noch das MBAR Protokoll und die ersten Versuche von gmer (siehe Anhang, falls du die brauchst).

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.07.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Gottfried-admin :: GOTFRIEDLIMPERT [administrator]

07.07.2013 12:27:20
mbar-log-2013-07-07 (12-27-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 335424
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
c:\Users\Gottfried-admin\AppData\Local\Temp\DM\Setup (1).exe\t7KrsKHuT0mMDxx\Setup (1).exe (Adware.DomaIQ) -> Delete on reboot.
c:\Users\Gottfried-admin\AppData\Local\Temp\DM\Setup.exe\C0tj0jI4qh5SfzF\Setup.exe (Adware.DomaIQ) -> Delete on reboot.
c:\Users\Gottfried-admin\AppData\Local\Temp\DM\Setup.exe\oALY25nEjHJoonQ\Setup.exe (Adware.DomaIQ) -> Delete on reboot.
c:\Windows\System32\fsvk.exe.exe (Worm.Zhelatin) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Ich hab den Adw Cleaner nochmal durhlaufen lassen, weil ich nicht weiß, ob das einen Unterschied macht, ob ich das vom Benutzer oder vom Administratorkonto aus mache, das Protokoll wäre nochmal hier:

Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 07/07/2013 um 13:58:20 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Gottfried-admin - GOTFRIEDLIMPERT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gottfried-admin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\DealPly
Ordner Gefunden : C:\Program Files (x86)\Delta
Ordner Gefunden : C:\Program Files (x86)\PricePeep
Ordner Gefunden : C:\Program Files (x86)\XingHaoLyrics
Ordner Gefunden : C:\ProgramData\BrowserDefender
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Ordner Gefunden : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2011122950-1746063082-2906833487-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\Gotfried  Limpert\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Hermine\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.21] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gefunden [l.23] : keyword = "delta-search.com",
Gefunden [l.25] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CE81C6F65FC1ED9&affID=120519&tsp=4930",

*************************

AdwCleaner[R1].txt - [35953 octets] - [05/07/2013 09:44:03]
AdwCleaner[R2].txt - [2759 octets] - [07/07/2013 13:58:20]
AdwCleaner[S1].txt - [35764 octets] - [05/07/2013 10:36:35]

########## EOF - C:\AdwCleaner[R2].txt - [2880 octets] ##########
         
Ich bin nur noch bis morgen Abend in der Stadt, danach kann ich hier bei meinem Papa leider nichts mehr ausrichten - wäre schön, wenn du dich bis dahin meldest.
Danke!

Alt 07.07.2013, 22:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bizcoaching problem - Standard

bizcoaching problem



Ok weiter gehts

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.07.2013, 23:02   #9
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Hallo Cosinus,

schön, dass alles soweit geklappt hat - hier die neuen logfiles:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Gottfried-admin (administrator) on 07-07-2013 23:50:29
Running from C:\Users\Gottfried-admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.BIN
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Sun\StarOffice 8\program\soffice.BIN
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13374568 2011-12-13] (Realtek Semiconductor)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-03-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RegUse] C:\Program Files (x86)\RegUse\RegUse.exe [x]
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [MailCheck IE Broker] "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [1463000 2012-12-21] (1und1 Mail und Media GmbH)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-24] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [345144 2013-06-24] ()
Startup: C:\Users\Gotfried  Limpert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk
ShortcutTarget: StarOffice 8.lnk -> C:\Program Files (x86)\Sun\StarOffice 8\program\quickstart.exe ()
Startup: C:\Users\Gottfried-admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Hermine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk
ShortcutTarget: StarOffice 8.lnk -> C:\Program Files (x86)\Sun\StarOffice 8\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=hp&installDate=02/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=ds&q={searchTerms}&installDate=02/07/2013
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: WEB.DE Konfiguration - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} -  No File
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=hp&installDate=02/07/2013
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=hp&installDate=02/07/2013"
CHR DefaultSearchURL: (Delta Search) - hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CE81C6F65FC1ED9&affID=120519&tsp=4930
CHR DefaultSuggestURL: (Delta Search) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Extension: (YouTube) - C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Feven) - C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fglhnbihmeinbfgalpnaiembmdhfijli\1.23.23_0
CHR Extension: (Plus-HD-1.3) - C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.23.33_0
CHR Extension: (Gmail) - C:\Users\Gottfried-admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2008-10-28] (AVM Berlin)
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows (R) Win 7 DDK provider)
S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2008-10-28] (AVM GmbH)
S3 nvamacpi; C:\Windows\system32\drivers\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [59648 2013-01-16] (Fuzhou Rockchip Electronics Co,Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-07 23:50 - 2013-07-07 23:50 - 00000000 ____D C:\FRST
2013-07-07 23:48 - 2013-07-07 23:48 - 01934636 ____A (Farbar) C:\Users\Gottfried-admin\Desktop\FRST64.exe
2013-07-07 14:15 - 2013-07-07 14:17 - 00003107 ____A C:\AdwCleaner[S3].txt
2013-07-07 14:14 - 2013-07-07 14:15 - 00003228 ____A C:\AdwCleaner[R3].txt
2013-07-07 14:01 - 2013-07-07 14:01 - 00000360 ____A C:\AdwCleaner[S2].txt
2013-07-07 13:59 - 2013-07-07 13:59 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\StarOffice8
2013-07-07 13:58 - 2013-07-07 13:58 - 00002947 ____A C:\AdwCleaner[R2].txt
2013-07-07 13:57 - 2013-07-07 13:57 - 00650027 ____A C:\Users\Gottfried-admin\Desktop\adwcleaner.exe
2013-07-07 12:25 - 2013-07-07 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 12:24 - 2013-07-07 12:24 - 00000000 ____D C:\Users\Gottfried-admin\Desktop\mbar-1.06.0.1004
2013-07-07 12:21 - 2013-07-07 12:21 - 13399154 ____A C:\Users\Gottfried-admin\Desktop\mbar-1.06.0.1004.zip
2013-07-06 20:46 - 2013-07-06 20:46 - 00001844 ____A C:\Users\Gottfried-admin\Desktop\Gmer3.txt
2013-07-06 20:30 - 2013-07-06 20:30 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\Avira
2013-07-06 16:08 - 2013-07-06 16:08 - 473769273 ____A C:\Windows\MEMORY.DMP
2013-07-06 16:08 - 2013-07-06 16:08 - 00456120 ____A C:\Windows\Minidump\070613-12526-01.dmp
2013-07-06 16:08 - 2013-07-06 16:08 - 00000000 ____D C:\Windows\Minidump
2013-07-06 15:35 - 2013-07-06 15:35 - 00001292 ____A C:\Users\Gottfried-admin\Desktop\gmer2.txt
2013-07-06 15:35 - 2013-07-06 15:35 - 00000492 ____A C:\Users\Gotfried  Limpert\Desktop\gmer2.txt.lnk
2013-07-06 15:22 - 2013-07-06 15:22 - 00000842 ____A C:\Users\Gottfried-admin\Desktop\gmer.txt
2013-07-06 15:22 - 2013-07-06 15:22 - 00000487 ____A C:\Users\Gotfried  Limpert\Desktop\gmer.txt.lnk
2013-07-06 15:04 - 2013-07-06 15:05 - 00377856 ____A C:\Users\Gotfried  Limpert\Downloads\gmer_2.1.19163.exe
2013-07-05 10:36 - 2013-07-05 10:38 - 00035764 ____A C:\AdwCleaner[S1].txt
2013-07-05 10:36 - 2013-07-05 10:38 - 00000334 ____A C:\Windows\DeleteOnReboot.bat
2013-07-05 09:53 - 2013-07-05 09:53 - 00015484 ____A C:\Users\Gotfried  Limpert\Documents\AdwCleaner log.odt
2013-07-05 09:44 - 2013-07-05 09:44 - 00035953 ____A C:\AdwCleaner[R1].txt
2013-07-02 22:36 - 2013-07-03 10:36 - 00001350 ____A C:\Users\Gotfried  Limpert\Desktop\Clean Registry for Free!.lnk
2013-07-02 16:39 - 2013-07-02 16:39 - 00001252 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-07-02 16:39 - 2013-07-02 16:39 - 00000000 ____D C:\ProgramData\Systweak
2013-07-02 16:39 - 2012-07-25 12:03 - 00016896 ____A C:\Windows\System32\sasnative64.exe
2013-07-02 09:14 - 2013-07-02 09:15 - 00002546 ____A C:\Users\Gottfried-admin\Desktop\Search.lnk
2013-07-02 09:13 - 2013-07-07 23:43 - 00001878 ____A C:\Windows\Tasks\Feven-chromeinstaller.job
2013-07-02 09:13 - 2013-07-07 23:43 - 00001182 ____A C:\Windows\Tasks\Feven-codedownloader.job
2013-07-02 09:13 - 2013-07-07 23:43 - 00001178 ____A C:\Windows\Tasks\Feven-updater.job
2013-07-02 09:13 - 2013-07-07 23:43 - 00001082 ____A C:\Windows\Tasks\Feven-enabler.job
2013-07-02 09:13 - 2013-07-02 09:13 - 00000000 ____D C:\Program Files (x86)\Feven
2013-07-01 22:12 - 2013-07-07 23:44 - 00001214 ____A C:\Windows\Tasks\Plus-HD-1.3-updater.job
2013-07-01 22:11 - 2013-07-07 23:43 - 00001926 ____A C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2013-07-01 22:11 - 2013-07-07 23:43 - 00001218 ____A C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2013-07-01 22:11 - 2013-07-07 23:43 - 00001118 ____A C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2013-07-01 22:11 - 2013-07-01 22:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.3
2013-06-15 11:09 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 11:09 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 11:09 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 11:09 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 11:09 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 11:09 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 11:09 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 11:09 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 11:09 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 11:09 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 11:09 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 11:09 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 22:15 - 2013-06-14 22:15 - 00000000 ____D C:\Users\Gotfried  Limpert\AppData\Roaming\Systweak
2013-06-14 18:12 - 2013-06-14 18:12 - 00000000 ____D C:\Users\Hermine\AppData\Roaming\Systweak
2013-06-14 16:56 - 2013-07-02 16:39 - 00001138 ____A C:\Users\Gottfried-admin\Desktop\MyPC Backup.lnk
2013-06-14 16:56 - 2013-07-02 16:38 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-06-14 16:55 - 2013-07-03 10:42 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\Systweak
2013-06-14 16:55 - 2013-05-27 16:01 - 00020312 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-06-14 10:48 - 2013-06-14 19:41 - 00000000 ____D C:\Users\Hermine\AppData\Roaming\vlc
2013-06-14 10:23 - 2013-06-14 22:19 - 00000000 ____D C:\Users\Gotfried  Limpert\AppData\Roaming\vlc
2013-06-14 10:22 - 2013-06-14 10:22 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\vlc
2013-06-14 10:19 - 2013-06-14 10:19 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-14 10:19 - 2013-06-14 10:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-14 10:11 - 2013-06-14 10:11 - 00000000 ____D C:\Users\Hermine\AppData\Roaming\Avira
2013-06-14 10:11 - 2013-06-14 10:11 - 00000000 ____D C:\Users\Gotfried  Limpert\AppData\Roaming\Avira
2013-06-14 10:08 - 2013-06-24 11:21 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-14 10:07 - 2013-06-14 10:07 - 00002117 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-14 10:06 - 2013-06-14 10:06 - 00000000 ____D C:\ProgramData\Avira
2013-06-14 10:06 - 2013-06-14 10:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-14 10:06 - 2013-03-06 16:13 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-14 10:06 - 2013-02-26 16:56 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-14 10:06 - 2013-02-26 16:56 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-14 10:04 - 2013-06-14 10:05 - 102323272 ____A C:\Users\Gotfried  Limpert\Downloads\avira_free3640_antivirus_de.exe
2013-06-12 21:16 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 21:16 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 21:16 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 21:16 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 21:16 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 21:16 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 21:16 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 21:16 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 21:16 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 21:16 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 21:16 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 21:16 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 21:16 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 21:16 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 21:16 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 21:16 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 21:16 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 21:16 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 21:16 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 17:13 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 17:13 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 17:13 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 17:13 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 17:13 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 17:12 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 17:12 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 17:12 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 17:12 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 17:12 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 17:12 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 17:12 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 17:12 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 17:12 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 17:12 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 17:12 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 17:12 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 17:12 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 17:12 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-07 23:50 - 2013-07-07 23:50 - 00000000 ____D C:\FRST
2013-07-07 23:49 - 2009-07-14 06:45 - 00020288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 23:49 - 2009-07-14 06:45 - 00020288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 23:48 - 2013-07-07 23:48 - 01934636 ____A (Farbar) C:\Users\Gottfried-admin\Desktop\FRST64.exe
2013-07-07 23:44 - 2013-07-01 22:12 - 00001214 ____A C:\Windows\Tasks\Plus-HD-1.3-updater.job
2013-07-07 23:43 - 2013-07-02 09:13 - 00001878 ____A C:\Windows\Tasks\Feven-chromeinstaller.job
2013-07-07 23:43 - 2013-07-02 09:13 - 00001182 ____A C:\Windows\Tasks\Feven-codedownloader.job
2013-07-07 23:43 - 2013-07-02 09:13 - 00001178 ____A C:\Windows\Tasks\Feven-updater.job
2013-07-07 23:43 - 2013-07-02 09:13 - 00001082 ____A C:\Windows\Tasks\Feven-enabler.job
2013-07-07 23:43 - 2013-07-01 22:11 - 00001926 ____A C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2013-07-07 23:43 - 2013-07-01 22:11 - 00001218 ____A C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2013-07-07 23:43 - 2013-07-01 22:11 - 00001118 ____A C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2013-07-07 23:43 - 2012-03-06 18:58 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 23:37 - 2012-03-06 18:59 - 00001132 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 23:31 - 2012-04-03 09:05 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-07 23:20 - 2012-03-03 09:53 - 01755967 ____A C:\Windows\WindowsUpdate.log
2013-07-07 22:57 - 2011-04-12 09:43 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-07-07 22:57 - 2011-04-12 09:43 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-07-07 22:57 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 22:42 - 2013-03-20 21:34 - 00000000 ____D C:\Users\Hermine\AppData\Roaming\StarOffice8
2013-07-07 22:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2013-07-07 20:09 - 2012-03-19 10:41 - 00000000 ____D C:\Users\Gotfried  Limpert\AppData\Roaming\StarOffice8
2013-07-07 20:08 - 2012-03-29 13:45 - 00081457 ____A C:\Windows\setupact.log
2013-07-07 20:08 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 15:16 - 2012-01-12 11:11 - 01589442 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-07 14:19 - 2012-03-29 13:43 - 00106290 ____A C:\Windows\PFRO.log
2013-07-07 14:17 - 2013-07-07 14:15 - 00003107 ____A C:\AdwCleaner[S3].txt
2013-07-07 14:15 - 2013-07-07 14:14 - 00003228 ____A C:\AdwCleaner[R3].txt
2013-07-07 14:01 - 2013-07-07 14:01 - 00000360 ____A C:\AdwCleaner[S2].txt
2013-07-07 13:59 - 2013-07-07 13:59 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\StarOffice8
2013-07-07 13:58 - 2013-07-07 13:58 - 00002947 ____A C:\AdwCleaner[R2].txt
2013-07-07 13:57 - 2013-07-07 13:57 - 00650027 ____A C:\Users\Gottfried-admin\Desktop\adwcleaner.exe
2013-07-07 12:25 - 2013-07-07 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-07 12:24 - 2013-07-07 12:24 - 00000000 ____D C:\Users\Gottfried-admin\Desktop\mbar-1.06.0.1004
2013-07-07 12:21 - 2013-07-07 12:21 - 13399154 ____A C:\Users\Gottfried-admin\Desktop\mbar-1.06.0.1004.zip
2013-07-06 20:46 - 2013-07-06 20:46 - 00001844 ____A C:\Users\Gottfried-admin\Desktop\Gmer3.txt
2013-07-06 20:30 - 2013-07-06 20:30 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\Avira
2013-07-06 16:08 - 2013-07-06 16:08 - 473769273 ____A C:\Windows\MEMORY.DMP
2013-07-06 16:08 - 2013-07-06 16:08 - 00456120 ____A C:\Windows\Minidump\070613-12526-01.dmp
2013-07-06 16:08 - 2013-07-06 16:08 - 00000000 ____D C:\Windows\Minidump
2013-07-06 15:35 - 2013-07-06 15:35 - 00001292 ____A C:\Users\Gottfried-admin\Desktop\gmer2.txt
2013-07-06 15:35 - 2013-07-06 15:35 - 00000492 ____A C:\Users\Gotfried  Limpert\Desktop\gmer2.txt.lnk
2013-07-06 15:22 - 2013-07-06 15:22 - 00000842 ____A C:\Users\Gottfried-admin\Desktop\gmer.txt
2013-07-06 15:22 - 2013-07-06 15:22 - 00000487 ____A C:\Users\Gotfried  Limpert\Desktop\gmer.txt.lnk
2013-07-06 15:05 - 2013-07-06 15:04 - 00377856 ____A C:\Users\Gotfried  Limpert\Downloads\gmer_2.1.19163.exe
2013-07-05 10:38 - 2013-07-05 10:36 - 00035764 ____A C:\AdwCleaner[S1].txt
2013-07-05 10:38 - 2013-07-05 10:36 - 00000334 ____A C:\Windows\DeleteOnReboot.bat
2013-07-05 09:53 - 2013-07-05 09:53 - 00015484 ____A C:\Users\Gotfried  Limpert\Documents\AdwCleaner log.odt
2013-07-05 09:44 - 2013-07-05 09:44 - 00035953 ____A C:\AdwCleaner[R1].txt
2013-07-04 21:30 - 2012-05-20 17:51 - 00000398 ____A C:\Windows\Tasks\RegUse.job
2013-07-03 14:32 - 2012-03-06 17:57 - 00000000 ___RD C:\Users\Gotfried  Limpert\Documents\Briefe
2013-07-03 10:42 - 2013-06-14 16:55 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\Systweak
2013-07-03 10:36 - 2013-07-02 22:36 - 00001350 ____A C:\Users\Gotfried  Limpert\Desktop\Clean Registry for Free!.lnk
2013-07-02 16:39 - 2013-07-02 16:39 - 00001252 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-07-02 16:39 - 2013-07-02 16:39 - 00000000 ____D C:\ProgramData\Systweak
2013-07-02 16:39 - 2013-06-14 16:56 - 00001138 ____A C:\Users\Gottfried-admin\Desktop\MyPC Backup.lnk
2013-07-02 16:38 - 2013-06-14 16:56 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-07-02 16:14 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-02 09:15 - 2013-07-02 09:14 - 00002546 ____A C:\Users\Gottfried-admin\Desktop\Search.lnk
2013-07-02 09:13 - 2013-07-02 09:13 - 00000000 ____D C:\Program Files (x86)\Feven
2013-07-01 22:12 - 2013-07-01 22:11 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.3
2013-06-25 14:25 - 2012-03-06 17:57 - 00000000 ____D C:\Users\Gotfried  Limpert\Documents\Wächterruf
2013-06-24 11:21 - 2013-06-14 10:08 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-21 16:16 - 2012-03-06 18:46 - 00000000 ____D C:\Users\Gotfried  Limpert\Documents\Lieder
2013-06-20 10:39 - 2012-07-01 16:15 - 00002230 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-19 19:31 - 2012-03-06 17:57 - 00000000 ____D C:\Users\Gotfried  Limpert\Documents\Verschiedenes
2013-06-14 22:19 - 2013-06-14 10:23 - 00000000 ____D C:\Users\Gotfried  Limpert\AppData\Roaming\vlc
2013-06-14 22:15 - 2013-06-14 22:15 - 00000000 ____D C:\Users\Gotfried  Limpert\AppData\Roaming\Systweak
2013-06-14 19:41 - 2013-06-14 10:48 - 00000000 ____D C:\Users\Hermine\AppData\Roaming\vlc
2013-06-14 18:12 - 2013-06-14 18:12 - 00000000 ____D C:\Users\Hermine\AppData\Roaming\Systweak
2013-06-14 17:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 16:56 - 2012-04-20 17:50 - 00128512 ____A C:\Users\Gottfried-admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-14 10:32 - 2012-04-20 20:07 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Local\Adobe
2013-06-14 10:31 - 2012-04-03 09:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-14 10:31 - 2012-03-06 18:03 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-14 10:22 - 2013-06-14 10:22 - 00000000 ____D C:\Users\Gottfried-admin\AppData\Roaming\vlc
2013-06-14 10:20 - 2012-04-20 17:49 - 00000000 ____D C:\users\Gottfried-admin
2013-06-14 10:19 - 2013-06-14 10:19 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-06-14 10:19 - 2013-06-14 10:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-14 10:11 - 2013-06-14 10:11 - 00000000 ____D C:\Users\Hermine\AppData\Roaming\Avira
2013-06-14 10:11 - 2013-06-14 10:11 - 00000000 ____D C:\Users\Gotfried  Limpert\AppData\Roaming\Avira
2013-06-14 10:07 - 2013-06-14 10:07 - 00002117 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-14 10:06 - 2013-06-14 10:06 - 00000000 ____D C:\ProgramData\Avira
2013-06-14 10:06 - 2013-06-14 10:06 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-14 10:05 - 2013-06-14 10:04 - 102323272 ____A C:\Users\Gotfried  Limpert\Downloads\avira_free3640_antivirus_de.exe
2013-06-14 10:01 - 2012-03-19 10:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-12 21:17 - 2012-03-03 10:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 17:09 - 2012-03-04 13:13 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 16:08 - 2013-06-15 11:09 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 11:09 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 11:09 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 11:09 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 11:09 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 11:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 11:09 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 11:09 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 11:09 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 11:09 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 11:09 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 11:09 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 18:57

==================== End Of Log ============================
         
--- --- ---

--- --- ---


und der noch:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Gottfried-admin at 2013-07-07 23:51:23
Running from C:\Users\Gottfried-admin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Advanced System Protector (x32 Version: 2.1.1000.10905)
Auslogics Disk Defrag (x32 Version: version 3.3)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Bushaltestelle 2 CC (x32)
CCleaner (Version: 3.02)
CDBurnerXP (x32 Version: 4.5.0.3717)
CyberLink PowerDVD 9 (x32 Version: 9.0.1719)
D3DX10 (x32 Version: 15.4.2368.0902)
DMUninstaller (x32)
FastStone Image Viewer 4.6 (x32 Version: 4.6)
Feven (x32 Version: 1.27.153.6)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (Version: 22.0.334.0)
HP Officejet 6500 E710a-f Hilfe (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.002.005.003)
I.R.I.S. OCR (x32 Version: 12.3.4)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mail System Converter (x32)
Marketsplash Schnellzugriffe (x32 Version: 1.0.0.9)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Encarta Enzyklopädie 2000 (x32)
Microsoft Encarta Recherche-Planer (x32)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Thunderbird 14.0 (x86 de) (x32 Version: 14.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPC Backup  (Version: )
Nero 10 Movie ThemePack 1 (x32 Version: 10.2.10000.11.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0)
Nero BurnRights 10 (x32 Version: 4.2.10500.1.102)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Control Center 10 (x32 Version: 10.2.11900.1.9)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.18400.9.0)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 10.5.10000)
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Express 10 (x32 Version: 10.2.11900.20.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10300)
Nero InfoTool 10 (x32 Version: 7.2.10400.5.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10000)
Nero MediaHub 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10400)
Nero RescueAgent 10 (x32 Version: 3.2.10800.9.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10000)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.0018)
NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0)
NVIDIA Drivers (Version: 1.8)
Office-Bibliothek 4.0 (x32)
PC Wizard 2010.1.96 (x32)
PC-AUS 2.00 (x32 Version: 2.00)
Plus-HD-1.3 (x32 Version: 1.27.153.7)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6409)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6526)
RealUpgrade 1.1 (x32 Version: 1.1.0)
RegUse (x32 Version: 1.0.3.2)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Snap.Do (x32 Version: 1.26.1.10797)
Snap.Do Engine (HKCU Version: 1.26.1.10797)
StarOffice 8 (x32 Version: 8.00.8945)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (Version: 22.0.334.0)
TeamViewer 7 (x32 Version: 7.0.12979)
UBitMenuDE (x32 Version: 01.04)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.2 (x32 Version: 2.0.2)
WEB.DE Internet Explorer Addon (x32 Version: 1.0.0.11)
WEB.DE MailCheck für Internet Explorer (x32 Version: 1.9.0.2)
WEB.DE Softwareaktualisierung (x32 Version: 2.0.4.4)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

15-06-2013 09:09:24 Windows Update
23-06-2013 14:31:03 Geplanter Prüfpunkt
01-07-2013 19:43:20 Geplanter Prüfpunkt
07-07-2013 10:35:58 Malwarebytes Anti-Rootkit Restore Point
07-07-2013 13:12:07 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {016E70F0-1D46-4AE6-83D1-F577056DCC59} - System32\Tasks\{AB898EED-6E2D-4BCA-BA37-60C8F21D2796} => C:\Program Files (x86)\Microsoft Encarta\Encarta Recherche-Planer\ERO2000.exe [2012-11-08] ()
Task: {022B9B5F-6ECF-462B-8830-733F85CF579B} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe No File
Task: {08FAC76B-A4E2-408D-B610-5528191A5E6F} - System32\Tasks\{E7D26673-07AD-471F-B9D4-43EB228FCDA3} => C:\mailconv.exe [2001-11-11] (Dragon Computer Consultancy)
Task: {0F278930-F437-46EA-BAF7-D48079AD71FF} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2012-11-19] (1&1 Mail & Media GmbH)
Task: {105F2FA8-13D3-43B0-A4C9-04F0645357BD} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2011122950-1746063082-2906833487-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {10AE0363-2055-4D34-A956-EB74A859BE37} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {14F59024-8AB4-462B-932B-DA20C7F8CD15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06] (Google Inc.)
Task: {1D906DA7-2BFA-4D9B-941F-430E4DB8C375} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated)
Task: {2CED62E8-2534-4AB6-8418-43635D33CD25} - System32\Tasks\RealCreateProcessScheduledTask9566293S-1-5-21-2011122950-1746063082-2906833487-1000 => C:\Program Files (x86)\Real\RealPlayer\Update\RealOneMessageCenter.exe [2012-03-06] (RealNetworks, Inc.)
Task: {2DA22CB5-B380-418E-AED8-AF781ED823AF} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2011122950-1746063082-2906833487-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: {3AF0960B-A7B0-4028-9D64-FED9630CFACB} - System32\Tasks\Feven-updater => C:\Program Files (x86)\Feven\Feven-updater.exe [2013-07-02] (Feven)
Task: {3DE20E3C-0A30-4B52-AC29-B2CA6AAE618F} - System32\Tasks\EPUpdater => C:\Users\GOTTFR~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {3E2058FF-3E13-430D-8B53-B0C563B05E79} - System32\Tasks\RegUse => C:\Program Files (x86)\RegUse\RegUse.exe No File
Task: {5221251B-FA54-4F7C-99D9-1DDC9B23CA1F} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe No File
Task: {5E4C7B34-4591-4877-8904-D05A40F787D5} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe No File
Task: {65B298AC-26E7-49CE-890B-2D3DE0086B49} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-07-01] (Plus HD)
Task: {662F01D2-B82E-47FD-877C-4F3E59D0F72C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06] (Google Inc.)
Task: {67FA49BC-EB89-4B3C-B8A3-C1FDD3DBF007} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-07-01] (Plus HD)
Task: {79B17920-5B42-46CE-BF84-4A2BD30373BE} - System32\Tasks\Feven-enabler => C:\Program Files (x86)\Feven\Feven-enabler.exe [2013-07-02] (Feven)
Task: {83A49DB0-EA9D-4699-A834-C95B064D47D9} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe No File
Task: {893AD600-9B68-458F-A82C-38373E46660D} - System32\Tasks\Feven-chromeinstaller => C:\Program Files (x86)\Feven\Feven-chromeinstaller.exe [2013-07-02] (Feven)
Task: {9D0358EC-50B2-4999-986B-95F4EF6F97E6} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-07-01] (Plus HD)
Task: {A0FD5845-187C-4899-BFAD-62B2507B1AC0} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-07-01] (Plus HD)
Task: {C1DB3225-3B4F-4255-813E-129FD0D4EE1E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {C5697749-2F54-48DA-8F93-06E0510FCFCB} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: {DCD5F2F9-D3B1-423A-B270-E9E733F30911} - System32\Tasks\Feven-codedownloader => C:\Program Files (x86)\Feven\Feven-codedownloader.exe [2013-07-02] (Feven)
Task: {FF071282-BD05-4A60-BC2B-B1B9313FE461} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2011122950-1746063082-2906833487-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-01-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Feven-chromeinstaller.job => C:\Program Files (x86)\Feven\Feven-chromeinstaller.exe
Task: C:\Windows\Tasks\Feven-codedownloader.job => C:\Program Files (x86)\Feven\Feven-codedownloader.exe
Task: C:\Windows\Tasks\Feven-enabler.job => C:\Program Files (x86)\Feven\Feven-enabler.exe
Task: C:\Windows\Tasks\Feven-updater.job => C:\Program Files (x86)\Feven\Feven-updater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files (x86)\Plus-HD-1.3\Plus-HD-1.3-updater.exe
Task: C:\Windows\Tasks\RegUse.job => C:\Program Files (x86)\RegUse\RegUse.exe

==================== Faulty Device Manager Devices =============

Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2013 10:56:58 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei
G:\DCIM\100CASIO\CIMG1143.JPG.
 [ACCESS_VIOLATION Exception!! EIP = 0x72528292]
 Bitte Avira informieren und die obige Datei übersenden!

Error: (07/07/2013 08:10:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 02:21:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 01:13:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/07/2013 00:39:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 00:00:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/07/2013 10:37:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 10:56:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 08:54:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2013 08:50:47 PM) (Source: ESENT) (User: )
Description: taskhost (2692) WebCacheLocal: Versuch, in Datei "C:\Users\Gottfried-admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" bei Offset 12124160 (0x0000000000b90000) für 32768 (0x00008000) Bytes zu schreiben, ist nach taskhost0 Sekunden mit Systemfehler 1453 (0x000005ad): "Nicht genügend Quoten, um den angeforderten Dienst auszuführen. " fehlgeschlagen. Fehler -1011 (0xfffffc0d) bei Schreiboperation. Wenn dieser Zustand andauert, ist die Datei möglicherweise beschädigt und muss aus einer vorherigen Sicherung wiederhergestellt werden.


System errors:
=============
Error: (07/07/2013 11:02:13 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (07/07/2013 10:56:58 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (07/07/2013 10:56:58 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (07/07/2013 10:56:57 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (07/07/2013 10:56:20 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error: (07/07/2013 00:37:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/07/2013 00:37:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (07/06/2013 08:52:31 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ?06.?07.?2013 um 20:51:18 unerwartet heruntergefahren.

Error: (07/06/2013 04:08:45 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80039dd040, 0xfffff800047f4510)C:\Windows\MEMORY.DMP070613-12526-01

Error: (07/05/2013 10:41:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (04/03/2012 10:30:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 58 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/07/2012 00:30:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 420 seconds with 420 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 35%
Total physical RAM: 4094.46 MB
Available physical RAM: 2641.96 MB
Total Pagefile: 8187.11 MB
Available Pagefile: 6521 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:160 GB) (Free:106.66 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:300.96 GB) (Free:300.47 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 461 GB) (Disk ID: 7D83BF02)
Partition 1: (Active) - (Size=160 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Noch eine Frage, die Benutzerkonten scheinen schon 'sauberer# zu sein, aber wenn ich im Administratorkonto bin, blinken noch immer Werbe-Pop ups, die mich vor ganz schlimmen Viren warnen - macht das einen unterschied, von welchem Konto aus ich einen Scanner laufen lasse?

lieben Gruß und Danke!

Alt 08.07.2013, 08:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bizcoaching problem - Standard

bizcoaching problem



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
CHR HomePage: http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=hp&installDate=02/07/2013
CHR RestoreOnStartup: "http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=hp&installDate=02/07/2013"
CHR DefaultSearchURL: (Delta Search) - http://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CE81C6F65FC1ED9&affID=120519&tsp=4930
CHR DefaultSuggestURL: (Delta Search) -       "suggest_url": ""
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.07.2013, 17:51   #11
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Hier die fixlog.txt:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-07-2013
Ran by Gottfried-admin at 2013-07-08 18:44:58 Run:1
Running from C:\Users\Gottfried-admin\Desktop
Boot Mode: Normal
==============================================

CHR HomePage: hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=hp&installDate=02/07/2013 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7785d187-93ce-4b3f-b15c-2ae87699fe1f&searchtype=hp&installDate=02/07/2013" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: (Delta Search) - hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CE81C6F65FC1ED9&affID=120519&tsp=4930 ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Delta Search) -       "suggest_url": "" ==> The Chrome "Settings" can be used to fix the entry.

==== End of Fixlog ====
         
War es richtig, dass ich vor dem Scan wieder die Internetverbindung und den Virenscanner ausgemacht habe? Hätte ich noch mal neustarten sollen?

hoffe das passt so ....

Alt 09.07.2013, 22:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bizcoaching problem - Standard

bizcoaching problem



Delta bzw. anderer Quatsch nun weg?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.07.2013, 09:49   #13
angelio
 
bizcoaching problem - Standard

bizcoaching problem



Hallo Cosinus,

vielen Dank für deinen support! das war für uns eine Riesenhilfe - mein Vater (schon über 80) war echt am Verzweifeln, weil er vor lauter pop-ups schon gar nicht mehr klar kam und der Rechner richtig langsam war.
Und jetzt läuft das Ding wie der Blitz und die 'bizcoaching', 'build a home' Fenster und die vielen zusätzlichen Werbebanner sind verschwunden - echt genial!
Ich bin jetzt leider nicht mehr vor Ort und kann nach dem 'delta' Quatsch kucken. Snapdo hat sich anscheinend irgendwann mal als Startseit reingeschmuggelt und war auch noch nach dem frst fix noch da. Ich hab dann noch versucht, das Programm über die Systemsteuerung zu deinstallieren (da waren zwei Einträge - der wo 'engineer' dahinter stand ließ sich nicht entfernen).
Falls du noch Tipps hast (auch zur Vermeidung von solchen Geschichten) freu ich mich - ansonsten alles Gute euch!
gruß, angelio

Alt 10.07.2013, 15:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
bizcoaching problem - Standard

bizcoaching problem



Zitat:
Ordner Gefunden
Kann das sein, dass du beim adwCleaner nur auch Suche und nicht auf Löschen geklickt hast? Wenn ja adwCleaner nochmal starten und auf Löschen klicken
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu bizcoaching problem
adw cleaner, appdata, appdatalow, bizcoaching, check, datei, dateien, desktop, explorer, extensioninstallforcelist, firefox, folge, forum, google, helper, home, icon, internet, internet browser, internet explorer, logfile, lyricspal, microsoft, mozilla, ordner, plagegeister, problem, rechner, registrierungsdatenbank, software, start, suche, windows



Ähnliche Themen: bizcoaching problem


  1. Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (9)
  2. Bizcoaching.info auch ich habe es
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (3)
  3. Bizcoaching, was jetzt ?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (8)
  4. bizcoaching und buildathome pop ups...Logfiles zur Kontrolle
    Log-Analyse und Auswertung - 18.07.2013 (13)
  5. bizcoaching und buildathome nerven
    Log-Analyse und Auswertung - 17.07.2013 (10)
  6. Bizcoaching Pop Ups und andere, evtl Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (25)
  7. Bizcoaching entfernen
    Log-Analyse und Auswertung - 13.07.2013 (16)
  8. Solved: Bizcoaching.info entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2013 (7)
  9. Webseite bizcoaching öffnet sich ständig ungefragt
    Plagegeister aller Art und deren Bekämpfung - 10.07.2013 (38)
  10. Bizcoaching Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (5)
  11. ständig öffenen sich BIZCOACHING oder ähnliche Fenster...
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  12. bizcoaching.info spyware
    Log-Analyse und Auswertung - 07.07.2013 (11)
  13. Internet mit allen Browsern langsam nach BizCoaching
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (7)
  14. bizcoaching.info
    Log-Analyse und Auswertung - 06.07.2013 (13)
  15. bizcoaching Popup öffnet sich bei fast jedem Klick im IE10
    Mülltonne - 04.07.2013 (1)
  16. 2x | Bizcoaching wieder loswerden?
    Mülltonne - 01.07.2013 (1)
  17. Firefox problem, Anti-banner problem, Flashplayer problem, Viren problem?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (11)

Zum Thema bizcoaching problem - Mein Vater hat ein ernsthaftes Bizcoaching Problem auf seinem Rechner und ich würde ihm gerne weiterhelfen, obwohl ich selber keine Ahnung habe. Daher bin ich sehr froh, dass ich dieses - bizcoaching problem...
Archiv
Du betrachtest: bizcoaching problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.