| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2014, 22:00
| #1 |
 |  Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hallo liebe Helfer! Nachdem mein Onlinebanking wg. eines Phishing-Angriffs (rechtzeitig) gesperrt wurde, wurde ich darauf aufmerksam, dass G-Data Internet-Security gar nicht mehr ausgeführt wird und sich auch nicht mehr starten lässt. Es erscheint dann die Fehlermeldung: "Dieses Programm wurde durch eine Gruppenrichtlinie geblockt" Daraufhin habe ich gegoogelt und bin auf diese Seite gestoßen, in der offenbar das gleiche Problem schon einmal behandelt wurde. Nun bitte ich um Hilfe - eine Fachfrau bin ich aber nicht, und bitte um Geduld, wenn ich nicht jeden Fachjargon sofort nachvollziehen kann... Immerhin habe ich den ersten Schritt (hoffentlich) schon gemacht, Farbar's Recovery Scan Tool heruntergeladen und gescannt. Jetzt muss ich wohl das Ergebnis übermitteln... das versuche ich als Nächstes. Und damit gehts schon los: Wie bekomme ich Addition.txt und FRST.txt hier plaziert??? Schon jetzt ein herzliches Dankeschön für die Hilfe - ich bin ziemlich verzweifelt  Liebe Grüße Computermom Geändert von Computermom (22.07.2014 um 22:09 Uhr) |
|
22.07.2014, 22:17
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
22.07.2014, 22:25
| #3 |
| | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hallo Jürgen,
__________________so schnelle Hilfe - Danke!!!! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Christine (administrator) on LAPTOP on 22-07-2014 22:21:46
Running from C:\Users\Christine\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
() C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(facemoods.com) C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Pay By Ads LTD) C:\Users\Christine\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
() C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(facemoods.com) C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Windows Mobile Device Center] => C:\windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-09-17] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167008 2009-12-22] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [facemoods] => C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Kaspersky Lab <====== ATTENTION
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Winlogon: [Shell] C:\windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [onlysearch] => C:\Users\Christine\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe [535984 2014-07-09] (Pay By Ads LTD)
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [IqdetOxyuv] => regsvr32.exe "C:\ProgramData\IqdetOxyuv\IqdetOxyuv.dat"
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {20f6063d-54ae-11e2-82ab-c0cb38e736a7} - E:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {20f6063f-54ae-11e2-82ab-c0cb38e736a7} - F:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {282ba65b-313e-11e1-9dbc-c0cb38e736a7} - E:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {282ba65d-313e-11e1-9dbc-c0cb38e736a7} - F:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {bc8c09c9-7498-11e0-a8ce-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {bc8c09e9-7498-11e0-a8ce-c0cb38e736a7} - F:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {e5c5689f-7240-11e0-960e-c0cb38e736a7} - E:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\MountPoints2: {e5c568a5-7240-11e0-960e-c0cb38e736a7} - E:\setup.exe
HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Winlogon: [Shell] C:\windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL => C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maxdome Download Manager.lnk
ShortcutTarget: maxdome Download Manager.lnk -> C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe ()
Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
==================== Internet (Whitelisted) ====================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - (No Name) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=714&r=2014/05/05&hid=979159852152012995&lg=EN&cc=DE&unqvl=51
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392402072&from=exp&uid=WDCXWD5000BEVT-24A0RT0_WD-WXB1A80D7215D7215&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=714&r=2014/05/05&hid=979159852152012995&lg=EN&cc=DE&unqvl=51
SearchScopes: HKCU - DefaultScope {1F6D60F7-55FF-409C-90F3-4E9F6F6BA524} URL = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKCU - {1F6D60F7-55FF-409C-90F3-4E9F6F6BA524} URL = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: CescrtHlpr Object -> {64182481-4F71-486b-A045-B233BD0DA8FC} -> C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258
FF DefaultSearchEngine: Ixquick HTTPS - Deutsch
FF SelectedSearchEngine: Ixquick HTTPS - Deutsch
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-03-20]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\81g4p1wj.default\extensions\lightningnewtab@gmail.com.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gears.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Extended Protection) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-02-14]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-11-07]
CHR Extension: (YoWindow Weather) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef [2014-05-05]
CHR Extension: (Safe Money) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-11-07]
CHR Extension: (Content Blocker) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-11-07]
CHR Extension: (Facemoods) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2013-11-07]
CHR Extension: (Virtual Keyboard) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-11-07]
CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo [2013-11-07]
CHR Extension: (YoutubeAdblocker) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil [2014-05-05]
CHR Extension: (SNT) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk [2014-05-05]
CHR Extension: (Winload) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk [2013-11-07]
CHR Extension: (Yontoo) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2013-11-07]
CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]
CHR Extension: (Anti-Banner) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-11-07]
CHR Extension: (save net) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh [2014-05-05]
==================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36424 2014-06-18] (Just Develop It)
S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S4 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)
R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [24576 2008-03-13] (Vodafone) [File not signed]
S2 d0e87c27; "C:\windows\system32\rundll32.exe" "c:\progra~2\sw-boo~1\AssistantSvc.dll",service
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2012-07-26] ()
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-10] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [135168 2014-05-10] (G Data Software AG)
R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [68608 2014-05-10] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-10] (G Data Software AG)
R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-05-10] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [65024 2014-05-10] (G Data Software AG)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-01-08] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
U3 BcmSqlStartupSvc;
U2 IviRegMgr;
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
U2 RichVideo;
U3 SQLWriter;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 22:21 - 2014-07-22 22:22 - 00026381 _____ () C:\Users\Christine\Desktop\FRST.txt
2014-07-22 22:21 - 2014-07-22 22:21 - 00000000 ____D () C:\FRST
2014-07-22 22:07 - 2014-07-22 22:07 - 00136736 _____ () C:\Users\Katze\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 22:07 - 2014-07-22 22:07 - 00001439 _____ () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-22 22:07 - 2014-07-22 22:07 - 00001405 _____ () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-07-22 22:07 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze\Documents\Audible
2014-07-22 22:07 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze\AppData\Local\VirtualStore
2014-07-22 22:07 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze\AppData\Local\Google
2014-07-22 22:06 - 2014-07-22 22:07 - 00002455 _____ () C:\Users\Katze\Desktop\CyberLink YouCam.lnk
2014-07-22 22:06 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-07-22 22:06 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze
2014-07-22 22:06 - 2014-07-22 22:06 - 00000020 ___SH () C:\Users\Katze\ntuser.ini
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Vorlagen
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Startmenü
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Netzwerkumgebung
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Lokale Einstellungen
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Eigene Dateien
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Druckumgebung
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Documents\Eigene Musik
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Documents\Eigene Bilder
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\AppData\Local\Verlauf
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\AppData\Local\Anwendungsdaten
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Anwendungsdaten
2014-07-22 22:06 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Katze\Documents\Visual Studio 2008
2014-07-22 22:06 - 2011-03-18 14:37 - 00000000 ____D () C:\Users\Katze\AppData\Local\Microsoft Help
2014-07-22 22:06 - 2010-09-17 08:47 - 00002104 _____ () C:\Users\Katze\Desktop\OneKey Recovery.lnk
2014-07-22 22:06 - 2010-09-17 08:42 - 00001140 _____ () C:\Users\Katze\Desktop\Cyberlink Power2Go.lnk
2014-07-22 22:06 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-22 22:06 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-22 21:58 - 2014-07-22 21:58 - 00003408 ____N () C:\bootsqm.dat
2014-07-22 21:57 - 2014-07-22 21:57 - 00000000 __SHD () C:\found.006
2014-07-22 21:22 - 2014-07-22 21:22 - 02090496 _____ (Farbar) C:\Users\Christine\Desktop\FRST64.exe
2014-07-22 20:41 - 2014-07-22 20:41 - 00000111 _____ () C:\Users\Christine\Desktop\Hilfe geblockt.txt
2014-07-19 11:43 - 2014-07-19 11:43 - 00000000 ____D () C:\Intel
2014-07-15 21:33 - 2014-07-15 21:33 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Audio-Editor.lnk
2014-07-15 21:33 - 2014-07-15 21:33 - 00001140 _____ () C:\Users\Public\Desktop\WavePad Audio-Editor.lnk
2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-07-15 21:22 - 2014-07-15 21:22 - 00003248 _____ () C:\windows\System32\Tasks\{37750657-CE3C-402A-8B0F-0A394DCE35E9}
2014-07-14 18:54 - 2014-07-14 18:54 - 00000000 ____D () C:\Users\Christine\Desktop\Alte Firefox-Daten
2014-07-10 22:30 - 2014-07-10 22:30 - 00000000 ____D () C:\ProgramData\IqdetOxyuv
2014-07-09 19:17 - 2014-07-09 22:17 - 00001424 _____ () C:\Users\Christine\Desktop\Only-search.lnk
2014-07-09 19:17 - 2014-07-09 19:17 - 00003556 _____ () C:\windows\System32\Tasks\Only-search
2014-07-09 19:17 - 2014-07-09 19:17 - 00003398 _____ () C:\windows\System32\Tasks\EPUpdater
2014-07-09 19:17 - 2014-07-09 19:17 - 00001852 _____ () C:\Users\Christine\Desktop\Search.lnk
2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\BabSolution
2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Local\onlysearch
2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-07-08 23:57 - 2014-07-10 22:47 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-08 23:57 - 2014-07-08 23:57 - 00001969 _____ () C:\Users\Christine\Desktop\Sync Folder.lnk
2014-07-08 23:57 - 2014-07-08 23:57 - 00001087 _____ () C:\Users\Christine\Desktop\MyPC Backup.lnk
2014-07-08 23:57 - 2014-07-08 23:57 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-07-08 23:34 - 2014-07-09 19:16 - 00000000 ____D () C:\Program Files (x86)\1ClickMovie-Download V9.0
2014-07-08 23:34 - 2014-07-08 23:35 - 00006860 _____ () C:\windows\System32\Tasks\eed37df1-8eca-4f41-97fd-6c00215d3ab5-11
2014-07-08 23:34 - 2014-07-08 23:34 - 00000000 ____D () C:\Users\Christine\AppData\Local\globalUpdate
2014-07-08 23:34 - 2014-07-08 23:34 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-08 23:33 - 2014-07-08 23:33 - 00000000 ____D () C:\Users\Christine\AppData\Local\Cool_Mirage
2014-07-08 23:32 - 2014-07-09 19:14 - 00000000 ____D () C:\Program Files (x86)\1clickmoviedownloader.com
2014-07-08 23:32 - 2014-07-09 19:13 - 00001170 _____ () C:\Users\Christine\Desktop\FreeTVDownloader.lnk
2014-07-08 23:32 - 2014-07-08 23:32 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
2014-07-06 01:57 - 2014-07-15 23:03 - 00007168 _____ () C:\Users\Christine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-04 23:48 - 2014-07-04 23:48 - 00001928 _____ () C:\Users\Christine\Desktop\CorelDRW.exe - Verknüpfung.lnk
2014-07-01 23:15 - 2014-07-09 19:37 - 00000000 ____D () C:\Users\Christine\Documents\Mixpad Projects
2014-07-01 23:15 - 2014-07-09 19:24 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audiodatei-Mixer.lnk
2014-07-01 23:15 - 2014-07-09 19:24 - 00001136 _____ () C:\Users\Public\Desktop\MixPad Audiodatei-Mixer.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00001168 _____ () C:\Users\Public\Desktop\Express Burn.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00001128 _____ () C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2014-07-01 23:14 - 2014-07-22 21:33 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-07-01 23:14 - 2014-07-08 23:15 - 00000000 ____D () C:\ProgramData\NCH Software
2014-07-01 23:13 - 2014-07-15 21:33 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\NCH Software
2014-07-01 23:13 - 2014-07-15 21:33 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-07-01 23:13 - 2014-07-09 19:38 - 00001156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Audiodatei-Konverter.lnk
2014-07-01 23:13 - 2014-07-09 19:38 - 00001144 _____ () C:\Users\Public\Desktop\Switch Audiodatei-Konverter.lnk
2014-07-01 23:12 - 2014-07-09 19:54 - 00000000 ____D () C:\Program Files (x86)\Musik-Konverter
2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\G Data
2014-06-27 21:57 - 2014-06-27 21:57 - 00000000 ____D () C:\Users\Christine\Documents\Meine Paletten
2014-06-27 21:56 - 2014-06-27 21:57 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Corel
2014-06-27 21:56 - 2014-06-27 21:57 - 00000000 ____D () C:\ProgramData\Protexis
2014-06-27 21:52 - 2014-06-27 21:46 - 00002305 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
2014-06-27 21:52 - 2014-06-27 21:43 - 00002641 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk
2014-06-27 21:49 - 2014-07-06 23:03 - 00000000 ____D () C:\Users\Christine\Documents\Corel
2014-06-27 21:49 - 2014-06-27 21:49 - 00000000 ____D () C:\Users\Christine\Documents\Visual Studio 2008
2014-06-27 21:47 - 2014-06-27 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-06-27 21:47 - 2014-06-27 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-06-27 21:45 - 2014-06-27 21:45 - 00000000 ____D () C:\ProgramData\Corel
2014-06-27 21:42 - 2014-06-27 21:42 - 00000000 ____D () C:\Users\Public\Documents\Corel
2014-06-27 21:40 - 2014-06-27 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
2014-06-27 21:29 - 2014-06-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-06-27 21:28 - 2014-06-27 21:28 - 00000000 ____D () C:\Program Files (x86)\orel
2014-06-27 20:47 - 2014-07-04 22:45 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X6
2014-06-26 16:13 - 2014-07-11 21:05 - 00000000 _____ () C:\Users\Christine\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-06-25 22:01 - 2014-07-06 10:39 - 00000000 ____D () C:\Users\Christine\Documents\Hochzeit Sandrina und Malte
2014-06-25 20:02 - 2014-06-25 20:02 - 00000000 ___DC () C:\ProgramData\{DDD17DCD-CFF8-47AC-AEB9-EBD74DBE5A3E}
2014-06-23 19:31 - 2014-07-11 20:46 - 00024064 ___SH () C:\Users\Christine\Documents\Thumbs.db
==================== One Month Modified Files and Folders =======
2014-07-22 22:22 - 2014-07-22 22:21 - 00026381 _____ () C:\Users\Christine\Desktop\FRST.txt
2014-07-22 22:21 - 2014-07-22 22:21 - 00000000 ____D () C:\FRST
2014-07-22 22:20 - 2011-03-28 17:15 - 00000000 ____D () C:\Users\Christine\Documents\Christine
2014-07-22 22:16 - 2011-03-20 22:17 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Skype
2014-07-22 22:15 - 2010-09-17 07:59 - 01679491 _____ () C:\windows\WindowsUpdate.log
2014-07-22 22:12 - 2013-05-25 00:30 - 04935738 _____ () C:\FaceProv.log
2014-07-22 22:12 - 2010-09-17 08:40 - 00000000 ____D () C:\ProgramData\VeriFace
2014-07-22 22:08 - 2009-07-14 06:45 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 22:08 - 2009-07-14 06:45 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 22:07 - 2014-07-22 22:07 - 00136736 _____ () C:\Users\Katze\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-22 22:07 - 2014-07-22 22:07 - 00001439 _____ () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-22 22:07 - 2014-07-22 22:07 - 00001405 _____ () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-07-22 22:07 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze\Documents\Audible
2014-07-22 22:07 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze\AppData\Local\VirtualStore
2014-07-22 22:07 - 2014-07-22 22:07 - 00000000 ____D () C:\Users\Katze\AppData\Local\Google
2014-07-22 22:07 - 2014-07-22 22:06 - 00002455 _____ () C:\Users\Katze\Desktop\CyberLink YouCam.lnk
2014-07-22 22:07 - 2014-07-22 22:06 - 00000000 ____D () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-07-22 22:07 - 2014-07-22 22:06 - 00000000 ____D () C:\Users\Katze
2014-07-22 22:06 - 2014-07-22 22:06 - 00000020 ___SH () C:\Users\Katze\ntuser.ini
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Vorlagen
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Startmenü
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Netzwerkumgebung
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Lokale Einstellungen
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Eigene Dateien
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Druckumgebung
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Documents\Eigene Musik
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Documents\Eigene Bilder
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\AppData\Local\Verlauf
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\AppData\Local\Anwendungsdaten
2014-07-22 22:06 - 2014-07-22 22:06 - 00000000 _SHDL () C:\Users\Katze\Anwendungsdaten
2014-07-22 21:59 - 2014-05-10 19:07 - 00004989 _____ () C:\windows\setupact.log
2014-07-22 21:59 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-22 21:58 - 2014-07-22 21:58 - 00003408 ____N () C:\bootsqm.dat
2014-07-22 21:57 - 2014-07-22 21:57 - 00000000 __SHD () C:\found.006
2014-07-22 21:43 - 2012-06-20 22:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 21:33 - 2014-07-01 23:14 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-07-22 21:22 - 2014-07-22 21:22 - 02090496 _____ (Farbar) C:\Users\Christine\Desktop\FRST64.exe
2014-07-22 20:41 - 2014-07-22 20:41 - 00000111 _____ () C:\Users\Christine\Desktop\Hilfe geblockt.txt
2014-07-20 17:03 - 2014-05-10 19:07 - 00014984 _____ () C:\windows\PFRO.log
2014-07-19 11:43 - 2014-07-19 11:43 - 00000000 ____D () C:\Intel
2014-07-17 18:18 - 2011-03-18 22:52 - 00000000 ____D () C:\Users\Christine\Documents\Bücher
2014-07-17 18:13 - 2010-09-16 23:45 - 00654166 _____ () C:\windows\system32\perfh007.dat
2014-07-17 18:13 - 2010-09-16 23:45 - 00130006 _____ () C:\windows\system32\perfc007.dat
2014-07-17 18:13 - 2009-07-14 07:13 - 01498506 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-15 23:03 - 2014-07-06 01:57 - 00007168 _____ () C:\Users\Christine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-15 21:33 - 2014-07-15 21:33 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Audio-Editor.lnk
2014-07-15 21:33 - 2014-07-15 21:33 - 00001140 _____ () C:\Users\Public\Desktop\WavePad Audio-Editor.lnk
2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme
2014-07-15 21:33 - 2014-07-01 23:13 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\NCH Software
2014-07-15 21:33 - 2014-07-01 23:13 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-07-15 21:22 - 2014-07-15 21:22 - 00003248 _____ () C:\windows\System32\Tasks\{37750657-CE3C-402A-8B0F-0A394DCE35E9}
2014-07-14 21:00 - 2011-04-11 16:27 - 00001201 _____ () C:\Users\Christine\Desktop\Diba C+M.txt
2014-07-14 18:54 - 2014-07-14 18:54 - 00000000 ____D () C:\Users\Christine\Desktop\Alte Firefox-Daten
2014-07-11 21:05 - 2014-06-26 16:13 - 00000000 _____ () C:\Users\Christine\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-07-11 20:46 - 2014-06-23 19:31 - 00024064 ___SH () C:\Users\Christine\Documents\Thumbs.db
2014-07-10 22:47 - 2014-07-08 23:57 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-10 22:30 - 2014-07-10 22:30 - 00000000 ____D () C:\ProgramData\IqdetOxyuv
2014-07-10 15:12 - 2013-07-22 00:35 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 14:48 - 2011-03-17 23:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 14:33 - 2011-03-18 18:01 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-09 22:17 - 2014-07-09 19:17 - 00001424 _____ () C:\Users\Christine\Desktop\Only-search.lnk
2014-07-09 19:54 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files (x86)\Musik-Konverter
2014-07-09 19:38 - 2014-07-01 23:13 - 00001156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Audiodatei-Konverter.lnk
2014-07-09 19:38 - 2014-07-01 23:13 - 00001144 _____ () C:\Users\Public\Desktop\Switch Audiodatei-Konverter.lnk
2014-07-09 19:37 - 2014-07-01 23:15 - 00000000 ____D () C:\Users\Christine\Documents\Mixpad Projects
2014-07-09 19:24 - 2014-07-01 23:15 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audiodatei-Mixer.lnk
2014-07-09 19:24 - 2014-07-01 23:15 - 00001136 _____ () C:\Users\Public\Desktop\MixPad Audiodatei-Mixer.lnk
2014-07-09 19:17 - 2014-07-09 19:17 - 00003556 _____ () C:\windows\System32\Tasks\Only-search
2014-07-09 19:17 - 2014-07-09 19:17 - 00003398 _____ () C:\windows\System32\Tasks\EPUpdater
2014-07-09 19:17 - 2014-07-09 19:17 - 00001852 _____ () C:\Users\Christine\Desktop\Search.lnk
2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\BabSolution
2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Local\onlysearch
2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-07-09 19:16 - 2014-07-08 23:34 - 00000000 ____D () C:\Program Files (x86)\1ClickMovie-Download V9.0
2014-07-09 19:14 - 2014-07-08 23:32 - 00000000 ____D () C:\Program Files (x86)\1clickmoviedownloader.com
2014-07-09 19:13 - 2014-07-08 23:32 - 00001170 _____ () C:\Users\Christine\Desktop\FreeTVDownloader.lnk
2014-07-08 23:57 - 2014-07-08 23:57 - 00001969 _____ () C:\Users\Christine\Desktop\Sync Folder.lnk
2014-07-08 23:57 - 2014-07-08 23:57 - 00001087 _____ () C:\Users\Christine\Desktop\MyPC Backup.lnk
2014-07-08 23:57 - 2014-07-08 23:57 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-07-08 23:35 - 2014-07-08 23:34 - 00006860 _____ () C:\windows\System32\Tasks\eed37df1-8eca-4f41-97fd-6c00215d3ab5-11
2014-07-08 23:34 - 2014-07-08 23:34 - 00000000 ____D () C:\Users\Christine\AppData\Local\globalUpdate
2014-07-08 23:34 - 2014-07-08 23:34 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-08 23:33 - 2014-07-08 23:33 - 00000000 ____D () C:\Users\Christine\AppData\Local\Cool_Mirage
2014-07-08 23:32 - 2014-07-08 23:32 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
2014-07-08 23:15 - 2014-07-01 23:14 - 00000000 ____D () C:\ProgramData\NCH Software
2014-07-08 22:43 - 2012-06-20 22:40 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 22:43 - 2012-06-20 22:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 23:03 - 2014-06-27 21:49 - 00000000 ____D () C:\Users\Christine\Documents\Corel
2014-07-06 10:39 - 2014-06-25 22:01 - 00000000 ____D () C:\Users\Christine\Documents\Hochzeit Sandrina und Malte
2014-07-04 23:48 - 2014-07-04 23:48 - 00001928 _____ () C:\Users\Christine\Desktop\CorelDRW.exe - Verknüpfung.lnk
2014-07-04 22:45 - 2014-06-27 20:47 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X6
2014-07-01 23:15 - 2014-07-01 23:15 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00001168 _____ () C:\Users\Public\Desktop\Express Burn.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00001128 _____ () C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2014-07-01 23:15 - 2014-07-01 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2014-06-30 18:22 - 2014-05-05 18:50 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-06-29 11:05 - 2014-07-22 22:06 - 00000000 ____D () C:\Users\Katze\Documents\Visual Studio 2008
2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008
2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008
2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\G Data
2014-06-27 23:48 - 2014-06-27 21:29 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-06-27 23:37 - 2014-05-30 11:09 - 00508696 _____ () C:\windows\system32\FNTCACHE.DAT
2014-06-27 21:57 - 2014-06-27 21:57 - 00000000 ____D () C:\Users\Christine\Documents\Meine Paletten
2014-06-27 21:57 - 2014-06-27 21:56 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Corel
2014-06-27 21:57 - 2014-06-27 21:56 - 00000000 ____D () C:\ProgramData\Protexis
2014-06-27 21:57 - 2014-05-30 11:07 - 00136736 _____ () C:\Users\Christine\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-27 21:51 - 2014-06-27 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-06-27 21:49 - 2014-06-27 21:49 - 00000000 ____D () C:\Users\Christine\Documents\Visual Studio 2008
2014-06-27 21:47 - 2014-06-27 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-06-27 21:46 - 2014-06-27 21:52 - 00002305 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator.lnk
2014-06-27 21:46 - 2014-06-27 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
2014-06-27 21:45 - 2014-06-27 21:45 - 00000000 ____D () C:\ProgramData\Corel
2014-06-27 21:43 - 2014-06-27 21:52 - 00002641 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk
2014-06-27 21:42 - 2014-06-27 21:42 - 00000000 ____D () C:\Users\Public\Documents\Corel
2014-06-27 21:28 - 2014-06-27 21:28 - 00000000 ____D () C:\Program Files (x86)\orel
2014-06-25 20:02 - 2014-06-25 20:02 - 00000000 ___DC () C:\ProgramData\{DDD17DCD-CFF8-47AC-AEB9-EBD74DBE5A3E}
2014-06-23 22:02 - 2011-03-28 17:15 - 00000000 ____D () C:\Users\Christine\Documents\Sandrina
Some content of TEMP:
====================
C:\Users\Christine\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 14:47
==================== End Of Log ============================
und die zweite: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Christine at 2014-07-22 22:22:59
Running from C:\Users\Christine\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity CBE (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity CBE (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.0.1 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A90100000001}) (Version: 9.0.1 - Adobe Systems Incorporated)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
calibre (HKLM-x32\...\{C18E004E-8C44-4F63-91DD-7ABF7DECD712}) (Version: 0.8.8 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{761B6C00-A23A-4F17-9D23-CB7E48307314}) (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 16.1.843 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.1.843 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x32 Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM-x32\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x32 Version: 16.1 - Corel Corporation) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2421a - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2421a - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version: - Microsoft)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.69 - NCH Software)
Facemoods Toolbar (HKLM-x32\...\facemoods) (Version: - ) <==== ATTENTION
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
FreeTVDownloader (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - 1clickmoviedownloader.com) <==== ATTENTION
G Data InternetSecurity CBE (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.10400.2.65 - Nero AG) Hidden
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.38.2.9 - Silicon Motion)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo ReadyComm 5 (HKLM-x32\...\{17542DBF-E17C-4562-BC4D-FA3EF3076C45}) (Version: 5.1.1.20 - Lenovo)
Lenovo ReadyComm 5.0 Service (HKLM-x32\...\{76C66170-C538-4E77-B54D-48E136B5B533}) (Version: 5.0.0.1 - Lenovo Group Limited)
maxdome - Online Videothek Version 3.1.0 (HKLM\...\maxdome - Online Videothek_is1) (Version: - maxdome)
maxdome Download Manager 4.1.300.78 (HKLM-x32\...\{E948B551-08DB-4163-8995-8C43B03D1B19}) (Version: 4.1.30078 - Prosieben)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (x32 Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) German (x32 Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MixPad Audiodatei-Mixer (HKLM-x32\...\MixPad) (Version: 3.59 - NCH Software)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Driver Installation (HKLM-x32\...\{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}) (Version: 2.7.2 - Motorola Inc.)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Motorola Phone Tools (HKLM-x32\...\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}) (Version: 5.0.7a 4/01/2008 - Avanquest Software)
Motorola Phone Tools (x32 Version: 4.30 - BVRP Software) Hidden
Motorola Phone Tools (x32 Version: 5.00 - BVRP Software) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.15000.1.12 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{A1E56F7E-B986-431A-9AAC-89F06DC9FE38}) (Version: 11.0.14900 - Nero AG)
Nero Kwik Media (x32 Version: 1.10.19300.93.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10200 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.10623.22.0 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20007 - Nero AG) Hidden
Onekey Theater (HKLM-x32\...\{DFB19121-0609-49C1-92B1-546E5A940FE8}) (Version: 2.0.1.7 - Lenovo)
Only Chrome Toolbar (HKLM-x32\...\Only Chrome Toolbar) (Version: - OnlySearch)
Only-search (HKCU\...\onlysearch) (Version: - onlysearch)
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Prism Videodatei-Konverter (HKLM-x32\...\Prism) (Version: 2.09 - NCH Software)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.53 - NCH Software)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.0.1211 - Lenovo)
VideoFileDownload (HKLM-x32\...\vfd-ob) (Version: 1.0 - VideoFileDownload)
Vodafone Mobile Connect Lite Huawei (HKLM-x32\...\{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}) (Version: 9.3.0.9237 - Vodafone)
WavePad Audio-Editor (HKLM-x32\...\WavePad) (Version: 5.91 - NCH Software)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Winload Toolbar (HKLM-x32\...\Winload Toolbar) (Version: 6.3.3.3 - Winload)
WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version: - )
Yontoo 2.052 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 2.052 - Yontoo LLC) <==== ATTENTION
==================== Restore Points =========================
06-07-2014 17:00:56 Windows-Sicherung
08-07-2014 11:42:24 Windows Update
10-07-2014 12:27:38 Windows Update
15-07-2014 11:33:38 Windows Update
20-07-2014 18:24:08 Windows-Sicherung
22-07-2014 11:30:59 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03527549-5429-4EEE-B6FB-AA44705728DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20] (Google Inc.)
Task: {0C642E5F-53BE-46B0-9A5D-F2B2F29D7536} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {13B0B831-807A-496B-8679-97B36B885A17} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {14676C18-CC32-4E97-89A4-8D2214389E9B} - System32\Tasks\{65B518FB-E6ED-4077-93B9-59EA571CEEDF} => C:\Program Files (x86)\AutoStarter.exe
Task: {19FDEA5F-3554-43CD-8834-DA6FE6712629} - System32\Tasks\eed37df1-8eca-4f41-97fd-6c00215d3ab5-11 => C:\Program Files (x86)\1ClickMovie-Download V9.0\eed37df1-8eca-4f41-97fd-6c00215d3ab5-11.exe
Task: {297DDC81-9536-448E-8AD2-AC517428B44B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {2B6464A6-5559-4C57-9676-5B1767D332C3} - System32\Tasks\{ADA193DB-853F-436C-B163-667CC6118240} => C:\Program Files (x86)\AutoStarter.exe
Task: {365F40C8-8C3A-4273-AE80-63D6951FD0B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20] (Google Inc.)
Task: {5F2F973D-7369-41E2-B39B-D7B621FECCDE} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {6FDB9DAB-6179-4667-8F62-4CF18A94A0EE} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {70218373-EE91-4498-BB65-55D59D491234} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {74C0F891-81B2-4B5C-8FC5-7CF7EED152B1} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {761F9FB4-530C-412E-97C6-32B55639E81C} - System32\Tasks\{76758C4A-75E8-42DB-97B5-C03DC07C6D32} => C:\Program Files (x86)\AutoStarter.exe
Task: {85F7BB55-8C1C-4C8C-B684-EECE178C751D} - System32\Tasks\{D0B56CBA-01A1-43A3-A2B2-24F7C1F12402} => C:\Program Files (x86)\AutoStarter.exe
Task: {86524946-7D43-454C-AEE8-2230BF55232D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {893F35F9-7149-43AC-B1F1-C4CE3598BA0C} - System32\Tasks\{3E8B7C63-A122-455C-910C-6DB52E953D3E} => C:\Program Files (x86)\AutoStarter.exe
Task: {8BF31094-8779-4FCA-B123-755CAF78C553} - System32\Tasks\{1D6AC5E9-D9CF-4245-A562-1C6F067D00DD} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {9B133AE9-724F-4836-8473-12AB70EC0385} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {C5D68619-6905-4790-B490-1AA4610523D0} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {C764651B-786C-4F54-8F4A-D3AD1409913A} - System32\Tasks\{DC42F90D-7644-4FC6-9D14-B4AD626DF6F5} => C:\Program Files (x86)\AutoStarter.exe
Task: {CA8ED1D9-F5CE-4CC5-A2B1-2DA56E43C120} - System32\Tasks\{82394E3F-8835-4A40-BEDE-6901F61F8A3C} => C:\Program Files (x86)\AutoStarter.exe
Task: {D0847544-B8DF-4938-8905-93FDC454065B} - System32\Tasks\{895D5CAA-B751-4E60-90FC-ACDDCCBAC414} => C:\Program Files (x86)\AutoStarter.exe
Task: {DBC0314E-08A6-459B-BA0C-CEF074576A61} - System32\Tasks\{DFAC059B-D343-4E19-B623-68DE8759CAD4} => C:\Program Files (x86)\AutoStarter.exe
Task: {DD2D8BD8-DD2B-4EB1-8679-74406204AFE6} - System32\Tasks\EPUpdater => C:\Users\Christine\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-12-12] () <==== ATTENTION
Task: {F00D0059-A8BE-4567-9D3F-859B94C1A255} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {F96A15D6-9951-4506-85B1-2873EB0E9140} - System32\Tasks\Only-search => C:\Users\Christine\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe [2014-07-09] (Pay By Ads LTD)
Task: {FA13AF20-D5B5-4BE9-88B3-516F7CE61CFF} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {FE59A32B-0210-4740-B0F0-002C470F971E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-18 12:12 - 2014-06-18 12:12 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-04-15 15:59 - 2014-04-15 15:59 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-09-17 08:40 - 2010-09-17 08:40 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-09-17 08:50 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-09-17 08:50 - 2009-07-15 17:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2009-05-01 17:57 - 2009-05-01 17:57 - 00088808 _____ () C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe
2014-06-18 12:17 - 2014-06-18 12:17 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 01057512 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00627944 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00514352 _____ () C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll
2009-05-01 17:58 - 2009-05-01 17:58 - 00517352 _____ () C:\Program Files (x86)\maxdome\DCBin\PocoXML.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-09-17 08:19 - 2010-04-20 22:41 - 00318976 _____ () C:\windows\system32\370prop.ax
2010-09-17 08:40 - 2010-09-17 08:40 - 00492896 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Christine\Documents\Behinderung Änderungsbogen ausfüllen.doc:AFP_Resource
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/22/2014 10:19:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x80070003, Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\>.
Error: (07/22/2014 10:19:42 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: Der Gatherer-Dienst kann nicht initialisiert werden.
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x80070003, Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\>.
Error: (07/22/2014 10:07:42 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: Der Gatherer-Dienst kann nicht initialisiert werden.
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:35 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x80070003, Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\>.
Error: (07/22/2014 10:07:35 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: Der Gatherer-Dienst kann nicht initialisiert werden.
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x80070003, Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\>.
Error: (07/22/2014 10:07:28 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: Der Gatherer-Dienst kann nicht initialisiert werden.
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:20 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x80070003, Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\>.
Error: (07/22/2014 10:07:20 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description: Der Gatherer-Dienst kann nicht initialisiert werden.
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
System errors:
=============
Error: (07/22/2014 10:19:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 11 Mal passiert.
Error: (07/22/2014 10:19:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3
Error: (07/22/2014 10:07:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 10 Mal passiert.
Error: (07/22/2014 10:07:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3
Error: (07/22/2014 10:07:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 9 Mal passiert.
Error: (07/22/2014 10:07:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3
Error: (07/22/2014 10:07:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 8 Mal passiert.
Error: (07/22/2014 10:07:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3
Error: (07/22/2014 10:07:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.
Error: (07/22/2014 10:07:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%3
Microsoft Office Sessions:
=========================
Error: (07/22/2014 10:19:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\
Error: (07/22/2014 10:19:42 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\
Error: (07/22/2014 10:07:42 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:35 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\
Error: (07/22/2014 10:07:35 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:28 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\
Error: (07/22/2014 10:07:28 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
Error: (07/22/2014 10:07:20 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x80070003Fehler beim Erstellen des Anwendungsverzeichnisses: E:\Festplatte Yakumo\Search\Data\Applications\
Error: (07/22/2014 10:07:20 PM) (Source: Windows Search Service) (EventID: 3030) (User: )
Description:
Details:
Der temporäre Ordner befindet sich auf einem Laufwerk, das entweder voll ist, oder es ist kein Zugriff darauf möglich. Geben Sie zusätzlichen Speicherplatz auf dem Laufwerk frei, oder stellen Sie sicher, dass Sie Schreibzugriff auf den temporären Ordner haben. (HRESULT : 0x80070660) (0x80070660)
CodeIntegrity Errors:
===================================
Date: 2014-05-09 16:46:50.542
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-09 16:46:50.542
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-09 16:46:50.482
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-09 16:46:50.472
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-09 16:46:50.472
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-09 16:46:50.462
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-06 20:33:29.745
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-06 20:33:29.745
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-06 20:33:29.715
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-06 20:33:29.655
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 2934.85 MB
Available physical RAM: 1338.93 MB
Total Pagefile: 5867.84 MB
Available Pagefile: 3537.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:421.81 GB) (Free:336.16 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:0 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0FE3D82D)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)
==================== End Of Log ============================
... hat - glaube ich - funktioniert, oder? :-) Liebe Grüße Computermom |
|
22.07.2014, 22:50
| #4 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbarZitat:
 Aber leider läuft auf dem Rechner wirklich Malware, daher bis zum clean keine sensiblen Logins. Passwörter (für Bank, paypal etc.) vom Handy oder einem sauberen PC bitte ändern. Schritt 1 Bitte deinstalliere folgende Programme: Yontoo 2.052 MyPC Backup Facemoods Toolbar Conduit Engine FreeTVDownloader Versuche es bei Windows 7  zunächst über Systemsteuerung/Programme deinstallieren. Sollte das nicht gehen, lade Dir bitte Revo Uninstaller  hier herunter. Entpacke die zip-Datei auf den Desktop.
Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter. Auch wenn am Ende noch Programme übrig geblieben sind, führe den nächsten Schritt aus: Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3  Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files (x86)\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\G DATA <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Kaspersky Lab <====== ATTENTION
Schritt 4 Scan mit Combofix
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
22.07.2014, 23:01
| #5 |
| | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hallo Jürgen, ...uihh, da ist ja ne Menge zu erledigen - leider muss ich in 6 Stunden wieder "raus" und mache das lieber morgen in Ruhe (ich habe jetzt ja "ein Licht am Horizont") :-) Noch mal vielen lieben Dank - ich mache mich gleich morgen Nachmittag "an die Arbeit" und melde mich dann wieder. Ich hoffe, das ist OK? Gute Nacht und liebe Grüße |
|
22.07.2014, 23:02
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Klar muss auch um 5h aufstehen... 
__________________ --> Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar |
|
23.07.2014, 16:12
| #7 |
| | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hallo Jürgen, habe jetzt Schritt 1 und 2 ausgeführt - hier die Logdatei: Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 23/07/2014 um 16:59:21
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Christine - LAPTOP
# Gestartet von : C:\Users\Christine\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : d0e87c27
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AppReady Software
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\SNT
Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\save naeot
Ordner Gelöscht : C:\ProgramData\YoutubeAdblocker
Ordner Gelöscht : C:\Program Files (x86)\1ClickMovie-Download V9.0
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\facemoods.com
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\goforfiles
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Smartdl
Ordner Gelöscht : C:\Program Files (x86)\SNT
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\SW-Booster
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\Program Files (x86)\save naeot
Ordner Gelöscht : C:\Program Files (x86)\YoutubeAdblocker
Ordner Gelöscht : C:\Program Files (x86)\Winload
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Christine\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Users\Christine\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Christine\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Christine\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Systweak
Ordner Gelöscht : C:\Users\Christine\AppData\Local\torch
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Christine\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\Advanced System Protector
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Christine\AppData\Roaming\Yontoo
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Katze\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Manuel\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Manuel\AppData\Local\torch
Ordner Gelöscht : C:\Users\Manuel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Manuel\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Manuel\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Manuel\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Manuel\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
Ordner Gelöscht : C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
Ordner Gelöscht : C:\Users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
Ordner Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
[!] Ordner Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngnjhfpfhadncgafgbneeljaginimmmk
Datei Gelöscht : C:\windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Christine\Desktop\Search.lnk
Datei Gelöscht : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258\user.js
Datei Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx
Datei Gelöscht : C:\windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\windows\System32\Tasks\Express FilesUpdate
Datei Gelöscht : C:\windows\System32\Tasks\GoforFilesUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lightningnewtab@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKCU\Software\f2db88b73fe941
Schlüssel Gelöscht : HKLM\SOFTWARE\f2db88b73fe941
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_7-zip_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_7-zip_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_coreldraw[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_coreldraw[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C8A93EF6-7A73-4BF1-B6BD-2484A12C6252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C8A93EF6-7A73-4BF1-B6BD-2484A12C6252}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01493302-6D25-4556-AC9F-A910C275C317}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78AEF0E5-5A68-4C8D-B998-D218F4A99B09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\SearchProtectINT
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Supra Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\winload
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\awesomehpSoftware
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\GoforFiles
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\SW-Booster
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\winload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\suprasavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SW-BOO~1\ASSIST~2.DLL
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7600.17267
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258\prefs.js ]
[ Datei : C:\Users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\hwbooi73.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [22179 octets] - [23/07/2014 16:50:33]
AdwCleaner[S0].txt - [20032 octets] - [23/07/2014 16:59:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20093 octets] ##########
|
|
23.07.2014, 16:55
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Prima! Und die anderen Schritte auch noch...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.07.2014, 17:55
| #9 |
| | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hallo Jürgen, ...jetzt komme ich nicht weiter. Bis Schritt 3 gings noch, aber Combofix kann ich nicht downloaden - es kommt die Meldung: "Webseite gesperrt! G Data InternetSecurity CBE hat den Zugriff auf diese Webseite verweigert. Es handelt sich hierbei um eine bekannte Phishing-Seite." Hat das seine Richtigkeit? Viele Grüße |
|
23.07.2014, 18:02
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Ich sag mal so: Als Anwender und Kunde wäre ich zufriedener, wenn GDATA Malware blockieren würde anstatt Websites mit Antimalwaretools...  Aber für den Scan muss er sowieso temporär deaktiviert werden. Also mache das gleich und lade Combofix vom Link wie angegeben. 
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.07.2014, 18:26
| #11 |
| | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar ...nix zu machen - Echtzeitschutz, Virenprüfung und Firewall sind alle deaktiviert und dennoch kommt die Meldung, sobald ich auf obigen link klicke. Selbst Neustart habe ich schon versucht... |
|
23.07.2014, 18:39
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hi, schau mal in Deine privaten Nachrichten bitte...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.07.2014, 19:15
| #13 |
| | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hi, ... es wird! :-) Hier die Logfile: Code:
ATTFilter ComboFix 14-07-22.01 - Christine 23.07.2014 19:54:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2935.1294 [GMT 2:00]
ausgeführt von:: c:\users\Christine\Desktop\ComboFix.exe
AV: G Data InternetSecurity CBE *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G Data Personal Firewall *Enabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G Data InternetSecurity CBE *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Christine\4.0
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Christine\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Christine\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Christine\AppData\Roaming\FoxitReaderUpdateInfo.txt
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Manuel\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\background.html
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\content.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\lsdb.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\manifest.json
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil\1.0\qaSgJAX5.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\background.html
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\content.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\lsdb.js
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\manifest.json
c:\users\Manuel\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh\5.14\rA50oqOGq4.js
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\background.html
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\content.js
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\jWxkPY.js
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\lsdb.js
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanogbnclpilemkifpjeglokomebpnef\114\manifest.json
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\background.html
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\content.js
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\kEl8m.js
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\lsdb.js
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\manifest.json
c:\users\Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nghoabofpbfieddicieejihhpmjdankk\2.1\newtab.html
c:\windows\s.bat
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-23 bis 2014-07-23 ))))))))))))))))))))))))))))))
.
.
2014-07-23 18:05 . 2014-07-23 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-23 18:05 . 2014-07-23 18:05 -------- d-----w- c:\users\Manuel\AppData\Local\temp
2014-07-23 14:49 . 2014-07-23 15:00 -------- d-----w- C:\AdwCleaner
2014-07-22 20:21 . 2014-07-23 16:42 -------- d-----w- C:\FRST
2014-07-22 20:06 . 2014-07-22 20:07 -------- d-----w- c:\users\Katze
2014-07-22 19:57 . 2014-07-22 19:57 -------- d-----w- C:\found.006
2014-07-22 11:32 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{08E3CCE5-FF85-4D35-B9D0-F796F592507C}\mpengine.dll
2014-07-19 09:43 . 2014-07-19 09:43 -------- d-----w- C:\Intel
2014-07-10 20:30 . 2014-07-10 20:30 -------- d-----w- c:\programdata\IqdetOxyuv
2014-07-09 17:17 . 2014-07-09 17:17 -------- d-----w- c:\users\Christine\AppData\Local\onlysearch
2014-07-01 21:12 . 2014-07-09 17:54 -------- d-----w- c:\program files (x86)\Musik-Konverter
2014-06-28 14:26 . 2014-06-28 14:26 -------- d-----w- c:\users\Christine\AppData\Roaming\G Data
2014-06-27 19:56 . 2014-06-27 19:57 -------- d-----w- c:\users\Christine\AppData\Roaming\Corel
2014-06-27 19:56 . 2014-06-27 19:57 -------- d-----w- c:\programdata\Protexis
2014-06-27 19:47 . 2014-06-27 19:47 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-06-27 19:47 . 2014-06-27 19:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2014-06-27 19:46 . 2014-06-27 19:46 -------- d-----w- c:\program files (x86)\Common Files\Corel
2014-06-27 19:45 . 2014-06-27 19:45 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2014-06-27 19:45 . 2014-06-27 19:45 -------- d-----w- c:\programdata\Corel
2014-06-27 19:29 . 2014-06-27 21:48 -------- d-----w- c:\program files (x86)\Corel
2014-06-27 19:28 . 2014-06-27 19:28 -------- d-----w- c:\program files (x86)\orel
2014-06-25 18:02 . 2014-06-25 18:02 -------- dc----w- c:\programdata\{DDD17DCD-CFF8-47AC-AEB9-EBD74DBE5A3E}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-10 12:33 . 2011-03-18 16:01 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 20:43 . 2012-06-20 20:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 20:43 . 2012-06-20 20:40 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-10 17:51 . 2014-05-10 17:51 18160 ----a-w- c:\windows\system32\drivers\GdPhyMem.sys
2014-05-10 17:51 . 2014-05-10 17:51 106272 ----a-w- c:\windows\system32\drivers\GRD.sys
2014-05-10 17:40 . 2014-05-10 17:40 68608 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
2014-05-10 17:39 . 2014-05-10 17:39 64000 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
2014-05-10 17:39 . 2014-05-10 17:39 65024 ----a-w- c:\windows\system32\drivers\HookCentre.sys
2014-05-10 17:39 . 2014-05-10 17:39 57344 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2014-05-10 17:39 . 2014-05-10 17:39 135168 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"onlysearch"="c:\users\Christine\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe" [2014-07-09 535984]
"IqdetOxyuv"="c:\programdata\IqdetOxyuv\IqdetOxyuv.dat" [2014-07-20 251052]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-09-17 3122528]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2009-12-22 167008]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2013-12-19 1724728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
maxdome Download Manager.lnk - c:\program files (x86)\maxdome\DCBin\DCTrayApp.exe /accountId:Prosieben [2009-5-1 88808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe;c:\program files\Lenovo\ReadyComm\AppSvc.exe [x]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys;c:\windows\SYSNATIVE\DRIVERS\motodrv.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x]
R4 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 Prosieben;maxdome Download Manager;c:\program files (x86)\maxdome\DCBin\DCService.exe;c:\program files (x86)\maxdome\DCBin\DCService.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys;c:\windows\SYSNATIVE\DRIVERS\SMIksdrv.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-22 21:06 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-10 20:43]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 20:18]
.
2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 20:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-09-17 06:40 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 413720]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2009-12-19 776608]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;192.168.*.*
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{95854361-CF39-425E-9827-A77A8701A571}: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{95854361-CF39-425E-9827-A77A8701A571}\5667E20245167657E6763737471656474756: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{95854361-CF39-425E-9827-A77A8701A571}\64259445A51224F6870264F6E60275C414E40273137303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{95854361-CF39-425E-9827-A77A8701A571}\D616873707F6472457277686F64756C6: DhcpNameServer = 10.22.11.1
FF - ProfilePath - c:\users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258\
FF - prefs.js: browser.search.selectedEngine - Ixquick HTTPS - Deutsch
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-ExpressBurn - c:\program files (x86)\NCH Software\ExpressBurn\expressburn.exe
AddRemove-MixPad - c:\program files (x86)\NCH Software\MixPad\mixpad.exe
AddRemove-Only Chrome Toolbar - c:\users\Christine\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
AddRemove-Prism - c:\program files (x86)\NCH Software\Prism\prism.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\switch.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Prosieben]
"ImagePath"="\"c:\program files (x86)\maxdome\DCBin\DCService.exe\" /accountid:Prosieben"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-23 20:09:13
ComboFix-quarantined-files.txt 2014-07-23 18:09
.
Vor Suchlauf: 13 Verzeichnis(se), 362.311.778.304 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 361.765.990.400 Bytes frei
.
- - End Of File - - 96070BFF5F120042D6C735D22821F45A
|
|
23.07.2014, 20:03
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hi, Schritt 1  Malwarebytes Antimalware
Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
23.07.2014, 21:13
| #15 |
| | Dieses Programm wurde durch eine Gruppenrichtlinie geblockt - G-Data nicht startbar Hallo Jürgen, nach einigen Schwierigkeiten hier das Ergebnis von Schritt 1: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.07.2014 Suchlauf-Zeit: 21:29:45 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.03.04.09 Rootkit Datenbank: v2014.02.20.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Christine Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 335858 Verstrichene Zeit: 16 Min, 35 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 2 PUP.Optional.PriceGong.A, HKU\S-1-5-21-2287044523-212396693-2668882309-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [ccb18d51b5c5b0864d54eea0738fe21e], PUP.Optional.BProtector.A, HKU\S-1-5-21-2287044523-212396693-2668882309-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\BPROTECTSETTINGS, In Quarantäne, [7a03419daad047ef4db966485fa41ae6], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[334ad806ee8c9f9780c3c56a8a7ae11f] Ordner: 1 PUP.Optional.Lightning.A, C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, In Quarantäne, [67168658bebc8da9d98ae0a9c63c8d73], Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01 Ran by Christine (administrator) on LAPTOP on 23-07-2014 22:10:07 Running from C:\Users\Christine\Desktop Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Entriq, Inc.) C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Vodafone) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Pay By Ads LTD) C:\Users\Christine\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe () C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-19] (Lenovo) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4367808 2009-12-17] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-17] (Lenovo (Beijing) Limited) HKLM\...\Run: [Windows Mobile Device Center] => C:\windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2010-09-17] (Lenovo) HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167008 2009-12-22] (CyberLink Corp.) HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-04] (CyberLink Corp.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [786760 2009-07-26] (Microsoft Corporation) HKU\.DEFAULT\...\Winlogon: [Shell] C:\windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-19\...\Winlogon: [Shell] C:\windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\windows\explorer.exe [2870272 2011-02-26] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [onlysearch] => C:\Users\Christine\AppData\Local\onlysearch\onlysearch\1.3.8.11\onlysearch.exe [535984 2014-07-09] (Pay By Ads LTD) HKU\S-1-5-21-2287044523-212396693-2668882309-1000\...\Run: [IqdetOxyuv] => regsvr32.exe "C:\ProgramData\IqdetOxyuv\IqdetOxyuv.dat" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maxdome Download Manager.lnk ShortcutTarget: maxdome Download Manager.lnk -> C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe () Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {1F6D60F7-55FF-409C-90F3-4E9F6F6BA524} URL = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch SearchScopes: HKCU - {1F6D60F7-55FF-409C-90F3-4E9F6F6BA524} URL = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=deutsch BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258 FF DefaultSearchEngine: Ixquick HTTPS - Deutsch FF SelectedSearchEngine: Ixquick HTTPS - Deutsch FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\q468d3ub.default-1405356863258\searchplugins\ixquick-https---deutsch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-03-20] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Kaspersky URL Advisor) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-11-07] CHR Extension: (Safe Money) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-11-07] CHR Extension: (Content Blocker) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-11-07] CHR Extension: (No Name) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2013-11-07] CHR Extension: (Virtual Keyboard) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-11-07] CHR Extension: (Mein Gutscheincode Finder) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo [2013-11-07] CHR Extension: (No Name) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmeochhmglldbidpaknjmnodlpnlgkil [2014-05-05] CHR Extension: (No Name) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc [2013-11-07] CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07] CHR Extension: (Anti-Banner) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-11-07] CHR Extension: (No Name) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcnfjlofodchofkcmegcooogkncfmlh [2014-05-05] ==================== Services (Whitelisted) ================= R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG) S4 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.) R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG) S4 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited) S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited) S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited) S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] () R2 Prosieben; C:\Program Files (x86)\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.) S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited) S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software) R2 VMCService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [24576 2008-03-13] (Vodafone) [File not signed] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2012-07-26] () S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-16] (Lenovo) R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-10] (G Data Software AG) R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [135168 2014-05-10] (G Data Software AG) R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [68608 2014-05-10] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-10] (G Data Software AG) U0 ggamijo; C:\Windows\System32\drivers\uaxsko.sys [79064 2014-07-23] (Malwarebytes Corporation) R1 GRD; C:\windows\system32\drivers\GRD.sys [106272 2014-05-10] (G Data Software) R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [65024 2014-05-10] (G Data Software AG) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-01-08] () R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI) R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo) U3 BcmSqlStartupSvc; S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 IviRegMgr; S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 MotDev; system32\DRIVERS\motodrv.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] U2 RichVideo; U3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-23 22:09 - 2014-07-23 22:09 - 00000000 ____D () C:\Users\Christine\Desktop\FRST-OlderVersion 2014-07-23 21:48 - 2014-07-23 21:48 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\uaxsko.sys 2014-07-23 21:27 - 2014-07-23 21:29 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-23 21:26 - 2014-07-23 21:26 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-23 21:26 - 2014-07-23 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-23 21:26 - 2014-07-23 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-23 21:26 - 2014-07-23 21:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-23 21:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-07-23 21:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-07-23 21:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-07-23 21:15 - 2014-07-23 21:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christine\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-23 21:12 - 2014-07-23 21:12 - 00000326 _____ () C:\Users\Christine\Desktop\Fehlermeldung.txt 2014-07-23 20:09 - 2014-07-23 20:09 - 00063382 _____ () C:\ComboFix.txt 2014-07-23 19:51 - 2014-07-23 20:09 - 00000000 ____D () C:\Qoobox 2014-07-23 19:51 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe 2014-07-23 19:51 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe 2014-07-23 19:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2014-07-23 19:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2014-07-23 19:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2014-07-23 19:51 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe 2014-07-23 19:51 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe 2014-07-23 19:51 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe 2014-07-23 19:49 - 2014-07-23 19:42 - 05562024 ____R (Swearware) C:\Users\Christine\Desktop\ComboFix.exe 2014-07-23 19:43 - 2014-07-23 20:07 - 00000000 ____D () C:\windows\erdnt 2014-07-23 16:49 - 2014-07-23 17:00 - 00000000 ____D () C:\AdwCleaner 2014-07-23 16:45 - 2014-07-23 16:45 - 01354223 _____ () C:\Users\Christine\Desktop\adwcleaner_3.216.exe 2014-07-23 16:30 - 2014-07-23 16:32 - 00000000 ____D () C:\Users\Christine\Desktop\revouninstaller-portable 2014-07-23 16:25 - 2014-07-23 16:25 - 03007700 _____ () C:\Users\Christine\Desktop\revouninstaller.zip 2014-07-22 22:22 - 2014-07-22 22:23 - 00050901 _____ () C:\Users\Christine\Desktop\Addition.txt 2014-07-22 22:21 - 2014-07-23 22:10 - 00018481 _____ () C:\Users\Christine\Desktop\FRST.txt 2014-07-22 22:21 - 2014-07-23 22:10 - 00000000 ____D () C:\FRST 2014-07-22 22:06 - 2014-07-23 20:59 - 00000000 ____D () C:\Users\Katze 2014-07-22 21:58 - 2014-07-22 21:58 - 00003408 ____N () C:\bootsqm.dat 2014-07-22 21:57 - 2014-07-22 21:57 - 00000000 ____D () C:\found.006 2014-07-22 21:22 - 2014-07-23 22:09 - 02091520 _____ (Farbar) C:\Users\Christine\Desktop\FRST64.exe 2014-07-22 20:41 - 2014-07-23 19:13 - 00000225 _____ () C:\Users\Christine\Desktop\Hilfe geblockt.txt 2014-07-19 11:43 - 2014-07-19 11:43 - 00000000 ____D () C:\Intel 2014-07-15 21:33 - 2014-07-15 21:33 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Audio-Editor.lnk 2014-07-15 21:33 - 2014-07-15 21:33 - 00001140 _____ () C:\Users\Public\Desktop\WavePad Audio-Editor.lnk 2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme 2014-07-15 21:22 - 2014-07-15 21:22 - 00003248 _____ () C:\windows\System32\Tasks\{37750657-CE3C-402A-8B0F-0A394DCE35E9} 2014-07-14 18:54 - 2014-07-14 18:54 - 00000000 ____D () C:\Users\Christine\Desktop\Alte Firefox-Daten 2014-07-10 22:30 - 2014-07-10 22:30 - 00000000 ____D () C:\ProgramData\IqdetOxyuv 2014-07-09 19:17 - 2014-07-09 22:17 - 00001424 _____ () C:\Users\Christine\Desktop\Only-search.lnk 2014-07-09 19:17 - 2014-07-09 19:17 - 00003556 _____ () C:\windows\System32\Tasks\Only-search 2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Local\onlysearch 2014-07-08 23:34 - 2014-07-08 23:35 - 00006860 _____ () C:\windows\System32\Tasks\eed37df1-8eca-4f41-97fd-6c00215d3ab5-11 2014-07-06 01:57 - 2014-07-15 23:03 - 00007168 _____ () C:\Users\Christine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-04 23:48 - 2014-07-04 23:48 - 00001928 _____ () C:\Users\Christine\Desktop\CorelDRW.exe - Verknüpfung.lnk 2014-07-01 23:15 - 2014-07-09 19:37 - 00000000 ____D () C:\Users\Christine\Documents\Mixpad Projects 2014-07-01 23:15 - 2014-07-09 19:24 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audiodatei-Mixer.lnk 2014-07-01 23:15 - 2014-07-09 19:24 - 00001136 _____ () C:\Users\Public\Desktop\MixPad Audiodatei-Mixer.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00001168 _____ () C:\Users\Public\Desktop\Express Burn.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00001128 _____ () C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2014-07-01 23:14 - 2014-07-22 21:33 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software 2014-07-01 23:13 - 2014-07-09 19:38 - 00001156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Audiodatei-Konverter.lnk 2014-07-01 23:13 - 2014-07-09 19:38 - 00001144 _____ () C:\Users\Public\Desktop\Switch Audiodatei-Konverter.lnk 2014-07-01 23:12 - 2014-07-09 19:54 - 00000000 ____D () C:\Program Files (x86)\Musik-Konverter 2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008 2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008 2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\G Data 2014-06-27 21:57 - 2014-06-27 21:57 - 00000000 ____D () C:\Users\Christine\Documents\Meine Paletten 2014-06-27 21:56 - 2014-06-27 21:57 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Corel 2014-06-27 21:56 - 2014-06-27 21:57 - 00000000 ____D () C:\ProgramData\Protexis 2014-06-27 21:52 - 2014-06-27 21:46 - 00002305 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator.lnk 2014-06-27 21:52 - 2014-06-27 21:43 - 00002641 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk 2014-06-27 21:49 - 2014-07-06 23:03 - 00000000 ____D () C:\Users\Christine\Documents\Corel 2014-06-27 21:49 - 2014-06-27 21:49 - 00000000 ____D () C:\Users\Christine\Documents\Visual Studio 2008 2014-06-27 21:47 - 2014-06-27 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-06-27 21:47 - 2014-06-27 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2014-06-27 21:45 - 2014-06-27 21:45 - 00000000 ____D () C:\ProgramData\Corel 2014-06-27 21:42 - 2014-06-27 21:42 - 00000000 ____D () C:\Users\Public\Documents\Corel 2014-06-27 21:40 - 2014-06-27 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 2014-06-27 21:29 - 2014-06-27 23:48 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-06-27 21:28 - 2014-06-27 21:28 - 00000000 ____D () C:\Program Files (x86)\orel 2014-06-27 20:47 - 2014-07-04 22:45 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X6 2014-06-25 22:01 - 2014-07-06 10:39 - 00000000 ____D () C:\Users\Christine\Documents\Hochzeit Sandrina und Malte 2014-06-25 20:02 - 2014-06-25 20:02 - 00000000 ___DC () C:\ProgramData\{DDD17DCD-CFF8-47AC-AEB9-EBD74DBE5A3E} 2014-06-23 19:31 - 2014-07-11 20:46 - 00024064 ___SH () C:\Users\Christine\Documents\Thumbs.db ==================== One Month Modified Files and Folders ======= 2014-07-23 22:10 - 2014-07-22 22:21 - 00018481 _____ () C:\Users\Christine\Desktop\FRST.txt 2014-07-23 22:10 - 2014-07-22 22:21 - 00000000 ____D () C:\FRST 2014-07-23 22:09 - 2014-07-23 22:09 - 00000000 ____D () C:\Users\Christine\Desktop\FRST-OlderVersion 2014-07-23 22:09 - 2014-07-22 21:22 - 02091520 _____ (Farbar) C:\Users\Christine\Desktop\FRST64.exe 2014-07-23 21:57 - 2011-03-20 22:17 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Skype 2014-07-23 21:48 - 2014-07-23 21:48 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\uaxsko.sys 2014-07-23 21:43 - 2012-06-20 22:40 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-07-23 21:29 - 2014-07-23 21:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-23 21:26 - 2014-07-23 21:26 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-23 21:26 - 2014-07-23 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-23 21:26 - 2014-07-23 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-23 21:26 - 2014-07-23 21:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-23 21:24 - 2010-09-17 07:59 - 01724760 _____ () C:\windows\WindowsUpdate.log 2014-07-23 21:16 - 2014-07-23 21:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christine\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-23 21:12 - 2014-07-23 21:12 - 00000326 _____ () C:\Users\Christine\Desktop\Fehlermeldung.txt 2014-07-23 21:05 - 2009-07-14 06:45 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-23 21:05 - 2009-07-14 06:45 - 00013424 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-23 20:59 - 2014-07-22 22:06 - 00000000 ____D () C:\Users\Katze 2014-07-23 20:57 - 2014-05-10 19:07 - 00005213 _____ () C:\windows\setupact.log 2014-07-23 20:57 - 2013-05-25 00:30 - 04968254 _____ () C:\FaceProv.log 2014-07-23 20:57 - 2010-09-17 08:40 - 00000000 ____D () C:\ProgramData\VeriFace 2014-07-23 20:57 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-07-23 20:56 - 2014-05-10 19:07 - 00019078 _____ () C:\windows\PFRO.log 2014-07-23 20:09 - 2014-07-23 20:09 - 00063382 _____ () C:\ComboFix.txt 2014-07-23 20:09 - 2014-07-23 19:51 - 00000000 ____D () C:\Qoobox 2014-07-23 20:09 - 2011-12-04 16:05 - 00000000 ____D () C:\Users\TEMP 2014-07-23 20:09 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-07-23 20:07 - 2014-07-23 19:43 - 00000000 ____D () C:\windows\erdnt 2014-07-23 20:05 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini 2014-07-23 20:04 - 2011-03-17 21:15 - 00000000 ____D () C:\Users\Christine 2014-07-23 19:42 - 2014-07-23 19:49 - 05562024 ____R (Swearware) C:\Users\Christine\Desktop\ComboFix.exe 2014-07-23 19:13 - 2014-07-22 20:41 - 00000225 _____ () C:\Users\Christine\Desktop\Hilfe geblockt.txt 2014-07-23 17:00 - 2014-07-23 16:49 - 00000000 ____D () C:\AdwCleaner 2014-07-23 16:45 - 2014-07-23 16:45 - 01354223 _____ () C:\Users\Christine\Desktop\adwcleaner_3.216.exe 2014-07-23 16:32 - 2014-07-23 16:30 - 00000000 ____D () C:\Users\Christine\Desktop\revouninstaller-portable 2014-07-23 16:25 - 2014-07-23 16:25 - 03007700 _____ () C:\Users\Christine\Desktop\revouninstaller.zip 2014-07-22 22:23 - 2014-07-22 22:22 - 00050901 _____ () C:\Users\Christine\Desktop\Addition.txt 2014-07-22 22:20 - 2011-03-28 17:15 - 00000000 ____D () C:\Users\Christine\Documents\Christine 2014-07-22 21:58 - 2014-07-22 21:58 - 00003408 ____N () C:\bootsqm.dat 2014-07-22 21:57 - 2014-07-22 21:57 - 00000000 ____D () C:\found.006 2014-07-22 21:33 - 2014-07-01 23:14 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software 2014-07-19 11:43 - 2014-07-19 11:43 - 00000000 ____D () C:\Intel 2014-07-17 18:18 - 2011-03-18 22:52 - 00000000 ____D () C:\Users\Christine\Documents\Bücher 2014-07-17 18:13 - 2010-09-16 23:45 - 00654166 _____ () C:\windows\system32\perfh007.dat 2014-07-17 18:13 - 2010-09-16 23:45 - 00130006 _____ () C:\windows\system32\perfc007.dat 2014-07-17 18:13 - 2009-07-14 07:13 - 01498506 _____ () C:\windows\system32\PerfStringBackup.INI 2014-07-15 23:03 - 2014-07-06 01:57 - 00007168 _____ () C:\Users\Christine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-15 21:33 - 2014-07-15 21:33 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Audio-Editor.lnk 2014-07-15 21:33 - 2014-07-15 21:33 - 00001140 _____ () C:\Users\Public\Desktop\WavePad Audio-Editor.lnk 2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-07-15 21:33 - 2014-07-15 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme 2014-07-15 21:22 - 2014-07-15 21:22 - 00003248 _____ () C:\windows\System32\Tasks\{37750657-CE3C-402A-8B0F-0A394DCE35E9} 2014-07-14 21:00 - 2011-04-11 16:27 - 00001201 _____ () C:\Users\Christine\Desktop\Diba C+M.txt 2014-07-14 18:54 - 2014-07-14 18:54 - 00000000 ____D () C:\Users\Christine\Desktop\Alte Firefox-Daten 2014-07-11 20:46 - 2014-06-23 19:31 - 00024064 ___SH () C:\Users\Christine\Documents\Thumbs.db 2014-07-10 22:30 - 2014-07-10 22:30 - 00000000 ____D () C:\ProgramData\IqdetOxyuv 2014-07-10 15:12 - 2013-07-22 00:35 - 00000000 ____D () C:\windows\system32\MRT 2014-07-10 14:48 - 2011-03-17 23:30 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-10 14:33 - 2011-03-18 18:01 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-07-09 22:17 - 2014-07-09 19:17 - 00001424 _____ () C:\Users\Christine\Desktop\Only-search.lnk 2014-07-09 19:54 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files (x86)\Musik-Konverter 2014-07-09 19:38 - 2014-07-01 23:13 - 00001156 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Audiodatei-Konverter.lnk 2014-07-09 19:38 - 2014-07-01 23:13 - 00001144 _____ () C:\Users\Public\Desktop\Switch Audiodatei-Konverter.lnk 2014-07-09 19:37 - 2014-07-01 23:15 - 00000000 ____D () C:\Users\Christine\Documents\Mixpad Projects 2014-07-09 19:24 - 2014-07-01 23:15 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audiodatei-Mixer.lnk 2014-07-09 19:24 - 2014-07-01 23:15 - 00001136 _____ () C:\Users\Public\Desktop\MixPad Audiodatei-Mixer.lnk 2014-07-09 19:17 - 2014-07-09 19:17 - 00003556 _____ () C:\windows\System32\Tasks\Only-search 2014-07-09 19:17 - 2014-07-09 19:17 - 00000000 ____D () C:\Users\Christine\AppData\Local\onlysearch 2014-07-08 23:35 - 2014-07-08 23:34 - 00006860 _____ () C:\windows\System32\Tasks\eed37df1-8eca-4f41-97fd-6c00215d3ab5-11 2014-07-08 22:43 - 2012-06-20 22:40 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-07-08 22:43 - 2012-06-20 22:40 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-06 23:03 - 2014-06-27 21:49 - 00000000 ____D () C:\Users\Christine\Documents\Corel 2014-07-06 10:39 - 2014-06-25 22:01 - 00000000 ____D () C:\Users\Christine\Documents\Hochzeit Sandrina und Malte 2014-07-04 23:48 - 2014-07-04 23:48 - 00001928 _____ () C:\Users\Christine\Desktop\CorelDRW.exe - Verknüpfung.lnk 2014-07-04 22:45 - 2014-06-27 20:47 - 00000000 ____D () C:\ProgramData\CorelDRAW Graphics Suite X6 2014-07-01 23:15 - 2014-07-01 23:15 - 00001180 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00001168 _____ () C:\Users\Public\Desktop\Express Burn.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00001140 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00001128 _____ () C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk 2014-07-01 23:15 - 2014-07-01 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2008 2014-06-29 11:05 - 2014-06-29 11:05 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2008 2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\G Data 2014-06-27 23:48 - 2014-06-27 21:29 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-06-27 23:37 - 2014-05-30 11:09 - 00508696 _____ () C:\windows\system32\FNTCACHE.DAT 2014-06-27 21:57 - 2014-06-27 21:57 - 00000000 ____D () C:\Users\Christine\Documents\Meine Paletten 2014-06-27 21:57 - 2014-06-27 21:56 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Corel 2014-06-27 21:57 - 2014-06-27 21:56 - 00000000 ____D () C:\ProgramData\Protexis 2014-06-27 21:57 - 2014-05-30 11:07 - 00136736 _____ () C:\Users\Christine\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-27 21:51 - 2014-06-27 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-06-27 21:49 - 2014-06-27 21:49 - 00000000 ____D () C:\Users\Christine\Documents\Visual Studio 2008 2014-06-27 21:47 - 2014-06-27 21:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs 2014-06-27 21:46 - 2014-06-27 21:52 - 00002305 _____ () C:\Users\Public\Desktop\Bitstream Font Navigator.lnk 2014-06-27 21:46 - 2014-06-27 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 2014-06-27 21:45 - 2014-06-27 21:45 - 00000000 ____D () C:\ProgramData\Corel 2014-06-27 21:43 - 2014-06-27 21:52 - 00002641 _____ () C:\Users\Public\Desktop\Corel PHOTO-PAINT X6.lnk 2014-06-27 21:42 - 2014-06-27 21:42 - 00000000 ____D () C:\Users\Public\Documents\Corel 2014-06-27 21:28 - 2014-06-27 21:28 - 00000000 ____D () C:\Program Files (x86)\orel 2014-06-25 20:02 - 2014-06-25 20:02 - 00000000 ___DC () C:\ProgramData\{DDD17DCD-CFF8-47AC-AEB9-EBD74DBE5A3E} 2014-06-23 22:02 - 2011-03-28 17:15 - 00000000 ____D () C:\Users\Christine\Documents\Sandrina ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-18 14:47 ==================== End Of Log ============================ ...wird schon wieder so spät - Danke für die unermüdliche Hilfe! |
|
dann auf 
und dann auf 
.
Linear-Darstellung
