Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.01.2015, 12:28   #1
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Hallo ihr lieben Helfer,

Probleme gibt es mit meinem Rechner schon seit ca. November..
Aber zu allem Übel hatte ich mir letzte Woche auch noch Quickstart eingefangen.
Spyhunter, den ich mir heruntergeladen hatte, hatte 3 große Adwareprobleme nach Scan festgestellt (insgesamt aber 356 Infektionen, incl. cookies). Nachdem ich gelesen hatte, dass auch Skyhunter nicht zu vertrauen sei, habe ich es nicht gekauft, sondern gestern eine Systemwiederherstellung gemacht. Dann eine vollständige Überprüfung über Microsoft Essentials (lief ca. 12 Stunden). Dort wurde noch ein Trojaner gefunden, den ich durch das Programm beseitigen lassen habe.


Ich habe mehrere Durchläufe mit AdwCleaner gemacht. (Auch schon vor dem Befall mit Quickstart)
Mit AdwCleaner09 wurden bei der letzten Reinigung gestern noch einige Ordner gelöscht.
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 27/01/2015 um 12:12:19
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ************
# Gestartet von : C:\Users\**\Downloads\Firefox\AdwCleaner09.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v


-\\ Opera v25.0.1614.68


*************************

AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [876 octets] - [27/01/2015 12:12:19]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1055 octets] ##########
         
--- --- ---


MalWareBytes hat keine Infektionen mehr gefunden.
edit:
Unter "Suchlauf" konnte man in der vorliegenden Version keine Option auswählen...


Trotzdem gibt es noch folgende Probleme:
bei der Auswahl von Dateien im Explorer, zittert der Mauszeiger unkontrolliert, manchmal stürzt der Explorer ab.
Seit Ende letzten Jahres sind generell alle Programme sehr langsam: Das System fährt nur sehr langsam hoch, Firefox braucht Ewigkeiten, um zu starten. Defragmentierung und Registry-Cleaning, Cache Leerung läuft regelmäßig (wise registry cleaner, cc-cleaner, windows defragmentierung)

Was würdet ihr mir raten?

Danke schon mal vorab für Eure Mühe

Geändert von moona (27.01.2015 um 12:38 Uhr)

Alt 27.01.2015, 12:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 27.01.2015, 12:44   #3
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Internetzugriff gestatten?
__________________

Alt 27.01.2015, 12:59   #4
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Addition.txt

Anhang 72207



FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by ms (administrator) on KLEOPATRA on 27-01-2015 13:00:20
Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner
Loaded Profiles: ms (Available profiles: ms & Marina)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-11-05] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {789e5a69-283a-11e3-80c9-14dae951dcb4} - F:\Autorun.exe
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {b64c869c-2b90-11e3-a03f-14dae951dcb4} - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-348309450-1816809450-22596906-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-348309450-1816809450-22596906-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 10 %ProgramFiles(x86)%\FRITZ!DSL\\sarah.dll File Not found ()
Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-348309450-1816809450-22596906-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: NoScript - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03]
FF Extension: eCleaner - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2015-01-26]
FF Extension: Adblock Plus - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR Profile: C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06]
CHR Extension: (Google Wallet) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-02] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 MpKsl2ee2b510; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CCD1ED66-16F5-477A-8BCB-5F095394CA37}\MpKsl2ee2b510.sys [45352 2015-01-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-02] (Duplex Secure Ltd.)
U3 ax2qs7pp; C:\Windows\System32\Drivers\ax2qs7pp.sys [0 ] (JMicron Technology Corporation) <==== ATTENTION (zero size file/folder)
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 12:45 - 2015-01-27 13:00 - 00000000 ___DC () C:\FRST
2015-01-27 11:08 - 2015-01-27 11:08 - 00120320 ____C () C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 10:53 - 2015-01-27 10:54 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 10:52 - 2015-01-27 10:52 - 00001100 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 10:52 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 10:52 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 10:52 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 23:09 - 2015-01-26 23:14 - 00002119 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-26 23:09 - 2015-01-26 23:14 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-26 23:08 - 2015-01-26 23:13 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Security Client
2015-01-26 23:07 - 2015-01-26 23:14 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2015-01-26 22:29 - 2015-01-26 22:29 - 00000000 ____C () C:\Windows\SysWOW64\sho9EF.tmp
2015-01-26 22:18 - 2015-01-26 22:20 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:11 - 2015-01-26 19:11 - 00000000 ____C () C:\autoexec.bat
2015-01-26 19:10 - 2015-01-26 19:10 - 00000000 ___DC () C:\sh4ldr
2015-01-26 19:09 - 2015-01-26 19:09 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2015-01-23 15:26 - 2015-01-26 21:47 - 00000000 ___DC () C:\FreeOCR
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\iTunes
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2015-01-22 21:28 - 2015-01-22 21:28 - 00000000 ___DC () C:\Program Files\iPod
2015-01-22 21:18 - 2015-01-22 21:28 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 21:16 - 2015-01-26 21:47 - 00000000 ___DC () C:\Program Files (x86)\Bonjour
2015-01-22 21:16 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\Bonjour
2015-01-22 15:38 - 2015-01-22 15:38 - 00000000 ____C () C:\Windows\SysWOW64\shoD692.tmp
2015-01-21 11:16 - 2015-01-27 10:38 - 00003336 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____C () C:\Windows\SysWOW64\sho97FF.tmp
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Real
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Real
2015-01-14 12:43 - 2015-01-14 17:39 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:43 - 2015-01-14 17:38 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:42 - 2015-01-14 17:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:37 - 2015-01-14 17:38 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 03:31 - 2015-01-14 03:31 - 00000000 ____C () C:\Windows\SysWOW64\sho72C1.tmp
2015-01-13 03:18 - 2015-01-13 03:18 - 00000000 ____C () C:\Windows\SysWOW64\shoD0BA.tmp
2015-01-12 09:28 - 2015-01-12 09:28 - 00000355 ____C () C:\Users\ms\Documents\Computer - Verknüpfung.lnk
2015-01-12 03:15 - 2015-01-12 03:15 - 00000000 ____C () C:\Windows\SysWOW64\sho83A.tmp
2015-01-11 19:31 - 2015-01-22 15:28 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\WiseUpdate
2015-01-11 04:32 - 2015-01-11 04:33 - 00000000 ___DC () C:\afd82bc8219b0339f691aaa3fe6fd92e
2015-01-11 03:24 - 2015-01-11 03:26 - 00000000 ___DC () C:\e3e395ec3b549020b4354be2
2015-01-11 03:02 - 2015-01-11 03:04 - 00000000 ___DC () C:\a7a4e9af4fb6ec59e01508676f96de14
2015-01-10 03:05 - 2015-01-10 03:07 - 00000000 ___DC () C:\9b07d5d3e7a75a14c52ebd91
2015-01-09 10:43 - 2015-01-09 13:43 - 00011469 _____ () C:\Users\ms\Documents\0109_Teilnehmerliste.xlsx
2015-01-09 10:30 - 2015-01-09 10:31 - 00011373 _____ () C:\Users\ms\Documents\0901_Teilnehmerliste.xlsx
2015-01-09 03:02 - 2015-01-09 03:04 - 00000000 ___DC () C:\ef4261d189143e43de74b3bcadaa0c02
2015-01-09 01:23 - 2015-01-09 10:29 - 00011194 _____ () C:\Users\ms\Documents\Teilnehmerliste.xlsx
2015-01-08 18:43 - 2015-01-27 12:13 - 00000000 ___DC () C:\AdwCleaner
2015-01-08 12:34 - 2015-01-08 12:36 - 00000000 ___DC () C:\5eaf4e3b1df9bcb06a140e7579e784
2015-01-08 04:41 - 2015-01-08 04:43 - 00000000 ___DC () C:\ba3d6355d0e7b2ea68e63b
2015-01-08 03:03 - 2015-01-08 03:06 - 00000000 ___DC () C:\80f37e2564837500be
2015-01-07 16:24 - 2015-01-07 16:27 - 00000000 ___DC () C:\43936e5f1939b65c5a6953e6
2015-01-07 01:08 - 2015-01-07 01:10 - 00000000 ___DC () C:\f514b1ffda68a3a96d5c0bb2cf7e
2015-01-06 15:29 - 2015-01-06 15:29 - 00000000 ____C () C:\Windows\SysWOW64\shoECC8.tmp
2015-01-06 15:27 - 2015-01-06 15:29 - 00000000 ___DC () C:\e5f8571611fc9eb03290b00b33c2
2015-01-06 06:17 - 2015-01-06 06:17 - 00000000 ____C () C:\Windows\SysWOW64\shoA273.tmp
2015-01-06 06:15 - 2015-01-06 06:16 - 00000000 ___DC () C:\bc62b273202b2a2d3ba54f361f
2015-01-06 05:49 - 2015-01-26 21:44 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00002699 ____C () C:\Users\Public\Desktop\Skype.lnk
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\Users\ms\AppData\Local\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-06 05:48 - 2015-01-06 05:48 - 00000000 ___DC () C:\ProgramData\Skype
2015-01-06 05:44 - 2015-01-06 05:46 - 00000000 ___DC () C:\Users\ms\Downloads\skype
2015-01-06 05:28 - 2015-01-06 05:30 - 00000000 ___DC () C:\cb6b89e93d762edf5c06cdb5
2015-01-05 03:52 - 2015-01-05 03:55 - 00000000 ___DC () C:\1822221633495573b8
2015-01-04 03:55 - 2015-01-04 03:57 - 00000000 ___DC () C:\3e4c7b04819d2bc4d5487e9b1eb7fa
2015-01-03 12:23 - 2015-01-03 12:23 - 00000000 _SHDC () C:\Users\ms\AppData\Local\EmieBrowserModeList
2015-01-03 03:10 - 2015-01-03 03:12 - 00000000 ___DC () C:\1fb40d568f5ec3a269cf756119412132
2015-01-02 23:46 - 2015-01-02 23:48 - 00000000 ___DC () C:\ce32657ca2cf6f6ecca3390055143a
2015-01-02 23:42 - 2015-01-02 23:42 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\PC-FAX TX
2015-01-02 05:25 - 2015-01-02 05:27 - 00000000 ___DC () C:\5c40cdc0d5f45c5e97b658a30b
2015-01-01 22:28 - 2015-01-01 22:30 - 00000000 ___DC () C:\07b9b2972ba5c9f28ae22bbe00126a1f
2015-01-01 06:07 - 2015-01-01 06:09 - 00000000 ___DC () C:\220425c0a1578e921a9f67
2015-01-01 05:07 - 2015-01-01 05:07 - 00000000 ____C () C:\Windows\SysWOW64\shoFEA7.tmp
2015-01-01 05:05 - 2015-01-01 05:06 - 00000000 ___DC () C:\387e8b1d129a9244d6
2015-01-01 03:01 - 2015-01-01 03:03 - 00000000 ___DC () C:\805116f115698068b3
2014-12-31 19:11 - 2014-12-31 19:13 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Wise Registry Cleaner
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Macromedia
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Macromedia
2014-12-31 15:53 - 2015-01-18 02:48 - 00008234 ____C () C:\Users\Marina\DesktopStCenter.txt
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Mozilla
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Mozilla
2014-12-31 15:17 - 2014-12-31 15:23 - 00000000 ___DC () C:\335610c6c8e09682eb6a797c
2014-12-31 05:11 - 2014-12-31 05:13 - 00000000 ___DC () C:\edb757e063a3858ad4cd8526b755
2014-12-30 16:36 - 2014-12-30 16:41 - 00000000 ___DC () C:\6e302748143f7779516b3c465ea39c
2014-12-30 03:01 - 2014-12-30 03:03 - 00000000 ___DC () C:\c180fbd747f888624503
2014-12-29 03:09 - 2014-12-29 03:09 - 00000000 ____C () C:\Windows\SysWOW64\sho969F.tmp
2014-12-29 03:01 - 2014-12-29 03:03 - 00000000 ___DC () C:\910e892608bbb1491958
2014-12-28 15:59 - 2014-12-28 16:02 - 00000000 ___DC () C:\b95da1f66e8c460f601d

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 11:07 - 2012-06-16 11:37 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox
2015-01-27 10:44 - 2014-04-15 13:45 - 01731521 ____C () C:\Windows\WindowsUpdate.log
2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 10:39 - 2012-04-04 12:06 - 06897662 ____C () C:\Users\ms\DesktopStCenter.txt
2015-01-27 10:38 - 2014-04-27 20:05 - 00003196 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001
2015-01-27 10:35 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-27 10:34 - 2014-11-08 18:22 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 03:05 - 2012-04-04 12:07 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\FRITZ!
2015-01-26 22:36 - 2011-08-17 01:03 - 00045056 ____C () C:\Windows\system32\acovcnt.exe
2015-01-26 21:59 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina
2015-01-26 21:47 - 2013-04-02 15:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen
2015-01-26 21:47 - 2013-02-01 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-26 21:47 - 2013-01-02 00:15 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2012-10-11 22:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 21:47 - 2012-09-05 08:13 - 00000000 ___DC () C:\Users\ms\Desktop\Computer-tools
2015-01-26 21:47 - 2012-09-04 15:23 - 00000000 ___DC () C:\Users\ms\Downloads\Brother
2015-01-26 21:47 - 2012-07-16 16:17 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLC E-Learning Resource
2015-01-26 21:47 - 2012-07-06 23:54 - 00000000 ___DC () C:\Users\ms\Desktop\Deutsch
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\Users\ms\Documents\Audible
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-01-26 21:47 - 2012-05-12 15:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segmenti
2015-01-26 21:47 - 2012-05-12 14:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puzzle! - Druckmaschine
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update
2015-01-26 21:47 - 2012-01-10 00:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 21:47 - 2011-11-26 22:02 - 00000000 ___DC () C:\Windows\system32\Macromed
2015-01-26 21:47 - 2011-11-17 23:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2011-11-11 17:41 - 00000000 ___DC () C:\Program Files (x86)\Brother
2015-01-26 21:47 - 2011-11-10 18:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2015-01-26 21:47 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 00:58 - 00000000 ___DC () C:\ProgramData\P4G
2015-01-26 21:47 - 2011-08-17 00:53 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-26 21:47 - 2011-08-17 00:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-01-26 21:47 - 2011-04-09 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-26 21:47 - 2011-04-09 19:47 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-26 21:47 - 2011-02-19 10:02 - 00000000 ___DC () C:\Windows\SysWOW64\XPSViewer
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\MSBuild
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild
2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\AppCompat
2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-26 21:46 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\registration
2015-01-26 21:43 - 2014-11-06 16:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-01-26 21:43 - 2011-08-17 00:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2015-01-23 05:52 - 2014-08-07 13:53 - 00000000 ___DC () C:\Users\ms\AppData\Local\Adobe
2015-01-22 21:12 - 2012-03-28 11:41 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Apple Computer
2015-01-22 20:04 - 2012-05-06 21:04 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\vlc
2015-01-22 17:12 - 2014-12-02 14:37 - 00000000 ____D () C:\found.001
2015-01-22 17:12 - 2014-12-01 14:23 - 00000000 ____D () C:\found.000
2015-01-22 08:10 - 2012-09-20 11:43 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-22 08:10 - 2012-06-24 08:45 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 15:50 - 2009-07-14 06:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2009-07-14 05:57 - 00001547 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 14:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-16 22:31 - 2014-02-26 22:54 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\FRITZ!
2015-01-15 09:17 - 2012-07-17 17:34 - 00000000 ___DC () C:\Users\ms\Documents\Wohnung
2015-01-14 17:38 - 2013-08-15 02:03 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 17:29 - 2011-11-11 16:07 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:18 - 2011-11-10 23:50 - 00004096 ____C () C:\Users\Public\Documents\00000044.LCS
2015-01-13 03:03 - 2011-11-10 12:34 - 01653160 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-13 03:03 - 2011-02-19 10:08 - 00721112 ____C () C:\Windows\system32\perfh007.dat
2015-01-13 03:03 - 2011-02-19 10:08 - 00158288 ____C () C:\Windows\system32\perfc007.dat
2015-01-13 03:03 - 2009-07-14 06:13 - 01653160 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 19:55 - 2013-10-16 18:55 - 00000460 ____C () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2015-01-10 12:01 - 2012-06-16 11:43 - 00000000 ___DC () C:\Users\ms\Downloads\Adobe
2015-01-10 10:38 - 2012-06-16 12:09 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox_Bookmarks
2015-01-08 09:55 - 2012-05-03 14:18 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 06:19 - 2011-08-17 01:01 - 00001386 ____C () C:\Windows\system32\ServiceFilter.ini
2015-01-02 23:42 - 2012-12-20 12:15 - 00000778 ____C () C:\Windows\Brpfx04a.ini

==================== Files in the root of some directories =======

2014-06-26 02:01 - 2014-06-26 02:01 - 6010880 ____C () C:\Program Files (x86)\GUT87B5.tmp
2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files\Common Files\Net4Switch.ico
2007-06-12 17:34 - 2007-06-12 17:34 - 0035822 ____C () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 ____C () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 ____C () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2014-05-26 17:47 - 2003-03-21 11:45 - 0250544 ____C (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 ____C (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files (x86)\Common Files\Net4Switch.ico
2014-11-05 10:35 - 2014-11-05 10:35 - 0000115 ____C () C:\Users\ms\AppData\Roaming\Camdata.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamLayout.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamShapes.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0004416 ____C () C:\Users\ms\AppData\Roaming\CamStudio.cfg
2011-04-09 19:59 - 2010-07-07 00:10 - 0131472 ____C () C:\ProgramData\FullRemove.exe
2011-08-17 01:05 - 2011-08-17 01:06 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-17 01:04 - 2011-08-17 01:05 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 10:17

==================== End Of Log ============================
         
--- --- ---

Geändert von moona (27.01.2015 um 13:40 Uhr)

Alt 27.01.2015, 15:43   #5
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



ich hatte heute Mittag augenscheinlich die FRST-Datei doppelt kopiert...
habe nochmal einen Lauf gemacht... nu sind beide da



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by ms (administrator) on KLEOPATRA on 27-01-2015 15:34:18
Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner
Loaded Profiles: ms (Available profiles: ms & Marina)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-11-05] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {789e5a69-283a-11e3-80c9-14dae951dcb4} - F:\Autorun.exe
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\MountPoints2: {b64c869c-2b90-11e3-a03f-14dae951dcb4} - G:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-348309450-1816809450-22596906-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-348309450-1816809450-22596906-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 15 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 01 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 02 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 03 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 15 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-348309450-1816809450-22596906-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: NoScript - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03]
FF Extension: eCleaner - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2015-01-26]
FF Extension: Adblock Plus - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR Profile: C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06]
CHR Extension: (Google Wallet) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-02] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-02] (Duplex Secure Ltd.)
U3 amzp2tzh; C:\Windows\System32\Drivers\amzp2tzh.sys [0 ] (Intel Corporation) <==== ATTENTION (zero size file/folder)
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 15:21 - 2015-01-27 15:21 - 00437400 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 15:21 - 2015-01-27 15:21 - 00000376 ____C () C:\Windows\PFRO.log
2015-01-27 15:21 - 2015-01-27 15:21 - 00000056 ____C () C:\Windows\setupact.log
2015-01-27 15:21 - 2015-01-27 15:21 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-27 14:07 - 2015-01-27 14:48 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster
2015-01-27 14:07 - 2015-01-27 14:07 - 00001077 ____C () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Licenses
2015-01-27 13:24 - 2015-01-27 13:24 - 00001191 ____C () C:\Users\ms\Desktop\JRT - Verknüpfung.lnk
2015-01-27 13:20 - 2015-01-27 13:20 - 00006741 ____C () C:\Users\ms\Desktop\JRT.txt
2015-01-27 13:12 - 2015-01-27 13:12 - 00000000 ___DC () C:\Windows\ERUNT
2015-01-27 12:45 - 2015-01-27 15:34 - 00000000 ___DC () C:\FRST
2015-01-27 11:08 - 2015-01-27 11:08 - 00120320 ____C () C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 10:53 - 2015-01-27 15:24 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 10:52 - 2015-01-27 13:07 - 00001100 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-27 10:52 - 2015-01-27 13:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-27 10:52 - 2015-01-27 13:07 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-27 10:52 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 10:52 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 10:52 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-26 23:09 - 2015-01-26 23:14 - 00002119 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-26 23:09 - 2015-01-26 23:14 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-26 23:08 - 2015-01-26 23:13 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Security Client
2015-01-26 23:07 - 2015-01-26 23:14 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2015-01-26 22:29 - 2015-01-26 22:29 - 00000000 ____C () C:\Windows\SysWOW64\sho9EF.tmp
2015-01-26 22:18 - 2015-01-26 22:20 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:11 - 2015-01-26 19:11 - 00000000 ____C () C:\autoexec.bat
2015-01-26 19:10 - 2015-01-26 19:10 - 00000000 ___DC () C:\sh4ldr
2015-01-26 19:09 - 2015-01-26 19:09 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2015-01-23 15:26 - 2015-01-26 21:47 - 00000000 ___DC () C:\FreeOCR
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\iTunes
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2015-01-22 21:28 - 2015-01-22 21:28 - 00000000 ___DC () C:\Program Files\iPod
2015-01-22 21:18 - 2015-01-22 21:28 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 21:16 - 2015-01-26 21:47 - 00000000 ___DC () C:\Program Files (x86)\Bonjour
2015-01-22 21:16 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\Bonjour
2015-01-22 15:38 - 2015-01-22 15:38 - 00000000 ____C () C:\Windows\SysWOW64\shoD692.tmp
2015-01-21 11:16 - 2015-01-27 15:31 - 00003336 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____C () C:\Windows\SysWOW64\sho97FF.tmp
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Real
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Real
2015-01-14 12:43 - 2015-01-14 17:39 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 12:43 - 2015-01-14 17:38 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:42 - 2015-01-14 17:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:37 - 2015-01-14 17:38 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 03:31 - 2015-01-14 03:31 - 00000000 ____C () C:\Windows\SysWOW64\sho72C1.tmp
2015-01-13 03:18 - 2015-01-13 03:18 - 00000000 ____C () C:\Windows\SysWOW64\shoD0BA.tmp
2015-01-12 09:28 - 2015-01-12 09:28 - 00000355 ____C () C:\Users\ms\Documents\Computer - Verknüpfung.lnk
2015-01-12 03:15 - 2015-01-12 03:15 - 00000000 ____C () C:\Windows\SysWOW64\sho83A.tmp
2015-01-11 19:31 - 2015-01-22 15:28 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\WiseUpdate
2015-01-11 04:32 - 2015-01-11 04:33 - 00000000 ___DC () C:\afd82bc8219b0339f691aaa3fe6fd92e
2015-01-11 03:24 - 2015-01-11 03:26 - 00000000 ___DC () C:\e3e395ec3b549020b4354be2
2015-01-11 03:02 - 2015-01-11 03:04 - 00000000 ___DC () C:\a7a4e9af4fb6ec59e01508676f96de14
2015-01-10 03:05 - 2015-01-10 03:07 - 00000000 ___DC () C:\9b07d5d3e7a75a14c52ebd91
2015-01-09 10:43 - 2015-01-09 13:43 - 00011469 _____ () C:\Users\ms\Documents\0109_Teilnehmerliste.xlsx
2015-01-09 10:30 - 2015-01-09 10:31 - 00011373 _____ () C:\Users\ms\Documents\0901_Teilnehmerliste.xlsx
2015-01-09 03:02 - 2015-01-09 03:04 - 00000000 ___DC () C:\ef4261d189143e43de74b3bcadaa0c02
2015-01-09 01:23 - 2015-01-09 10:29 - 00011194 _____ () C:\Users\ms\Documents\Teilnehmerliste.xlsx
2015-01-08 18:43 - 2015-01-27 12:13 - 00000000 ___DC () C:\AdwCleaner
2015-01-08 12:34 - 2015-01-08 12:36 - 00000000 ___DC () C:\5eaf4e3b1df9bcb06a140e7579e784
2015-01-08 04:41 - 2015-01-08 04:43 - 00000000 ___DC () C:\ba3d6355d0e7b2ea68e63b
2015-01-08 03:03 - 2015-01-08 03:06 - 00000000 ___DC () C:\80f37e2564837500be
2015-01-07 16:24 - 2015-01-07 16:27 - 00000000 ___DC () C:\43936e5f1939b65c5a6953e6
2015-01-07 01:08 - 2015-01-07 01:10 - 00000000 ___DC () C:\f514b1ffda68a3a96d5c0bb2cf7e
2015-01-06 15:29 - 2015-01-06 15:29 - 00000000 ____C () C:\Windows\SysWOW64\shoECC8.tmp
2015-01-06 15:27 - 2015-01-06 15:29 - 00000000 ___DC () C:\e5f8571611fc9eb03290b00b33c2
2015-01-06 06:17 - 2015-01-06 06:17 - 00000000 ____C () C:\Windows\SysWOW64\shoA273.tmp
2015-01-06 06:15 - 2015-01-06 06:16 - 00000000 ___DC () C:\bc62b273202b2a2d3ba54f361f
2015-01-06 05:49 - 2015-01-26 21:44 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\Users\ms\AppData\Local\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-06 05:48 - 2015-01-06 05:48 - 00000000 ___DC () C:\ProgramData\Skype
2015-01-06 05:44 - 2015-01-06 05:46 - 00000000 ___DC () C:\Users\ms\Downloads\skype
2015-01-06 05:28 - 2015-01-06 05:30 - 00000000 ___DC () C:\cb6b89e93d762edf5c06cdb5
2015-01-05 03:52 - 2015-01-05 03:55 - 00000000 ___DC () C:\1822221633495573b8
2015-01-04 03:55 - 2015-01-04 03:57 - 00000000 ___DC () C:\3e4c7b04819d2bc4d5487e9b1eb7fa
2015-01-03 12:23 - 2015-01-03 12:23 - 00000000 _SHDC () C:\Users\ms\AppData\Local\EmieBrowserModeList
2015-01-03 03:10 - 2015-01-03 03:12 - 00000000 ___DC () C:\1fb40d568f5ec3a269cf756119412132
2015-01-02 23:46 - 2015-01-02 23:48 - 00000000 ___DC () C:\ce32657ca2cf6f6ecca3390055143a
2015-01-02 23:42 - 2015-01-02 23:42 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\PC-FAX TX
2015-01-02 05:25 - 2015-01-02 05:27 - 00000000 ___DC () C:\5c40cdc0d5f45c5e97b658a30b
2015-01-01 22:28 - 2015-01-01 22:30 - 00000000 ___DC () C:\07b9b2972ba5c9f28ae22bbe00126a1f
2015-01-01 06:07 - 2015-01-01 06:09 - 00000000 ___DC () C:\220425c0a1578e921a9f67
2015-01-01 05:07 - 2015-01-01 05:07 - 00000000 ____C () C:\Windows\SysWOW64\shoFEA7.tmp
2015-01-01 05:05 - 2015-01-01 05:06 - 00000000 ___DC () C:\387e8b1d129a9244d6
2015-01-01 03:01 - 2015-01-01 03:03 - 00000000 ___DC () C:\805116f115698068b3
2014-12-31 19:11 - 2014-12-31 19:13 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Wise Registry Cleaner
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Macromedia
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Macromedia
2014-12-31 15:53 - 2015-01-18 02:48 - 00008234 ____C () C:\Users\Marina\DesktopStCenter.txt
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Mozilla
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Mozilla
2014-12-31 15:17 - 2014-12-31 15:23 - 00000000 ___DC () C:\335610c6c8e09682eb6a797c
2014-12-31 05:11 - 2014-12-31 05:13 - 00000000 ___DC () C:\edb757e063a3858ad4cd8526b755
2014-12-30 16:36 - 2014-12-30 16:41 - 00000000 ___DC () C:\6e302748143f7779516b3c465ea39c
2014-12-30 03:01 - 2014-12-30 03:03 - 00000000 ___DC () C:\c180fbd747f888624503
2014-12-29 03:09 - 2014-12-29 03:09 - 00000000 ____C () C:\Windows\SysWOW64\sho969F.tmp
2014-12-29 03:01 - 2014-12-29 03:03 - 00000000 ___DC () C:\910e892608bbb1491958
2014-12-28 15:59 - 2014-12-28 16:02 - 00000000 ___DC () C:\b95da1f66e8c460f601d

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 15:34 - 2014-04-15 13:45 - 01794547 ____C () C:\Windows\WindowsUpdate.log
2015-01-27 15:31 - 2014-04-27 20:05 - 00003196 ____C () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001
2015-01-27 15:23 - 2012-04-04 12:06 - 06897963 ____C () C:\Users\ms\DesktopStCenter.txt
2015-01-27 15:22 - 2011-08-17 01:01 - 00001412 ____C () C:\Windows\system32\ServiceFilter.ini
2015-01-27 15:21 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-27 14:48 - 2012-06-16 11:43 - 00000000 ___DC () C:\Users\ms\Downloads\Adobe
2015-01-27 14:48 - 2011-08-17 01:01 - 00000000 ___DC () C:\ProgramData\Temp
2015-01-27 14:44 - 2012-09-20 11:43 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 14:44 - 2012-06-24 08:45 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 14:43 - 2014-08-07 13:53 - 00000000 ___DC () C:\Users\ms\AppData\Local\Adobe
2015-01-27 14:30 - 2014-08-08 18:55 - 00000000 ___DC () C:\Users\ms\Desktop\Tor Browser
2015-01-27 14:07 - 2012-06-16 11:37 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox
2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-27 10:42 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-27 10:34 - 2014-11-08 18:22 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 03:05 - 2012-04-04 12:07 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\FRITZ!
2015-01-26 22:36 - 2011-08-17 01:03 - 00045056 ____C () C:\Windows\system32\acovcnt.exe
2015-01-26 21:59 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina
2015-01-26 21:47 - 2013-04-02 15:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen
2015-01-26 21:47 - 2013-02-01 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-26 21:47 - 2013-01-02 00:15 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2012-10-11 22:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 21:47 - 2012-09-05 08:13 - 00000000 ___DC () C:\Users\ms\Desktop\Computer-tools
2015-01-26 21:47 - 2012-09-04 15:23 - 00000000 ___DC () C:\Users\ms\Downloads\Brother
2015-01-26 21:47 - 2012-07-16 16:17 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLC E-Learning Resource
2015-01-26 21:47 - 2012-07-06 23:54 - 00000000 ___DC () C:\Users\ms\Desktop\Deutsch
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\Users\ms\Documents\Audible
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-01-26 21:47 - 2012-05-12 15:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segmenti
2015-01-26 21:47 - 2012-05-12 14:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puzzle! - Druckmaschine
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update
2015-01-26 21:47 - 2012-01-10 00:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 21:47 - 2011-11-26 22:02 - 00000000 ___DC () C:\Windows\system32\Macromed
2015-01-26 21:47 - 2011-11-17 23:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2011-11-11 17:41 - 00000000 ___DC () C:\Program Files (x86)\Brother
2015-01-26 21:47 - 2011-11-10 18:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2015-01-26 21:47 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 00:58 - 00000000 ___DC () C:\ProgramData\P4G
2015-01-26 21:47 - 2011-08-17 00:53 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-26 21:47 - 2011-08-17 00:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-01-26 21:47 - 2011-04-09 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-26 21:47 - 2011-04-09 19:47 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-26 21:47 - 2011-02-19 10:02 - 00000000 ___DC () C:\Windows\SysWOW64\XPSViewer
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\MSBuild
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild
2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\AppCompat
2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-26 21:46 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\registration
2015-01-26 21:43 - 2014-11-06 16:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-01-26 21:43 - 2011-08-17 00:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2015-01-22 21:12 - 2012-03-28 11:41 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Apple Computer
2015-01-22 20:04 - 2012-05-06 21:04 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\vlc
2015-01-22 17:12 - 2014-12-02 14:37 - 00000000 ____D () C:\found.001
2015-01-22 17:12 - 2014-12-01 14:23 - 00000000 ____D () C:\found.000
2015-01-20 15:50 - 2009-07-14 06:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2009-07-14 05:57 - 00001547 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 14:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-16 22:31 - 2014-02-26 22:54 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\FRITZ!
2015-01-15 09:17 - 2012-07-17 17:34 - 00000000 ___DC () C:\Users\ms\Documents\Wohnung
2015-01-14 17:38 - 2013-08-15 02:03 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 17:29 - 2011-11-11 16:07 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:18 - 2011-11-10 23:50 - 00004096 ____C () C:\Users\Public\Documents\00000044.LCS
2015-01-13 03:03 - 2011-11-10 12:34 - 01653160 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-13 03:03 - 2011-02-19 10:08 - 00721112 ____C () C:\Windows\system32\perfh007.dat
2015-01-13 03:03 - 2011-02-19 10:08 - 00158288 ____C () C:\Windows\system32\perfc007.dat
2015-01-13 03:03 - 2009-07-14 06:13 - 01653160 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 19:55 - 2013-10-16 18:55 - 00000460 ____C () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2015-01-10 10:38 - 2012-06-16 12:09 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox_Bookmarks
2015-01-08 09:55 - 2012-05-03 14:18 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 23:42 - 2012-12-20 12:15 - 00000778 ____C () C:\Windows\Brpfx04a.ini

==================== Files in the root of some directories =======

2014-06-26 02:01 - 2014-06-26 02:01 - 6010880 ____C () C:\Program Files (x86)\GUT87B5.tmp
2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files\Common Files\Net4Switch.ico
2007-06-12 17:34 - 2007-06-12 17:34 - 0035822 ____C () C:\Program Files (x86)\Common Files\ASPG_icon.ico
2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 ____C () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 ____C () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2014-05-26 17:47 - 2003-03-21 11:45 - 0250544 ____C (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 ____C (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files (x86)\Common Files\Net4Switch.ico
2014-11-05 10:35 - 2014-11-05 10:35 - 0000115 ____C () C:\Users\ms\AppData\Roaming\Camdata.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamLayout.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamShapes.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0004416 ____C () C:\Users\ms\AppData\Roaming\CamStudio.cfg
2011-04-09 19:59 - 2010-07-07 00:10 - 0131472 ____C () C:\ProgramData\FullRemove.exe
2011-08-17 01:05 - 2011-08-17 01:06 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-17 01:04 - 2011-08-17 01:05 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 10:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by ms at 2015-01-27 13:00:48
Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 MFC-7420 (HKLM-x32\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AC3Filter 2.5b (HKLM-x32\...\AC3Filter_is1) (Version: 2.5b - Alexander Vigovsky)
Acronis*True*Image*Home 2012 (HKLM-x32\...\{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}Visible) (Version: 15.0.7119 - Acronis)
Acronis*True*Image*Home 2012 (x32 Version: 15.0.7119 - Acronis) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Amazon Cloud Drive (HKLM-x32\...\{9A766E33-BB01-480F-ABFC-424B8AC11212}) (Version: 0.11.12.0 - Amazon.com)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.41 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Camden Town Gym 2 Lernerfolgskontrollen (HKLM-x32\...\{9B146E0C-AD3B-4CCC-AEFA-AF9B76534815}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Camden Town Gym 5 Lernerfolgskontrollen (HKLM-x32\...\{67B06220-59F4-4959-9CBC-02792045CC0D}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.127.0.61 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
deutsch ideen 7. Jahrgang Lernsoftware (HKLM-x32\...\{C8B30FEF-A214-408A-882A-FB819B04954E}) (Version: 1.00.0000 - Schroedel)
deutsch.ideen 5 Lernsoftware (HKLM-x32\...\{B14897A6-4825-496B-B7ED-9D99E5F9DB7F}) (Version: 1.00.0000 - Schroedel)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
English G 21 e-Workbook A3 (HKLM-x32\...\{BE18B4ED-EC6C-4DA1-AC48-515E8D60BFFE}) (Version: 1.00.000 - Cornelsen)
ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)
Familia Romana (HKLM-x32\...\{1F45C99D-D5F7-4784-8A5A-DC19DDA2F051}) (Version: 1.5 - Domus Latina)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)
Fences (Version: 1.0 - Stardock Corporation) Hidden
Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.1.426 - DVDVideoSoft Ltd.)
FRITZ!DSL64 (HKLM\...\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}) (Version: 2.04.03 - AVM Berlin)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garmin Training Center (HKLM-x32\...\{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}) (Version: 3.4.5 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Graboid Video 3.1 (HKLM-x32\...\Graboid Video) (Version: 3.1 - Graboid Inc.)
HotPotatoes v 6.3.0.5 (HKLM-x32\...\hotpot_is1) (Version:  - HalfBaked)
ImageShack Uploader 2.2.0 (HKLM-x32\...\{8BCD7AE7-F713-4D50-BAB9-7839B9386870}) (Version: 2.2.0 - ImageShack Corp.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2405 - Intel Corporation)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.27.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
Latein@home – prima A - N Lektionen 1-25 (HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\286989ac39316ff0) (Version: 1.0.8.0 - C.C.Buchner)
Lift Online (HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\f12db597b42ce547) (Version: 1.4.14.0 - C.C.Buchner)
Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.0.4 - CEWE COLOR AG u Co. OHG)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Speech SDK 4.0 (HKLM-x32\...\MSSpchSDK) (Version:  - )
Microsoft Speech SDK 4.0 ActiveX Components (HKLM-x32\...\ST5UNST #1) (Version:  - )
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MTG Card Images for Magic Workstation (HKLM-x32\...\MTG Card Images for Magic Workstation_is1) (Version:  - )
Navigium Maximum (HKLM-x32\...\{E22D9088-8A23-4EF0-915F-E3C671518D30}) (Version: 8.1 - Philipp Niederau)
Net4Switch (HKLM-x32\...\{9D6D7811-43B3-463C-BC79-5D1755269989}) (Version: 1.00.0020 - ASUS)
Opera Stable 23.0.1522.77 (HKLM-x32\...\Opera 23.0.1522.77) (Version: 23.0.1522.77 - Opera Software ASA)
Opera Stable 25.0.1614.68 (HKLM-x32\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
PaperPort (HKLM-x32\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0814 - ScanSoft, Inc.)
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Pfadfinder 2.0 (HKLM-x32\...\{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}) (Version: 1.0.26 - Bildungshaus Schulbuchverlage GmbH, Braunschweig)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Puzzle! - Druckmaschine (HKLM-x32\...\PuzzlePrintmachine) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rund um (2.0) ... deutsch ideen 7 (HKLM-x32\...\{F1874632-E9F0-439C-9B7A-AE41F4073CB3}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Rund um (2.0) ... deutsch ideen 8 (HKLM-x32\...\{C8279D79-3526-4582-9727-AA3E143D5775}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Segmenti (HKLM-x32\...\Segmenti) (Version: 5.01 - Ilya Morozov, Regine Müller)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB2.0 UVC VGA WebCam (HKLM\...\USB2.0 UVC VGA WebCam) (Version: 5.8.54000.207 - Sonix)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Wise Registry Cleaner 8.31 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.31 - WiseCleaner.com, Inc.)
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.6.8 - X Codec Pack team)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-348309450-1816809450-22596906-1001_Classes\CLSID\{3d7edf71-d764-422f-88d3-aac18e4cef75}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-348309450-1816809450-22596906-1001_Classes\CLSID\{3f752dc2-9513-4366-aa36-982181f0d29f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-01-2015 17:38:52 Windows Update
26-01-2015 17:50:04 Windows Update
26-01-2015 18:03:24 Windows Update
26-01-2015 21:19:20 Wiederherstellungsvorgang
26-01-2015 22:01:08 Windows-Sicherung
26-01-2015 22:12:19 Windows Update
26-01-2015 22:22:58 Windows Update
26-01-2015 22:56:25 Windows-Sicherung
26-01-2015 22:58:50 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04F4257A-A026-4FA9-8DDD-5298AFBB1A27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)
Task: {05DD6F52-BAC9-414C-B98B-3272EEA48AF1} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()
Task: {17E3A749-0324-4188-8D65-C69127A18A2D} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-11-05] (RealNetworks, Inc.)
Task: {199FB700-5FEC-4015-AAB2-5AC7EAF8BE4A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {20F86E17-680E-4E9C-B78F-B7DDBD0A5597} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {2D29AA8A-728C-497D-B562-65578DA3E679} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {30C7685B-B12A-43D0-88FF-16129671BA57} - System32\Tasks\ScanSoft Background Update => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14] (Scansoft, Inc.)
Task: {45E95E6A-A579-4BD2-97FC-DDA2A22745E2} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: {47419099-36A6-4227-B014-1739382C6DF6} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {50EE2FBE-D9F1-4254-B45B-5E5C7E34A8F4} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2014-12-25] (WiseCleaner.com)
Task: {5D1FACE7-7CFF-46A2-B74C-D3099392E7C6} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-08-29] ()
Task: {5E5A8939-E8C7-4903-8E01-4391D6867EB9} - System32\Tasks\{5B6253FA-B677-4804-A842-E50F1E9D210C} => pcalua.exe -a C:\Users\ms\Downloads\Segmenti_Silbentrennung\Segmenti-Setup.exe -d C:\Users\ms\Documents
Task: {6320F722-2A8E-46A4-B291-0925AD626FA3} - System32\Tasks\{A539B467-32F5-45A8-8949-9F44FB14B6D4} => pcalua.exe -a C:\Users\ms\Downloads\Segmenti_Silbentrennung\spchapi.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {63C42DE6-94D2-445D-89BE-27CA7AFB0FCA} - System32\Tasks\{615FCAE0-66A4-44AD-BC96-9A6DE2C899F3} => pcalua.exe -a E:\PSetup.exe -d E:\
Task: {7CF3B680-CBC3-4CEB-A88F-8EA14B9F0134} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {8B9C86DE-842A-445C-8889-C6A205233B4D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A3F794D9-89E3-487B-8E70-F31FC7760ED4} - System32\Tasks\Net4Switch => C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe [2009-09-23] (ASUS)
Task: {A48E9B57-FBBA-4A0E-B2CC-E2C0EC3E62B8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AB27D89E-50FE-4E3F-ABAC-7BABD6392A24} - System32\Tasks\{375CE224-525E-4D31-AFC0-7E2D646B0019} => pcalua.exe -a C:\Users\ms\Pictures\Farmerama\34630icon_v1_24.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {AF4C5353-9046-4405-BBDE-BA41D3B2A5A5} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-10-15] (ASUS)
Task: {B6F7EDEB-AD13-4197-BA44-01461FA226A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {BAA70EA8-AC22-4B19-A960-6E5BA9D989A1} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {BF1CB080-3F22-4EF1-8BE6-847DAEB79F77} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {C3EDFE5E-4816-4CE7-976C-BCB441AA4775} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C542595D-E7B2-424A-84D7-6B00AED1DA91} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CADAC429-8F7C-4526-80C6-B65821CD2576} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-08] (Google Inc.)
Task: {D664D557-B4AC-4AB0-B3B2-316F9A45DEE7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D9A463B6-CE59-484C-B9EE-C644EF23CEDF} - System32\Tasks\Opera scheduled Autoupdate 1407520237 => C:\Program Files (x86)\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {DF4FF136-50AE-4F3B-B259-FD0DBD186233} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E251D0D4-4902-4039-9AFA-0A49151530CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E39394BF-260D-474A-8B17-541C011D5E3B} - System32\Tasks\{3E723F4A-A53F-4C4F-A9BE-1CC4B56A1F28} => pcalua.exe -a C:\Users\ms\Downloads\Fritzbox\fritzdsl2.04.03_german.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {EFB11D09-21FB-413D-B547-8CA1C925E9C5} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F83479DB-F54D-48EC-917E-2EC71D14F631} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-348309450-1816809450-22596906-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 ____C () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-03 03:21 - 2008-10-01 07:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-05-12 01:35 - 2010-05-12 01:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2010-09-24 00:53 - 2010-09-24 00:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2012-04-27 17:33 - 2012-04-27 17:33 - 00435552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2009-11-02 22:20 - 2009-11-02 22:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 22:23 - 2009-11-02 22:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-26 22:18 - 2015-01-26 22:20 - 03925104 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
2010-09-30 15:14 - 2010-09-30 15:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
2010-09-30 15:13 - 2010-09-30 15:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
2015-01-22 08:10 - 2015-01-22 08:10 - 16844464 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:029E021F
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:81F83028
AlternateDataStreams: C:\ProgramData\Temp:981884E7

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EssentialPIM Portable => "C:\Program Files (x86)\EssentialPIM Terminplanung\EssentialPIM.exe" /autorun
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDP => C:\Users\ms\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto 
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

========================= Accounts: ==========================

Administrator (S-1-5-21-348309450-1816809450-22596906-500 - Administrator - Disabled)
Gast (S-1-5-21-348309450-1816809450-22596906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-348309450-1816809450-22596906-1002 - Limited - Enabled)
Marina (S-1-5-21-348309450-1816809450-22596906-1003 - Limited - Enabled) => C:\Users\Marina
ms (S-1-5-21-348309450-1816809450-22596906-1001 - Administrator - Enabled) => C:\Users\ms

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (01/26/2015 10:36:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3976) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003D.log.


System errors:
=============
Error: (01/27/2015 10:37:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/27/2015 10:37:48 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update Service (gupdate) erreicht.

Error: (01/27/2015 10:32:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (01/27/2015 10:32:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (01/27/2015 10:32:59 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.

Error: (01/27/2015 10:32:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/27/2015 10:32:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (01/26/2015 10:36:24 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (01/26/2015 10:36:24 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3976Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0003D.log-1811


CodeIntegrity Errors:
===================================
  Date: 2014-02-15 21:53:58.784
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ETD.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-15 21:53:58.644
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\ETD.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 77%
Total physical RAM: 1900.3 MB
Available physical RAM: 435.17 MB
Total Pagefile: 5700.89 MB
Available Pagefile: 2979.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:119.24 GB) (Free:39.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:153.85 GB) (Free:22.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.9 GB) - (Type=OF Extended)

==================== End Of Log ============================
         


Geändert von moona (27.01.2015 um 15:41 Uhr)

Alt 27.01.2015, 17:21   #6
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Windows Update gescheitert





Fehlermeldung bei wichtigem Windows Update:

Fehler 800B0100

Updateverlauf habe ich als Datei angehängt, da ich nicht weiß, wie ich hier einen Screenshot einbinden kann

Alt 27.01.2015, 20:19   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 02:03   #8
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



was kannst du daraus lesen?


Code:
ATTFilter
ComboFix 15-01-27.01 - ms 28.01.2015   1:36.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1900.551 [GMT 1:00]
ausgeführt von:: c:\users\ms\Downloads\Firefox\Neuer Ordner\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Common Files\Net4Switch.ico
c:\users\ms\Documents\~WRL2638.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-28 bis 2015-01-28  ))))))))))))))))))))))))))))))
.
.
2015-01-28 00:46 . 2015-01-28 00:46	--------	dc----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-01-28 00:46 . 2015-01-28 00:46	--------	dc----w-	c:\users\Marina\AppData\Local\temp
2015-01-28 00:46 . 2015-01-28 00:46	--------	dc----w-	c:\users\Default\AppData\Local\temp
2015-01-27 18:46 . 2015-01-27 18:46	0	-c--a-w-	c:\windows\SysWow64\shoC61C.tmp
2015-01-27 18:44 . 2015-01-27 18:44	--------	dc----w-	C:\3a7f6e15900cee526f1fbc
2015-01-27 17:47 . 2014-12-15 03:13	11870360	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61CB4123-A3EE-483E-9E1E-EC1FB2417879}\mpengine.dll
2015-01-27 17:44 . 2015-01-27 17:45	3179520	----a-w-	c:\windows\system32\rdpcorets.dll
2015-01-27 17:44 . 2015-01-27 17:45	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-27 15:11 . 2015-01-27 15:13	19456	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2015-01-27 15:11 . 2012-08-23 14:08	30208	-c--a-w-	c:\windows\system32\drivers\TsUsbGD.sys
2015-01-27 15:11 . 2015-01-27 15:13	243200	----a-w-	c:\windows\system32\rdpudd.dll
2015-01-27 15:11 . 2015-01-27 15:13	228864	----a-w-	c:\windows\system32\rdpendp_winip.dll
2015-01-27 15:11 . 2015-01-27 15:13	192000	----a-w-	c:\windows\SysWow64\rdpendp_winip.dll
2015-01-27 15:07 . 2015-01-27 15:17	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2015-01-27 15:06 . 2015-01-27 15:17	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2015-01-27 13:07 . 2015-01-27 13:07	--------	dc----w-	c:\programdata\Licenses
2015-01-27 13:07 . 2015-01-28 00:28	--------	dc----w-	c:\program files (x86)\SpywareBlaster
2015-01-27 12:12 . 2015-01-27 12:12	--------	dc----w-	c:\windows\ERUNT
2015-01-27 11:45 . 2015-01-27 14:36	--------	dc----w-	C:\FRST
2015-01-27 09:53 . 2015-01-28 00:24	129752	-c--a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-27 09:52 . 2015-01-27 12:07	--------	dc----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 09:52 . 2015-01-27 09:52	--------	dc----w-	c:\programdata\Malwarebytes
2015-01-27 09:52 . 2014-11-21 05:14	63704	-c--a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-27 09:52 . 2014-11-21 05:14	93400	-c--a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-27 09:52 . 2014-11-21 05:14	25816	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-26 22:34 . 2014-12-15 03:13	11870360	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-26 22:27 . 2015-01-26 22:27	1188440	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D8510D5-6424-46EC-B4FA-6F4C5104841B}\gapaengine.dll
2015-01-26 22:08 . 2015-01-26 22:13	--------	dc----w-	c:\program files (x86)\Microsoft Security Client
2015-01-26 22:07 . 2015-01-26 22:14	--------	dc----w-	c:\program files\Microsoft Security Client
2015-01-26 21:29 . 2015-01-26 21:29	0	-c--a-w-	c:\windows\SysWow64\sho9EF.tmp
2015-01-26 21:17 . 2014-12-02 10:26	11870360	-c--a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{465EB45E-9387-440D-81C9-0B3981A1F9CA}\mpengine.dll
2015-01-26 18:10 . 2015-01-26 18:10	--------	dc----w-	C:\sh4ldr
2015-01-26 18:09 . 2015-01-26 18:09	--------	dc----w-	c:\program files\Enigma Software Group
2015-01-23 14:26 . 2015-01-26 20:47	--------	dc----w-	C:\FreeOCR
2015-01-22 20:28 . 2015-01-22 20:28	--------	dc----w-	c:\program files\iPod
2015-01-22 20:28 . 2015-01-26 20:46	--------	dc----w-	c:\program files (x86)\iTunes
2015-01-22 20:28 . 2015-01-26 20:46	--------	dc----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 20:28 . 2015-01-26 20:46	--------	dc----w-	c:\program files\iTunes
2015-01-22 20:18 . 2015-01-22 20:28	--------	dc----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 20:16 . 2015-01-26 20:47	--------	dc----w-	c:\program files (x86)\Bonjour
2015-01-22 20:16 . 2015-01-26 20:46	--------	dc----w-	c:\program files\Bonjour
2015-01-22 14:38 . 2015-01-22 14:38	0	-c--a-w-	c:\windows\SysWow64\shoD692.tmp
2015-01-20 19:18 . 2015-01-20 19:18	0	-c--a-w-	c:\windows\SysWow64\sho97FF.tmp
2015-01-20 13:37 . 2015-01-20 13:37	--------	dc----w-	c:\windows\system32\config\systemprofile\AppData\Roaming\Stardock
2015-01-14 11:43 . 2015-01-14 16:38	210432	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 11:43 . 2015-01-14 16:38	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2015-01-14 11:43 . 2015-01-14 16:38	303616	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-14 11:43 . 2015-01-14 16:38	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2015-01-14 11:42 . 2015-01-14 16:38	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-14 11:37 . 2015-01-14 16:38	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-14 11:37 . 2015-01-14 16:38	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 11:37 . 2015-01-14 16:38	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 11:37 . 2015-01-14 16:38	503808	----a-w-	c:\windows\system32\srcore.dll
2015-01-14 11:37 . 2015-01-14 16:38	50176	----a-w-	c:\windows\system32\srclient.dll
2015-01-14 11:37 . 2015-01-14 16:38	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-01-14 11:37 . 2015-01-14 16:38	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-01-14 02:31 . 2015-01-14 02:31	0	-c--a-w-	c:\windows\SysWow64\sho72C1.tmp
2015-01-13 02:18 . 2015-01-13 02:18	0	-c--a-w-	c:\windows\SysWow64\shoD0BA.tmp
2015-01-12 02:15 . 2015-01-12 02:15	0	-c--a-w-	c:\windows\SysWow64\sho83A.tmp
2015-01-11 18:31 . 2015-01-22 14:28	--------	dc----w-	c:\users\ms\AppData\Roaming\WiseUpdate
2015-01-11 03:32 . 2015-01-11 03:33	--------	dc----w-	C:\afd82bc8219b0339f691aaa3fe6fd92e
2015-01-11 02:24 . 2015-01-11 02:26	--------	dc----w-	C:\e3e395ec3b549020b4354be2
2015-01-11 02:02 . 2015-01-11 02:04	--------	dc----w-	C:\a7a4e9af4fb6ec59e01508676f96de14
2015-01-10 02:05 . 2015-01-10 02:07	--------	dc----w-	C:\9b07d5d3e7a75a14c52ebd91
2015-01-09 02:02 . 2015-01-09 02:04	--------	dc----w-	C:\ef4261d189143e43de74b3bcadaa0c02
2015-01-08 17:43 . 2015-01-27 11:13	--------	dc----w-	C:\AdwCleaner
2015-01-08 11:34 . 2015-01-08 11:36	--------	dc----w-	C:\5eaf4e3b1df9bcb06a140e7579e784
2015-01-08 03:41 . 2015-01-08 03:43	--------	dc----w-	C:\ba3d6355d0e7b2ea68e63b
2015-01-08 02:03 . 2015-01-08 02:06	--------	dc----w-	C:\80f37e2564837500be
2015-01-07 15:24 . 2015-01-07 15:27	--------	dc----w-	C:\43936e5f1939b65c5a6953e6
2015-01-07 00:08 . 2015-01-07 00:10	--------	dc----w-	C:\f514b1ffda68a3a96d5c0bb2cf7e
2015-01-06 14:29 . 2015-01-06 14:29	0	-c--a-w-	c:\windows\SysWow64\shoECC8.tmp
2015-01-06 14:27 . 2015-01-06 14:29	--------	dc----w-	C:\e5f8571611fc9eb03290b00b33c2
2015-01-06 05:17 . 2015-01-06 05:17	0	-c--a-w-	c:\windows\SysWow64\shoA273.tmp
2015-01-06 05:15 . 2015-01-06 05:16	--------	dc----w-	C:\bc62b273202b2a2d3ba54f361f
2015-01-06 04:49 . 2015-01-06 04:49	--------	dc----w-	c:\users\ms\AppData\Local\Skype
2015-01-06 04:49 . 2015-01-26 20:44	--------	dc----w-	c:\users\ms\AppData\Roaming\Skype
2015-01-06 04:49 . 2015-01-06 04:49	--------	dc----w-	c:\program files (x86)\Common Files\Skype
2015-01-06 04:49 . 2015-01-06 04:49	--------	dc----r-	c:\program files (x86)\Skype
2015-01-06 04:48 . 2015-01-06 04:48	--------	dc----w-	c:\programdata\Skype
2015-01-06 04:28 . 2015-01-06 04:30	--------	dc----w-	C:\cb6b89e93d762edf5c06cdb5
2015-01-05 02:52 . 2015-01-05 02:55	--------	dc----w-	C:\1822221633495573b8
2015-01-04 02:55 . 2015-01-04 02:57	--------	dc----w-	C:\3e4c7b04819d2bc4d5487e9b1eb7fa
2015-01-03 11:23 . 2015-01-03 11:23	--------	dcsh--w-	c:\users\ms\AppData\Local\EmieBrowserModeList
2015-01-03 02:10 . 2015-01-03 02:12	--------	dc----w-	C:\1fb40d568f5ec3a269cf756119412132
2015-01-02 22:46 . 2015-01-02 22:48	--------	dc----w-	C:\ce32657ca2cf6f6ecca3390055143a
2015-01-02 22:42 . 2015-01-02 22:42	--------	dc----w-	c:\users\Marina\AppData\Roaming\PC-FAX TX
2015-01-02 04:25 . 2015-01-02 04:27	--------	dc----w-	C:\5c40cdc0d5f45c5e97b658a30b
2015-01-01 21:28 . 2015-01-01 21:30	--------	dc----w-	C:\07b9b2972ba5c9f28ae22bbe00126a1f
2015-01-01 05:07 . 2015-01-01 05:09	--------	dc----w-	C:\220425c0a1578e921a9f67
2015-01-01 04:07 . 2015-01-01 04:07	0	-c--a-w-	c:\windows\SysWow64\shoFEA7.tmp
2015-01-01 04:05 . 2015-01-01 04:06	--------	dc----w-	C:\387e8b1d129a9244d6
2015-01-01 02:01 . 2015-01-01 02:03	--------	dc----w-	C:\805116f115698068b3
2014-12-31 18:11 . 2014-12-31 18:13	--------	dc----w-	c:\users\Marina\AppData\Roaming\Wise Registry Cleaner
2014-12-31 14:55 . 2014-12-31 14:55	--------	dc----w-	c:\users\Marina\AppData\Local\Macromedia
2014-12-31 14:53 . 2014-12-31 14:53	--------	dc----w-	c:\users\Marina\AppData\Local\Mozilla
2014-12-31 14:17 . 2014-12-31 14:23	--------	dc----w-	C:\335610c6c8e09682eb6a797c
2014-12-31 04:11 . 2014-12-31 04:13	--------	dc----w-	C:\edb757e063a3858ad4cd8526b755
2014-12-30 15:36 . 2014-12-30 15:41	--------	dc----w-	C:\6e302748143f7779516b3c465ea39c
2014-12-30 02:01 . 2014-12-30 02:03	--------	dc----w-	C:\c180fbd747f888624503
2014-12-29 02:09 . 2014-12-29 02:09	0	-c--a-w-	c:\windows\SysWow64\sho969F.tmp
2014-12-29 02:01 . 2014-12-29 02:03	--------	dc----w-	C:\910e892608bbb1491958
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-28 00:52 . 2011-08-17 00:03	45056	-c--a-w-	c:\windows\system32\acovcnt.exe
2015-01-27 13:44 . 2012-09-20 10:43	701616	-c--a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-27 13:44 . 2012-06-24 07:45	71344	-c--a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 16:29 . 2011-11-11 15:07	113365784	-c--a-w-	c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2012-05-03 13:18	298120	-c----w-	c:\windows\system32\MpSigStub.exe
2014-12-24 02:19 . 2014-12-24 02:19	0	-c--a-w-	c:\windows\SysWow64\sho3820.tmp
2014-12-22 19:43 . 2014-12-22 19:43	0	-c--a-w-	c:\windows\SysWow64\shoE793.tmp
2014-12-21 02:23 . 2014-12-21 02:23	0	-c--a-w-	c:\windows\SysWow64\sho7EFB.tmp
2014-12-19 06:23 . 2014-12-18 20:45	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-19 06:23 . 2014-12-18 20:45	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-12 02:20 . 2014-12-12 02:20	0	-c--a-w-	c:\windows\SysWow64\shoAAB2.tmp
2014-12-11 00:50 . 2014-12-11 00:15	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-11 00:50 . 2014-12-11 00:15	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-11 00:50 . 2014-12-11 00:15	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-12-11 00:50 . 2014-12-11 00:15	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-11 00:50 . 2014-12-11 00:15	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-11 00:50 . 2014-12-11 00:15	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-11 00:50 . 2014-12-11 00:15	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-11 00:50 . 2014-12-11 00:15	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-11 00:38 . 2014-12-11 00:14	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-11 00:38 . 2014-12-11 00:14	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-12-11 00:35 . 2014-12-11 00:14	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-12-11 00:35 . 2014-12-11 00:14	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-12-11 00:35 . 2014-12-11 00:14	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-12-11 00:35 . 2014-12-11 00:14	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-12-11 00:35 . 2014-12-11 00:14	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 00:35 . 2014-12-11 00:14	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-12-11 00:35 . 2014-12-11 00:14	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-11 00:35 . 2014-12-11 00:14	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-12-11 00:35 . 2014-12-11 00:14	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-12-11 00:35 . 2014-12-11 00:14	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-12-11 00:35 . 2014-12-11 00:14	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-12-11 00:35 . 2014-12-11 00:14	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-12-11 00:35 . 2014-12-11 00:14	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-12-11 00:35 . 2014-12-11 00:14	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-12-11 00:35 . 2014-12-11 00:14	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-12-11 00:35 . 2014-12-11 00:14	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-12-11 00:35 . 2014-12-11 00:14	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-12-11 00:35 . 2014-12-11 00:14	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-12-11 00:35 . 2014-12-11 00:14	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-12-11 00:35 . 2014-12-11 00:14	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-12-11 00:35 . 2014-12-11 00:14	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-12-11 00:35 . 2014-12-11 00:14	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-12-11 00:35 . 2014-12-11 00:14	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-12-11 00:35 . 2014-12-11 00:14	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-12-11 00:35 . 2014-12-11 00:14	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-12-11 00:35 . 2014-12-11 00:14	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-12-11 00:35 . 2014-12-11 00:14	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-12-11 00:35 . 2014-12-11 00:14	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-12-11 00:35 . 2014-12-11 00:14	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-12-11 00:35 . 2014-12-11 00:14	633856	----a-w-	c:\windows\system32\ieui.dll
2014-12-11 00:35 . 2014-12-11 00:14	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-12-11 00:35 . 2014-12-11 00:14	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-12-11 00:35 . 2014-12-11 00:14	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-12-11 00:35 . 2014-12-11 00:14	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-12-11 00:35 . 2014-12-11 00:14	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-12-11 00:35 . 2014-12-11 00:14	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-12-11 00:35 . 2014-12-11 00:14	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-12-11 00:35 . 2014-12-11 00:14	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-12-11 00:35 . 2014-12-11 00:14	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-12-11 00:35 . 2014-12-11 00:14	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-12-11 00:35 . 2014-12-11 00:14	199680	----a-w-	c:\windows\system32\msrating.dll
2014-12-11 00:34 . 2014-12-11 00:34	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2014-12-11 00:34 . 2014-12-11 00:34	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2014-12-11 00:34 . 2014-12-11 00:34	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-11 00:34 . 2014-12-11 00:34	24576	----a-w-	c:\windows\system32\mfpmp.exe
2014-12-11 00:34 . 2014-12-11 00:34	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2014-12-11 00:34 . 2014-12-11 00:34	206848	----a-w-	c:\windows\system32\mfps.dll
2014-12-11 00:34 . 2014-12-11 00:34	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2014-12-11 00:34 . 2014-12-11 00:34	2048	----a-w-	c:\windows\system32\mferror.dll
2014-12-11 00:34 . 2014-12-11 00:34	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2014-12-11 00:34 . 2014-12-11 00:34	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-11 00:32 . 2014-12-11 00:11	165888	----a-w-	c:\windows\system32\charmap.exe
2014-12-11 00:32 . 2014-12-11 00:11	155136	----a-w-	c:\windows\SysWow64\charmap.exe
2014-12-11 00:31 . 2014-12-11 00:11	2020352	----a-w-	c:\windows\system32\WsmSvc.dll
2014-12-11 00:31 . 2014-12-11 00:11	1177088	----a-w-	c:\windows\SysWow64\WsmSvc.dll
2014-12-11 00:31 . 2014-12-11 00:11	346624	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 00:31 . 2014-12-11 00:11	310272	----a-w-	c:\windows\system32\WsmWmiPl.dll
2014-12-11 00:31 . 2014-12-11 00:11	266240	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2014-12-11 00:31 . 2014-12-11 00:11	248832	----a-w-	c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-11 00:31 . 2014-12-11 00:11	214016	----a-w-	c:\windows\SysWow64\WsmWmiPl.dll
2014-12-11 00:31 . 2014-12-11 00:11	198656	----a-w-	c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-11 00:31 . 2014-12-11 00:11	181248	----a-w-	c:\windows\system32\WsmAuto.dll
2014-12-11 00:31 . 2014-12-11 00:11	145920	----a-w-	c:\windows\SysWow64\WsmAuto.dll
2014-12-11 00:31 . 2014-12-11 00:11	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-12-11 00:31 . 2014-12-11 00:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-04 02:30 . 2014-12-04 02:30	0	-c--a-w-	c:\windows\SysWow64\sho62E6.tmp
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-12-04 02:07 . 2014-12-03 13:04	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-12-04 02:07 . 2014-12-03 13:04	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-12-03 12:45 . 2014-12-03 12:45	0	-c--a-w-	c:\windows\SysWow64\shoAA5B.tmp
2014-12-02 19:47 . 2014-12-01 13:11	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-12-02 19:47 . 2014-12-01 13:11	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-12-02 19:47 . 2014-12-01 13:11	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-12-02 19:47 . 2014-12-01 13:11	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-12-02 19:47 . 2014-12-01 13:11	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-07-04 191528]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-11-05 295512]
.
c:\users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-4-4 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE"
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-26 12:03	1096520	-c--a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 17:36]
.
2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 17:36]
.
2015-01-12 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-06-30 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %ProgramFiles%\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-28  01:59:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-28 00:59
.
Vor Suchlauf: 92 Verzeichnis(se), 41.876.635.648 Bytes frei
Nach Suchlauf: 100 Verzeichnis(se), 41.392.832.512 Bytes frei
.
- - End Of File - - 195CC70D5D4421CF58C7501159EBFCF8
         

Geändert von moona (28.01.2015 um 02:13 Uhr)

Alt 28.01.2015, 12:42   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Das es nur halb so wild is. Noch bissl Adware.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.01.2015, 18:08   #10
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.01.2015
Suchlauf-Zeit: 17:18:02
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.28.07
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ms

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 416358
Verstrichene Zeit: 22 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 17:50:48
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ms - KLEOPATRA
# Gestartet von : C:\Users\ms\Downloads\Firefox\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v


-\\ Opera v25.0.1614.68


*************************

AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [1135 octets] - [27/01/2015 12:12:19]
AdwCleaner[R4].txt - [1199 octets] - [28/01/2015 17:48:09]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]
AdwCleaner[S2].txt - [1121 octets] - [28/01/2015 17:50:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1181 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by ms on 28.01.2015 at 17:59:12,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ms\AppData\Roaming\mozilla\firefox\profiles\b8qlvk6x.default-1417579723982\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.01.2015 at 18:03:57,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
warum ist denn der Start von Firefox immer noch so extrem langsam?
und warum scheitert das Sicherheitsupdate von Microsoft?

Alt 28.01.2015, 18:53   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2015, 06:03   #12
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Code:
ATTFilter
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir	Variante von Android/Mobserv.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ver5BlockAndSurf\j6BlockAndSurfZ54.exe_rm_.vir	Variante von Win32/Adware.AddLyrics.DN Anwendung
C:\Users\ms\Downloads\pcbeschleunigen_e1c19d3adc4c46ad89317768d7a8cdec_.exe	Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\ccleaner\CCleaner - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\daemon tools\DTLite4471-0333.exe	Win32/DownWare.L evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\DIVX\Afreecodec_downloader_For_K_Lite_Mega_Codec_Pack.exe	Variante von Win32/BSDownloader evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Free Studio\FreeAudioCDToMP3Converter.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Free Studio\FreeDiscBurner.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Ghostery..stoppt Skripts\ghostery-5.1.2-sm_fx_an.xpi - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Mediathekendownload\MediathekView - CHIP-Downloader.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Segmenti_Silbentrennung\TVSetup.exe	Win32/Toolbar.Inbox.A evtl. unerwünschte Anwendung
C:\Users\ms\Downloads\Wörterbuch Türkisch\LingoPad - CHIP-Installer.exe	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-18 220916\Backup Files 2015-01-18 220916\Backup files 8.zip	Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 10.zip	Win32/DownWare.L evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 11.zip	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 12.zip	Win32/Toolbar.Inbox.A evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 13.zip	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 8.zip	Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 000040\Backup Files 2015-01-26 000040\Backup files 9.zip	Win32/InstallMonetizer.BB evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 10.zip	Win32/Toolbar.Inbox.A evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 11.zip	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 6.zip	Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 7.zip	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 8.zip	Win32/DownWare.L evtl. unerwünschte Anwendung
D:\KLEOPATRA\Backup Set 2015-01-26 215945\Backup Files 2015-01-26 225543\Backup files 9.zip	Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
         
Hab Eset anweisungsgemäß über Systemsteuerung gelöscht.

Auf "Programme" kann ich nicht mehr zugreifen um den Ordner zu löschen, ( weil der Explorer abstürzt? ) Wenn ich "Programme" oder "Programme(*86) anklicke, lande ich sofort wieder auf dem Desktop. Ein ähnliches Phänomen hatte ich bereits vor einigen Tagen, war dann aber wieder verschwunden.

Was soll ich tun? Trotzdem noch "Security Check" starten?

Geändert von moona (29.01.2015 um 06:38 Uhr)

Alt 29.01.2015, 12:12   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Ja, und das frische FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.01.2015, 20:39   #14
moona
 
Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Code:
ATTFilter
 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Wise Registry Cleaner 8.31  
 JavaFX 2.1.1    
 Java 7 Update 17  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.296  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
 Google Chrome 36.0.1985.143  Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
den hier hab ich irrtümlich gemacht.. (verklickt )
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by ms on 29.01.2015 at 13:34:30,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 13:38:34,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
nu das Richtige....





FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by ms (administrator) on KLEOPATRA on 29-01-2015 13:43:01
Running from C:\Users\ms\Downloads\Firefox\Neuer Ordner
Loaded Profiles: ms (Available profiles: ms & Marina)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Windows\AsScrPro.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\ms\Downloads\Firefox\Neuer Ordner\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Thisisu) C:\Users\ms\Downloads\Firefox\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2014-11-05] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-348309450-1816809450-22596906-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-348309450-1816809450-22596906-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-348309450-1816809450-22596906-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-348309450-1816809450-22596906-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 15 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 10 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 01 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 02 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 03 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 15 C:\Program Files\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-348309450-1816809450-22596906-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: NoScript - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-12-03]
FF Extension: eCleaner - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2015-01-26]
FF Extension: Adblock Plus - C:\Users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-03]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome: 
=======
CHR Profile: C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealDownloader) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-03-06]
CHR Extension: (Google Wallet) - C:\Users\ms\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-02] (DT Soft Ltd)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-02] (Duplex Secure Ltd.)
U3 af9h1m4f; C:\Windows\System32\Drivers\af9h1m4f.sys [0 ] (JMicron Technology Corporation) <==== ATTENTION (zero size file/folder)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 13:38 - 2015-01-29 13:38 - 00000622 ____C () C:\Users\ms\Desktop\JRT.txt
2015-01-28 17:17 - 2015-01-28 17:17 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-28 17:16 - 2015-01-28 17:16 - 00001100 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-28 17:16 - 2015-01-28 17:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-28 17:16 - 2015-01-28 17:16 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-28 17:16 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-28 17:16 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-28 17:16 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-28 02:19 - 2015-01-28 02:21 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-28 02:19 - 2015-01-28 02:20 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-28 02:19 - 2015-01-28 02:20 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-28 01:59 - 2015-01-28 01:59 - 00032331 ____C () C:\ComboFix.txt
2015-01-28 01:32 - 2015-01-28 01:59 - 00000000 ___DC () C:\Qoobox
2015-01-28 01:32 - 2011-06-26 07:45 - 00256000 ____C () C:\Windows\PEV.exe
2015-01-28 01:32 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-01-28 01:32 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe
2015-01-28 01:32 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe
2015-01-28 01:31 - 2015-01-28 01:55 - 00000000 ___DC () C:\Windows\erdnt
2015-01-27 19:46 - 2015-01-27 19:46 - 00000000 ____C () C:\Windows\SysWOW64\shoC61C.tmp
2015-01-27 19:44 - 2015-01-27 19:44 - 00000000 ___DC () C:\3a7f6e15900cee526f1fbc
2015-01-27 19:40 - 2015-01-27 19:40 - 00000000 ___DC () C:\Users\ms\Downloads\windows updates störungsfreier
2015-01-27 18:44 - 2015-01-27 18:45 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-27 18:44 - 2015-01-27 18:45 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-27 16:15 - 2015-01-27 16:16 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-27 16:15 - 2015-01-27 16:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-27 16:15 - 2015-01-27 16:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-27 16:11 - 2015-01-27 16:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-27 16:11 - 2012-08-23 15:08 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-27 16:07 - 2015-01-27 16:17 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-27 16:06 - 2015-01-27 16:17 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-27 15:21 - 2015-01-29 12:48 - 00000672 ____C () C:\Windows\setupact.log
2015-01-27 15:21 - 2015-01-28 17:52 - 00001804 ____C () C:\Windows\PFRO.log
2015-01-27 15:21 - 2015-01-27 15:21 - 00437400 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-01-27 15:21 - 2015-01-27 15:21 - 00000000 ____C () C:\Windows\setuperr.log
2015-01-27 14:07 - 2015-01-28 01:28 - 00000000 ___DC () C:\Program Files (x86)\SpywareBlaster
2015-01-27 14:07 - 2015-01-27 14:07 - 00001077 ____C () C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-01-27 14:07 - 2015-01-27 14:07 - 00000000 ___DC () C:\ProgramData\Licenses
2015-01-27 13:24 - 2015-01-27 13:24 - 00001191 ____C () C:\Users\ms\Desktop\JRT - Verknüpfung.lnk
2015-01-27 13:12 - 2015-01-27 13:12 - 00000000 ___DC () C:\Windows\ERUNT
2015-01-27 12:45 - 2015-01-29 13:43 - 00000000 ___DC () C:\FRST
2015-01-27 11:08 - 2015-01-27 11:08 - 00120320 ____C () C:\Users\ms\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-27 10:52 - 2015-01-27 10:52 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-01-26 23:09 - 2015-01-26 23:14 - 00002119 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-01-26 23:09 - 2015-01-26 23:14 - 00001912 ____C () C:\Windows\epplauncher.mif
2015-01-26 23:08 - 2015-01-26 23:13 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Security Client
2015-01-26 23:07 - 2015-01-26 23:14 - 00000000 ___DC () C:\Program Files\Microsoft Security Client
2015-01-26 22:29 - 2015-01-26 22:29 - 00000000 ____C () C:\Windows\SysWOW64\sho9EF.tmp
2015-01-26 22:18 - 2015-01-26 22:20 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 19:11 - 2015-01-26 19:11 - 00000000 ____C () C:\autoexec.bat
2015-01-26 19:10 - 2015-01-26 19:10 - 00000000 ___DC () C:\sh4ldr
2015-01-26 19:09 - 2015-01-26 19:09 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2015-01-23 15:26 - 2015-01-26 21:47 - 00000000 ___DC () C:\FreeOCR
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\iTunes
2015-01-22 21:28 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files (x86)\iTunes
2015-01-22 21:28 - 2015-01-22 21:28 - 00000000 ___DC () C:\Program Files\iPod
2015-01-22 21:18 - 2015-01-22 21:28 - 00000000 ___DC () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 21:16 - 2015-01-26 21:47 - 00000000 ___DC () C:\Program Files (x86)\Bonjour
2015-01-22 21:16 - 2015-01-26 21:46 - 00000000 ___DC () C:\Program Files\Bonjour
2015-01-22 15:38 - 2015-01-22 15:38 - 00000000 ____C () C:\Windows\SysWOW64\shoD692.tmp
2015-01-20 20:18 - 2015-01-20 20:18 - 00000000 ____C () C:\Windows\SysWOW64\sho97FF.tmp
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Real
2015-01-20 14:37 - 2015-01-20 14:37 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Real
2015-01-14 12:43 - 2015-01-14 17:38 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 12:43 - 2015-01-14 17:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:42 - 2015-01-14 17:38 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:37 - 2015-01-14 17:38 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 12:37 - 2015-01-14 17:38 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 12:37 - 2015-01-14 17:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 03:31 - 2015-01-14 03:31 - 00000000 ____C () C:\Windows\SysWOW64\sho72C1.tmp
2015-01-13 03:18 - 2015-01-13 03:18 - 00000000 ____C () C:\Windows\SysWOW64\shoD0BA.tmp
2015-01-12 09:28 - 2015-01-12 09:28 - 00000355 ____C () C:\Users\ms\Documents\Computer - Verknüpfung.lnk
2015-01-12 03:15 - 2015-01-12 03:15 - 00000000 ____C () C:\Windows\SysWOW64\sho83A.tmp
2015-01-11 19:31 - 2015-01-22 15:28 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\WiseUpdate
2015-01-11 04:32 - 2015-01-11 04:33 - 00000000 ___DC () C:\afd82bc8219b0339f691aaa3fe6fd92e
2015-01-11 03:24 - 2015-01-11 03:26 - 00000000 ___DC () C:\e3e395ec3b549020b4354be2
2015-01-11 03:02 - 2015-01-11 03:04 - 00000000 ___DC () C:\a7a4e9af4fb6ec59e01508676f96de14
2015-01-10 03:05 - 2015-01-10 03:07 - 00000000 ___DC () C:\9b07d5d3e7a75a14c52ebd91
2015-01-09 10:43 - 2015-01-09 13:43 - 00011469 _____ () C:\Users\ms\Documents\0109_Teilnehmerliste.xlsx
2015-01-09 10:30 - 2015-01-09 10:31 - 00011373 _____ () C:\Users\ms\Documents\0901_Teilnehmerliste.xlsx
2015-01-09 03:02 - 2015-01-09 03:04 - 00000000 ___DC () C:\ef4261d189143e43de74b3bcadaa0c02
2015-01-09 01:23 - 2015-01-09 10:29 - 00011194 _____ () C:\Users\ms\Documents\Teilnehmerliste.xlsx
2015-01-08 18:43 - 2015-01-28 17:50 - 00000000 ___DC () C:\AdwCleaner
2015-01-08 12:34 - 2015-01-08 12:36 - 00000000 ___DC () C:\5eaf4e3b1df9bcb06a140e7579e784
2015-01-08 04:41 - 2015-01-08 04:43 - 00000000 ___DC () C:\ba3d6355d0e7b2ea68e63b
2015-01-08 03:03 - 2015-01-08 03:06 - 00000000 ___DC () C:\80f37e2564837500be
2015-01-07 16:24 - 2015-01-07 16:27 - 00000000 ___DC () C:\43936e5f1939b65c5a6953e6
2015-01-07 01:08 - 2015-01-07 01:10 - 00000000 ___DC () C:\f514b1ffda68a3a96d5c0bb2cf7e
2015-01-06 15:29 - 2015-01-06 15:29 - 00000000 ____C () C:\Windows\SysWOW64\shoECC8.tmp
2015-01-06 15:27 - 2015-01-06 15:29 - 00000000 ___DC () C:\e5f8571611fc9eb03290b00b33c2
2015-01-06 06:17 - 2015-01-06 06:17 - 00000000 ____C () C:\Windows\SysWOW64\shoA273.tmp
2015-01-06 06:15 - 2015-01-06 06:16 - 00000000 ___DC () C:\bc62b273202b2a2d3ba54f361f
2015-01-06 05:49 - 2015-01-29 05:50 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Skype
2015-01-06 05:49 - 2015-01-28 18:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00002141 ____C () C:\Users\ms\Desktop\Skype.lnk
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 __RDC () C:\Program Files (x86)\Skype
2015-01-06 05:49 - 2015-01-06 05:49 - 00000000 ___DC () C:\Users\ms\AppData\Local\Skype
2015-01-06 05:48 - 2015-01-06 05:48 - 00000000 ___DC () C:\ProgramData\Skype
2015-01-06 05:44 - 2015-01-06 05:46 - 00000000 ___DC () C:\Users\ms\Downloads\skype
2015-01-06 05:28 - 2015-01-06 05:30 - 00000000 ___DC () C:\cb6b89e93d762edf5c06cdb5
2015-01-05 03:52 - 2015-01-05 03:55 - 00000000 ___DC () C:\1822221633495573b8
2015-01-04 03:55 - 2015-01-04 03:57 - 00000000 ___DC () C:\3e4c7b04819d2bc4d5487e9b1eb7fa
2015-01-03 12:23 - 2015-01-03 12:23 - 00000000 _SHDC () C:\Users\ms\AppData\Local\EmieBrowserModeList
2015-01-03 03:10 - 2015-01-03 03:12 - 00000000 ___DC () C:\1fb40d568f5ec3a269cf756119412132
2015-01-02 23:46 - 2015-01-02 23:48 - 00000000 ___DC () C:\ce32657ca2cf6f6ecca3390055143a
2015-01-02 23:42 - 2015-01-02 23:42 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\PC-FAX TX
2015-01-02 05:25 - 2015-01-02 05:27 - 00000000 ___DC () C:\5c40cdc0d5f45c5e97b658a30b
2015-01-01 22:28 - 2015-01-01 22:30 - 00000000 ___DC () C:\07b9b2972ba5c9f28ae22bbe00126a1f
2015-01-01 06:07 - 2015-01-01 06:09 - 00000000 ___DC () C:\220425c0a1578e921a9f67
2015-01-01 05:07 - 2015-01-01 05:07 - 00000000 ____C () C:\Windows\SysWOW64\shoFEA7.tmp
2015-01-01 05:05 - 2015-01-01 05:06 - 00000000 ___DC () C:\387e8b1d129a9244d6
2015-01-01 03:01 - 2015-01-01 03:03 - 00000000 ___DC () C:\805116f115698068b3
2014-12-31 19:11 - 2014-12-31 19:13 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Wise Registry Cleaner
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Macromedia
2014-12-31 15:55 - 2014-12-31 15:55 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Macromedia
2014-12-31 15:53 - 2015-01-18 02:48 - 00008234 ____C () C:\Users\Marina\DesktopStCenter.txt
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Mozilla
2014-12-31 15:53 - 2014-12-31 15:53 - 00000000 ___DC () C:\Users\Marina\AppData\Local\Mozilla
2014-12-31 15:17 - 2014-12-31 15:23 - 00000000 ___DC () C:\335610c6c8e09682eb6a797c
2014-12-31 05:11 - 2014-12-31 05:13 - 00000000 ___DC () C:\edb757e063a3858ad4cd8526b755
2014-12-30 16:36 - 2014-12-30 16:41 - 00000000 ___DC () C:\6e302748143f7779516b3c465ea39c
2014-12-30 03:01 - 2014-12-30 03:03 - 00000000 ___DC () C:\c180fbd747f888624503

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-29 13:17 - 2014-04-15 13:45 - 01144467 ____C () C:\Windows\WindowsUpdate.log
2015-01-29 13:16 - 2012-04-04 12:06 - 06901986 ____C () C:\Users\ms\DesktopStCenter.txt
2015-01-29 12:55 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-29 12:55 - 2009-07-14 05:45 - 00021472 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-29 12:48 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-01-29 06:47 - 2012-04-04 12:07 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\FRITZ!
2015-01-29 06:42 - 2012-06-20 17:59 - 00000000 ___DC () C:\Users\ms\AppData\Local\Apps\2.0
2015-01-29 06:24 - 2011-08-17 01:03 - 00045056 ____C () C:\Windows\system32\acovcnt.exe
2015-01-28 21:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-28 17:47 - 2012-06-16 11:37 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox
2015-01-28 01:59 - 2009-07-14 04:20 - 00000000 _RHDC () C:\Users\Default
2015-01-28 01:52 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-01-28 01:49 - 2009-07-14 03:34 - 92274688 _____ () C:\Windows\system32\config\software.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 18350080 _____ () C:\Windows\system32\config\system.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 01220608 _____ () C:\Windows\system32\config\default.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 00061440 _____ () C:\Windows\system32\config\sam.bak
2015-01-28 01:49 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2015-01-28 01:41 - 2011-08-17 01:01 - 00000000 ___DC () C:\ProgramData\Temp
2015-01-27 17:59 - 2009-07-14 04:20 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-27 17:56 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2015-01-27 17:16 - 2014-09-18 15:06 - 00000000 ___DC () C:\Users\ms\Documents\Rechnerprobs
2015-01-27 15:54 - 2013-09-26 12:07 - 00000000 ___DC () C:\Program Files (x86)\Magic Workstation
2015-01-27 15:22 - 2011-08-17 01:01 - 00001412 ____C () C:\Windows\system32\ServiceFilter.ini
2015-01-27 14:48 - 2012-06-16 11:43 - 00000000 ___DC () C:\Users\ms\Downloads\Adobe
2015-01-27 14:44 - 2014-08-07 13:53 - 00000000 ___DC () C:\Users\ms\AppData\Local\Adobe
2015-01-27 14:44 - 2012-09-20 11:43 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-27 14:44 - 2012-06-24 08:45 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 14:30 - 2014-08-08 18:55 - 00000000 ___DC () C:\Users\ms\Desktop\Tor Browser
2015-01-27 10:34 - 2014-11-08 18:22 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 21:59 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2014-02-26 22:53 - 00000000 ___DC () C:\Users\Marina
2015-01-26 21:47 - 2013-04-02 15:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cornelsen
2015-01-26 21:47 - 2013-02-01 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
2015-01-26 21:47 - 2013-01-02 00:15 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2012-10-11 22:24 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-26 21:47 - 2012-09-05 08:13 - 00000000 ___DC () C:\Users\ms\Desktop\Computer-tools
2015-01-26 21:47 - 2012-09-04 15:23 - 00000000 ___DC () C:\Users\ms\Downloads\Brother
2015-01-26 21:47 - 2012-07-16 16:17 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLC E-Learning Resource
2015-01-26 21:47 - 2012-07-06 23:54 - 00000000 ___DC () C:\Users\ms\Desktop\Deutsch
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-22 12:12 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\Users\ms\Documents\Audible
2015-01-26 21:47 - 2012-06-06 16:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2015-01-26 21:47 - 2012-05-12 15:32 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Segmenti
2015-01-26 21:47 - 2012-05-12 14:45 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Puzzle! - Druckmaschine
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-26 21:47 - 2012-05-06 20:55 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graboid Video
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Windows\System32\Tasks\Apple
2015-01-26 21:47 - 2012-03-20 16:46 - 00000000 ___DC () C:\Program Files (x86)\Apple Software Update
2015-01-26 21:47 - 2012-01-10 00:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-01-26 21:47 - 2011-11-26 22:02 - 00000000 ___DC () C:\Windows\system32\Macromed
2015-01-26 21:47 - 2011-11-17 23:06 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-26 21:47 - 2011-11-11 17:41 - 00000000 ___DC () C:\Program Files (x86)\Brother
2015-01-26 21:47 - 2011-11-10 18:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
2015-01-26 21:47 - 2011-11-10 10:24 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 01:05 - 00000000 ___DC () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-01-26 21:47 - 2011-08-17 00:58 - 00000000 ___DC () C:\ProgramData\P4G
2015-01-26 21:47 - 2011-08-17 00:53 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-01-26 21:47 - 2011-08-17 00:46 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-01-26 21:47 - 2011-04-09 19:58 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-01-26 21:47 - 2011-04-09 19:47 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-26 21:47 - 2011-02-19 10:02 - 00000000 ___DC () C:\Windows\SysWOW64\XPSViewer
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files\MSBuild
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\Reference Assemblies
2015-01-26 21:47 - 2009-07-14 06:32 - 00000000 ___DC () C:\Program Files (x86)\MSBuild
2015-01-26 21:47 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\AppCompat
2015-01-26 21:46 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\registration
2015-01-26 21:43 - 2014-11-06 16:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2015-01-26 21:43 - 2011-08-17 00:50 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2015-01-22 21:12 - 2012-03-28 11:41 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\Apple Computer
2015-01-22 20:04 - 2012-05-06 21:04 - 00000000 ___DC () C:\Users\ms\AppData\Roaming\vlc
2015-01-22 17:12 - 2014-12-02 14:37 - 00000000 ____D () C:\found.001
2015-01-22 17:12 - 2014-12-01 14:23 - 00000000 ____D () C:\found.000
2015-01-20 15:50 - 2009-07-14 06:09 - 00000000 ___DC () C:\Windows\System32\Tasks\WPD
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2011-08-17 00:56 - 00120320 ____C () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-20 14:37 - 2009-07-14 05:57 - 00001547 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 14:35 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-16 22:31 - 2014-02-26 22:54 - 00000000 ___DC () C:\Users\Marina\AppData\Roaming\FRITZ!
2015-01-15 09:17 - 2012-07-17 17:34 - 00000000 ___DC () C:\Users\ms\Documents\Wohnung
2015-01-14 17:38 - 2013-08-15 02:03 - 00000000 ___DC () C:\Windows\system32\MRT
2015-01-14 17:29 - 2011-11-11 16:07 - 113365784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 16:18 - 2011-11-10 23:50 - 00004096 ____C () C:\Users\Public\Documents\00000044.LCS
2015-01-13 03:03 - 2011-11-10 12:34 - 01653160 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-13 03:03 - 2011-02-19 10:08 - 00721112 ____C () C:\Windows\system32\perfh007.dat
2015-01-13 03:03 - 2011-02-19 10:08 - 00158288 ____C () C:\Windows\system32\perfc007.dat
2015-01-13 03:03 - 2009-07-14 06:13 - 01653160 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 19:55 - 2013-10-16 18:55 - 00000460 ____C () C:\Windows\Tasks\Wise Registry Cleaner Schedule Task.job
2015-01-10 10:38 - 2012-06-16 12:09 - 00000000 ___DC () C:\Users\ms\Downloads\Firefox_Bookmarks
2015-01-08 09:55 - 2012-05-03 14:18 - 00298120 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-02 23:42 - 2012-12-20 12:15 - 00000778 ____C () C:\Windows\Brpfx04a.ini

==================== Files in the root of some directories =======

2014-06-26 02:01 - 2014-06-26 02:01 - 6010880 ____C () C:\Program Files (x86)\GUT87B5.tmp
2012-07-29 17:01 - 2006-06-02 13:27 - 0017542 ____C () C:\Program Files\Common Files\Net4Switch.ico
2008-05-22 16:35 - 2008-05-22 16:35 - 0051962 ____C () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 18:31 - 2009-04-08 18:31 - 0106496 ____C () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2014-05-26 17:47 - 2003-03-21 11:45 - 0250544 ____C (KeyWorks Software) C:\Program Files (x86)\Common Files\keyhelp.ocx
2008-08-12 05:45 - 2008-08-12 05:45 - 0155648 ____C (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2014-11-05 10:35 - 2014-11-05 10:35 - 0000115 ____C () C:\Users\ms\AppData\Roaming\Camdata.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamLayout.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0000408 ____C () C:\Users\ms\AppData\Roaming\CamShapes.ini
2014-11-05 10:35 - 2014-11-05 10:35 - 0004416 ____C () C:\Users\ms\AppData\Roaming\CamStudio.cfg
2011-04-09 19:59 - 2010-07-07 00:10 - 0131472 ____C () C:\ProgramData\FullRemove.exe
2011-08-17 01:05 - 2011-08-17 01:06 - 0000105 ____C () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-17 01:04 - 2011-08-17 01:05 - 0000107 ____C () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\ms\AppData\Local\Temp\Quarantine.exe
C:\Users\ms\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-26 10:17

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Interessant... nu hat sich in Firefox der Bildschirm rauf und runter bewegt....

und was ich getippt hab (also der Satz von "Interessant" bis "bewegt"), ist direkt übernommen worden in den Post ohne dass ich es abschicken musste
zwei Boldtags wurden ohne mein Zutun eingefügt und eben hat der gesamte Bildschirm geflackert

Hast du schon herausgefunden, was die Ursache der ganzen Störungen ist?

p.s:
Windows Explorer stürzt immer noch ständig ab

14:44

eben grad nen totalen Schreck gekriegt: Rechner wieder hochgefahren..
schwarzer Bildschirm mit Start-Leiste am unteren Rand nur mit IE, ohne Firefox und der Rechner hat keinerlei Dateien gefunden..,
wollte Berechtigungen für IE auf Internet zuzugreifen.
Rechner wieder runtergefahren, dann war die Oberfläche wieder richtig...


aber es gibt zzt. nach wie vor merkwürdige Effekte bei Firefox: z.B. unkontrolliertes Flimmern des Bildschirms...
auch der Windows Explorer stürzt nach wie vor ständig ab...

15:24

Totaler Systemcrash... habe Windows im abgesicherten Modus hochgefahren und den Zustand von gestern, 11:06 wiederhergestellt

hab nochmal ComboFix (wurde heute auch gleich upgedatet) gestartet:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 15-01-29.01 - ms 29.01.2015  16:49:20.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1900.734 [GMT 1:00]
ausgeführt von:: c:\users\ms\Downloads\Firefox\Neuer Ordner\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-28 bis 2015-01-29  ))))))))))))))))))))))))))))))
.
.
2015-01-29 15:57 . 2015-01-29 15:57	--------	dc----w-	c:\windows\system32\config\systemprofile\AppData\Local\temp
2015-01-29 15:57 . 2015-01-29 15:57	--------	dc----w-	c:\users\Marina\AppData\Local\temp
2015-01-29 15:57 . 2015-01-29 15:57	--------	dc----w-	c:\users\Default\AppData\Local\temp
2015-01-29 15:17 . 2014-12-15 03:13	11870360	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4955BCE2-BEC8-4066-87E9-2A827A1329AF}\mpengine.dll
2015-01-29 14:21 . 2014-12-15 03:13	11870360	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-29 13:35 . 2015-01-29 13:35	--------	dcsh--w-	c:\windows\system32\config\systemprofile\AppData\Local\EmieSiteList
2015-01-28 01:19 . 2015-01-28 01:20	6584320	----a-w-	c:\windows\system32\mstscax.dll
2015-01-28 01:19 . 2015-01-28 01:20	5703168	----a-w-	c:\windows\SysWow64\mstscax.dll
2015-01-28 01:19 . 2015-01-28 01:21	87040	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-01-27 18:46 . 2015-01-27 18:46	0	-c--a-w-	c:\windows\SysWow64\shoC61C.tmp
2015-01-27 18:44 . 2015-01-27 18:44	--------	dc----w-	C:\3a7f6e15900cee526f1fbc
2015-01-27 17:44 . 2015-01-27 17:45	3179520	----a-w-	c:\windows\system32\rdpcorets.dll
2015-01-27 17:44 . 2015-01-27 17:45	16384	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-27 15:11 . 2015-01-27 15:13	19456	----a-w-	c:\windows\system32\drivers\rdpvideominiport.sys
2015-01-27 15:11 . 2012-08-23 14:08	30208	-c--a-w-	c:\windows\system32\drivers\TsUsbGD.sys
2015-01-27 15:11 . 2015-01-27 15:13	243200	----a-w-	c:\windows\system32\rdpudd.dll
2015-01-27 15:11 . 2015-01-27 15:13	228864	----a-w-	c:\windows\system32\rdpendp_winip.dll
2015-01-27 15:11 . 2015-01-27 15:13	192000	----a-w-	c:\windows\SysWow64\rdpendp_winip.dll
2015-01-27 15:07 . 2015-01-27 15:17	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2015-01-27 15:06 . 2015-01-27 15:17	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2015-01-27 13:07 . 2015-01-27 13:07	--------	dc----w-	c:\programdata\Licenses
2015-01-27 13:07 . 2015-01-28 00:28	--------	dc----w-	c:\program files (x86)\SpywareBlaster
2015-01-27 12:12 . 2015-01-27 12:12	--------	dc----w-	c:\windows\ERUNT
2015-01-27 11:45 . 2015-01-27 14:36	--------	dc----w-	C:\FRST
2015-01-27 09:53 . 2015-01-28 00:24	129752	-c--a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-27 09:52 . 2015-01-29 14:20	--------	dc----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2015-01-27 09:52 . 2015-01-27 09:52	--------	dc----w-	c:\programdata\Malwarebytes
2015-01-27 09:52 . 2014-11-21 05:14	63704	-c--a-w-	c:\windows\system32\drivers\mwac.sys
2015-01-27 09:52 . 2014-11-21 05:14	93400	-c--a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-27 09:52 . 2014-11-21 05:14	25816	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2015-01-26 22:27 . 2015-01-26 22:27	1188440	-c--a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D8510D5-6424-46EC-B4FA-6F4C5104841B}\gapaengine.dll
2015-01-26 22:08 . 2015-01-26 22:13	--------	dc----w-	c:\program files (x86)\Microsoft Security Client
2015-01-26 22:07 . 2015-01-26 22:14	--------	dc----w-	c:\program files\Microsoft Security Client
2015-01-26 21:29 . 2015-01-26 21:29	0	-c--a-w-	c:\windows\SysWow64\sho9EF.tmp
2015-01-26 21:17 . 2014-12-02 10:26	11870360	-c--a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{465EB45E-9387-440D-81C9-0B3981A1F9CA}\mpengine.dll
2015-01-26 18:10 . 2015-01-26 18:10	--------	dc----w-	C:\sh4ldr
2015-01-26 18:09 . 2015-01-26 18:09	--------	dc----w-	c:\program files\Enigma Software Group
2015-01-23 14:26 . 2015-01-26 20:47	--------	dc----w-	C:\FreeOCR
2015-01-22 20:28 . 2015-01-22 20:28	--------	dc----w-	c:\program files\iPod
2015-01-22 20:28 . 2015-01-26 20:46	--------	dc----w-	c:\program files (x86)\iTunes
2015-01-22 20:28 . 2015-01-26 20:46	--------	dc----w-	c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-22 20:28 . 2015-01-26 20:46	--------	dc----w-	c:\program files\iTunes
2015-01-22 20:18 . 2015-01-22 20:28	--------	dc----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-22 20:16 . 2015-01-26 20:47	--------	dc----w-	c:\program files (x86)\Bonjour
2015-01-22 20:16 . 2015-01-26 20:46	--------	dc----w-	c:\program files\Bonjour
2015-01-22 14:38 . 2015-01-22 14:38	0	-c--a-w-	c:\windows\SysWow64\shoD692.tmp
2015-01-20 19:18 . 2015-01-20 19:18	0	-c--a-w-	c:\windows\SysWow64\sho97FF.tmp
2015-01-20 13:37 . 2015-01-20 13:37	--------	dc----w-	c:\windows\system32\config\systemprofile\AppData\Roaming\Stardock
2015-01-14 11:43 . 2015-01-14 16:38	210432	----a-w-	c:\windows\system32\profsvc.dll
2015-01-14 11:43 . 2015-01-14 16:38	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2015-01-14 11:43 . 2015-01-14 16:38	303616	----a-w-	c:\windows\system32\nlasvc.dll
2015-01-14 11:43 . 2015-01-14 16:38	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2015-01-14 11:42 . 2015-01-14 16:38	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-01-14 11:37 . 2015-01-14 16:38	5553592	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-01-14 11:37 . 2015-01-14 16:38	3971512	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-01-14 11:37 . 2015-01-14 16:38	3916728	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-01-14 11:37 . 2015-01-14 16:38	503808	----a-w-	c:\windows\system32\srcore.dll
2015-01-14 11:37 . 2015-01-14 16:38	50176	----a-w-	c:\windows\system32\srclient.dll
2015-01-14 11:37 . 2015-01-14 16:38	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-01-14 11:37 . 2015-01-14 16:38	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2015-01-14 02:31 . 2015-01-14 02:31	0	-c--a-w-	c:\windows\SysWow64\sho72C1.tmp
2015-01-13 02:18 . 2015-01-13 02:18	0	-c--a-w-	c:\windows\SysWow64\shoD0BA.tmp
2015-01-12 02:15 . 2015-01-12 02:15	0	-c--a-w-	c:\windows\SysWow64\sho83A.tmp
2015-01-11 18:31 . 2015-01-22 14:28	--------	dc----w-	c:\users\ms\AppData\Roaming\WiseUpdate
2015-01-11 03:32 . 2015-01-11 03:33	--------	dc----w-	C:\afd82bc8219b0339f691aaa3fe6fd92e
2015-01-11 02:24 . 2015-01-11 02:26	--------	dc----w-	C:\e3e395ec3b549020b4354be2
2015-01-11 02:02 . 2015-01-11 02:04	--------	dc----w-	C:\a7a4e9af4fb6ec59e01508676f96de14
2015-01-10 02:05 . 2015-01-10 02:07	--------	dc----w-	C:\9b07d5d3e7a75a14c52ebd91
2015-01-09 02:02 . 2015-01-09 02:04	--------	dc----w-	C:\ef4261d189143e43de74b3bcadaa0c02
2015-01-08 17:43 . 2015-01-28 16:50	--------	dc----w-	C:\AdwCleaner
2015-01-08 11:34 . 2015-01-08 11:36	--------	dc----w-	C:\5eaf4e3b1df9bcb06a140e7579e784
2015-01-08 03:41 . 2015-01-08 03:43	--------	dc----w-	C:\ba3d6355d0e7b2ea68e63b
2015-01-08 02:03 . 2015-01-08 02:06	--------	dc----w-	C:\80f37e2564837500be
2015-01-07 15:24 . 2015-01-07 15:27	--------	dc----w-	C:\43936e5f1939b65c5a6953e6
2015-01-07 00:08 . 2015-01-07 00:10	--------	dc----w-	C:\f514b1ffda68a3a96d5c0bb2cf7e
2015-01-06 14:29 . 2015-01-06 14:29	0	-c--a-w-	c:\windows\SysWow64\shoECC8.tmp
2015-01-06 14:27 . 2015-01-06 14:29	--------	dc----w-	C:\e5f8571611fc9eb03290b00b33c2
2015-01-06 05:17 . 2015-01-06 05:17	0	-c--a-w-	c:\windows\SysWow64\shoA273.tmp
2015-01-06 05:15 . 2015-01-06 05:16	--------	dc----w-	C:\bc62b273202b2a2d3ba54f361f
2015-01-06 04:49 . 2015-01-06 04:49	--------	dc----w-	c:\users\ms\AppData\Local\Skype
2015-01-06 04:49 . 2015-01-29 14:19	--------	dc----w-	c:\users\ms\AppData\Roaming\Skype
2015-01-06 04:49 . 2015-01-06 04:49	--------	dc----w-	c:\program files (x86)\Common Files\Skype
2015-01-06 04:49 . 2015-01-06 04:49	--------	dc----r-	c:\program files (x86)\Skype
2015-01-06 04:48 . 2015-01-06 04:48	--------	dc----w-	c:\programdata\Skype
2015-01-06 04:28 . 2015-01-06 04:30	--------	dc----w-	C:\cb6b89e93d762edf5c06cdb5
2015-01-05 02:52 . 2015-01-05 02:55	--------	dc----w-	C:\1822221633495573b8
2015-01-04 02:55 . 2015-01-04 02:57	--------	dc----w-	C:\3e4c7b04819d2bc4d5487e9b1eb7fa
2015-01-03 11:23 . 2015-01-03 11:23	--------	dcsh--w-	c:\users\ms\AppData\Local\EmieBrowserModeList
2015-01-03 02:10 . 2015-01-03 02:12	--------	dc----w-	C:\1fb40d568f5ec3a269cf756119412132
2015-01-02 22:46 . 2015-01-02 22:48	--------	dc----w-	C:\ce32657ca2cf6f6ecca3390055143a
2015-01-02 22:42 . 2015-01-02 22:42	--------	dc----w-	c:\users\Marina\AppData\Roaming\PC-FAX TX
2015-01-02 04:25 . 2015-01-02 04:27	--------	dc----w-	C:\5c40cdc0d5f45c5e97b658a30b
2015-01-01 21:28 . 2015-01-01 21:30	--------	dc----w-	C:\07b9b2972ba5c9f28ae22bbe00126a1f
2015-01-01 05:07 . 2015-01-01 05:09	--------	dc----w-	C:\220425c0a1578e921a9f67
2015-01-01 04:07 . 2015-01-01 04:07	0	-c--a-w-	c:\windows\SysWow64\shoFEA7.tmp
2015-01-01 04:05 . 2015-01-01 04:06	--------	dc----w-	C:\387e8b1d129a9244d6
2015-01-01 02:01 . 2015-01-01 02:03	--------	dc----w-	C:\805116f115698068b3
2014-12-31 18:11 . 2014-12-31 18:13	--------	dc----w-	c:\users\Marina\AppData\Roaming\Wise Registry Cleaner
2014-12-31 14:55 . 2014-12-31 14:55	--------	dc----w-	c:\users\Marina\AppData\Local\Macromedia
2014-12-31 14:53 . 2014-12-31 14:53	--------	dc----w-	c:\users\Marina\AppData\Local\Mozilla
2014-12-31 14:17 . 2014-12-31 14:23	--------	dc----w-	C:\335610c6c8e09682eb6a797c
2014-12-31 04:11 . 2014-12-31 04:13	--------	dc----w-	C:\edb757e063a3858ad4cd8526b755
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-29 15:06 . 2011-08-17 00:03	45056	-c--a-w-	c:\windows\system32\acovcnt.exe
2015-01-27 13:44 . 2012-09-20 10:43	701616	-c--a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-27 13:44 . 2012-06-24 07:45	71344	-c--a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 16:29 . 2011-11-11 15:07	113365784	-c--a-w-	c:\windows\system32\MRT.exe
2015-01-08 08:55 . 2012-05-03 13:18	298120	-c----w-	c:\windows\system32\MpSigStub.exe
2014-12-29 02:09 . 2014-12-29 02:09	0	-c--a-w-	c:\windows\SysWow64\sho969F.tmp
2014-12-24 02:19 . 2014-12-24 02:19	0	-c--a-w-	c:\windows\SysWow64\sho3820.tmp
2014-12-22 19:43 . 2014-12-22 19:43	0	-c--a-w-	c:\windows\SysWow64\shoE793.tmp
2014-12-21 02:23 . 2014-12-21 02:23	0	-c--a-w-	c:\windows\SysWow64\sho7EFB.tmp
2014-12-19 06:23 . 2014-12-18 20:45	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-19 06:23 . 2014-12-18 20:45	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-12-12 02:20 . 2014-12-12 02:20	0	-c--a-w-	c:\windows\SysWow64\shoAAB2.tmp
2014-12-11 00:50 . 2014-12-11 00:15	830976	----a-w-	c:\windows\system32\appraiser.dll
2014-12-11 00:50 . 2014-12-11 00:15	396800	----a-w-	c:\windows\system32\devinv.dll
2014-12-11 00:50 . 2014-12-11 00:15	1232040	----a-w-	c:\windows\system32\aitstatic.exe
2014-12-11 00:50 . 2014-12-11 00:15	741376	----a-w-	c:\windows\system32\invagent.dll
2014-12-11 00:50 . 2014-12-11 00:15	413184	----a-w-	c:\windows\system32\generaltel.dll
2014-12-11 00:50 . 2014-12-11 00:15	192000	----a-w-	c:\windows\system32\aepic.dll
2014-12-11 00:50 . 2014-12-11 00:15	1083392	----a-w-	c:\windows\system32\aeinv.dll
2014-12-11 00:50 . 2014-12-11 00:15	227328	----a-w-	c:\windows\system32\aepdu.dll
2014-12-11 00:38 . 2014-12-11 00:14	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-12-11 00:38 . 2014-12-11 00:14	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-12-11 00:35 . 2014-12-11 00:14	119296	----a-w-	c:\windows\system32\drivers\tdx.sys
2014-12-11 00:35 . 2014-12-11 00:14	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-12-11 00:35 . 2014-12-11 00:14	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-12-11 00:35 . 2014-12-11 00:14	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-12-11 00:35 . 2014-12-11 00:14	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 00:35 . 2014-12-11 00:14	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-12-11 00:35 . 2014-12-11 00:14	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-12-11 00:35 . 2014-12-11 00:14	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-12-11 00:35 . 2014-12-11 00:14	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-12-11 00:35 . 2014-12-11 00:14	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-12-11 00:35 . 2014-12-11 00:14	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-12-11 00:35 . 2014-12-11 00:14	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-12-11 00:35 . 2014-12-11 00:14	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-12-11 00:35 . 2014-12-11 00:14	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-12-11 00:35 . 2014-12-11 00:14	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-12-11 00:35 . 2014-12-11 00:14	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-12-11 00:35 . 2014-12-11 00:14	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-12-11 00:35 . 2014-12-11 00:14	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-12-11 00:35 . 2014-12-11 00:14	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-12-11 00:35 . 2014-12-11 00:14	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-12-11 00:35 . 2014-12-11 00:14	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-12-11 00:35 . 2014-12-11 00:14	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-12-11 00:35 . 2014-12-11 00:14	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-12-11 00:35 . 2014-12-11 00:14	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-12-11 00:35 . 2014-12-11 00:14	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-12-11 00:35 . 2014-12-11 00:14	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-12-11 00:35 . 2014-12-11 00:14	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-12-11 00:35 . 2014-12-11 00:14	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-12-11 00:35 . 2014-12-11 00:14	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-12-11 00:35 . 2014-12-11 00:14	633856	----a-w-	c:\windows\system32\ieui.dll
2014-12-11 00:35 . 2014-12-11 00:14	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-12-11 00:35 . 2014-12-11 00:14	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-12-11 00:35 . 2014-12-11 00:14	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-12-11 00:35 . 2014-12-11 00:14	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-12-11 00:35 . 2014-12-11 00:14	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-12-11 00:35 . 2014-12-11 00:14	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-12-11 00:35 . 2014-12-11 00:14	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-12-11 00:35 . 2014-12-11 00:14	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-12-11 00:35 . 2014-12-11 00:14	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-12-11 00:35 . 2014-12-11 00:14	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-12-11 00:35 . 2014-12-11 00:14	199680	----a-w-	c:\windows\system32\msrating.dll
2014-12-11 00:34 . 2014-12-11 00:34	55808	----a-w-	c:\windows\system32\rrinstaller.exe
2014-12-11 00:34 . 2014-12-11 00:34	50176	----a-w-	c:\windows\SysWow64\rrinstaller.exe
2014-12-11 00:34 . 2014-12-11 00:34	3209728	----a-w-	c:\windows\SysWow64\mf.dll
2014-12-11 00:34 . 2014-12-11 00:34	24576	----a-w-	c:\windows\system32\mfpmp.exe
2014-12-11 00:34 . 2014-12-11 00:34	23040	----a-w-	c:\windows\SysWow64\mfpmp.exe
2014-12-11 00:34 . 2014-12-11 00:34	206848	----a-w-	c:\windows\system32\mfps.dll
2014-12-11 00:34 . 2014-12-11 00:34	2048	----a-w-	c:\windows\SysWow64\mferror.dll
2014-12-11 00:34 . 2014-12-11 00:34	2048	----a-w-	c:\windows\system32\mferror.dll
2014-12-11 00:34 . 2014-12-11 00:34	103424	----a-w-	c:\windows\SysWow64\mfps.dll
2014-12-11 00:34 . 2014-12-11 00:34	4121600	----a-w-	c:\windows\system32\mf.dll
2014-12-11 00:32 . 2014-12-11 00:11	165888	----a-w-	c:\windows\system32\charmap.exe
2014-12-11 00:32 . 2014-12-11 00:11	155136	----a-w-	c:\windows\SysWow64\charmap.exe
2014-12-11 00:31 . 2014-12-11 00:11	2020352	----a-w-	c:\windows\system32\WsmSvc.dll
2014-12-11 00:31 . 2014-12-11 00:11	1177088	----a-w-	c:\windows\SysWow64\WsmSvc.dll
2014-12-11 00:31 . 2014-12-11 00:11	346624	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2014-12-11 00:31 . 2014-12-11 00:11	310272	----a-w-	c:\windows\system32\WsmWmiPl.dll
2014-12-11 00:31 . 2014-12-11 00:11	266240	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2014-12-11 00:31 . 2014-12-11 00:11	248832	----a-w-	c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-11 00:31 . 2014-12-11 00:11	214016	----a-w-	c:\windows\SysWow64\WsmWmiPl.dll
2014-12-11 00:31 . 2014-12-11 00:11	198656	----a-w-	c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-11 00:31 . 2014-12-11 00:11	181248	----a-w-	c:\windows\system32\WsmAuto.dll
2014-12-11 00:31 . 2014-12-11 00:11	145920	----a-w-	c:\windows\SysWow64\WsmAuto.dll
2014-12-11 00:31 . 2014-12-11 00:11	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-12-11 00:31 . 2014-12-11 00:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-04 02:30 . 2014-12-04 02:30	0	-c--a-w-	c:\windows\SysWow64\sho62E6.tmp
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-12-04 02:07 . 2014-12-03 13:04	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-12-04 02:07 . 2014-12-03 13:04	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-12-04 02:07 . 2014-12-03 13:04	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-12-03 12:45 . 2014-12-03 12:45	0	-c--a-w-	c:\windows\SysWow64\shoAA5B.tmp
2014-12-02 19:47 . 2014-12-01 13:11	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-12-02 19:47 . 2014-12-01 13:11	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-12-02 19:47 . 2014-12-01 13:11	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-12-02 19:47 . 2014-12-01 13:11	681984	----a-w-	c:\windows\system32\adtschema.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-09 57393]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-07-04 191528]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-11-05 295512]
.
c:\users\ms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\users\ms\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2012-4-4 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE"
"ATKMEDIA"=c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys;c:\windows\SYSNATIVE\DRIVERS\ipswuio.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 assd;assd; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE;c:\program files\FRITZ!DSL\IGDCTRL.EXE [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-26 12:03	1096520	-c--a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 17:36]
.
2014-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 17:36]
.
2015-01-12 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job
- c:\program files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [2012-06-30 09:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41	220160	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %ProgramFiles%\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ms\AppData\Roaming\Mozilla\Firefox\Profiles\b8qlvk6x.default-1417579723982\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-29  17:01:41
ComboFix-quarantined-files.txt  2015-01-29 16:01
ComboFix2.txt  2015-01-29 14:58
ComboFix3.txt  2015-01-28 00:59
.
Vor Suchlauf: 98 Verzeichnis(se), 42.332.512.256 Bytes frei
Nach Suchlauf: 99 Verzeichnis(se), 42.313.572.352 Bytes frei
.
- - End Of File - - 81EC4923BC8375B54CFC5B355BBD9BA7
         
--- --- ---

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.01.2015
Suchlauf-Zeit: 17:34:30
Logdatei: 
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.29.08
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: ms

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 416651
Verstrichene Zeit: 24 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 28/01/2015 um 17:48:09
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ms - KLEOPATRA
# Gestartet von : C:\Users\ms\Downloads\Firefox\AdwCleaner_4.109.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v


-\\ Opera v25.0.1614.68


*************************

AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [1135 octets] - [27/01/2015 12:12:19]
AdwCleaner[R4].txt - [940 octets] - [28/01/2015 17:48:09]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1119 octets] ##########
         
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.109 - Bericht erstellt am 29/01/2015 um 18:08:11
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-26.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ms - KLEOPATRA
# Gestartet von : C:\Users\ms\Desktop\AdwCleaner_4.109.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)


-\\ Google Chrome v


-\\ Opera v25.0.1614.68


*************************

AdwCleaner[R0].txt - [7332 octets] - [08/01/2015 19:07:14]
AdwCleaner[R1].txt - [7392 octets] - [12/01/2015 08:42:19]
AdwCleaner[R2].txt - [2609 octets] - [27/01/2015 10:28:14]
AdwCleaner[R3].txt - [1135 octets] - [27/01/2015 12:12:19]
AdwCleaner[R4].txt - [2129 octets] - [28/01/2015 17:48:09]
AdwCleaner[S0].txt - [7836 octets] - [12/01/2015 09:16:53]
AdwCleaner[S1].txt - [3061 octets] - [27/01/2015 10:32:50]
AdwCleaner[S2].txt - [1261 octets] - [28/01/2015 17:50:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [2369 octets] ##########
         
[/CODE]
--- --- ---

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by ms on 29.01.2015 at 18:18:44,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 18:23:00,58
End of JRT log
~~~~~~C~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ich hab jetzt die Arbeitsschritte von gestern nochmal wiederholt. Damit müssten wir auf dem Stand von gestern sein ..

Hast du ne Ahnung oder ne Idee, wodran der System-Absturz lag?


Was soll ich als nächstes tun?

P.S.

Windows Explorer stürzt immer noch ab

P.P.S.

dieses - von Microsoft als wichtig eingestuftes Sicherheitsupdate lässt sich nach wie vor nicht installieren


Code:
ATTFilter
Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3011780)

Installationsdatum: ‎29.‎01.‎2015 19:55

Installationsstatus: Fehlgeschlagen

Fehlerdetails: Code 800B0100

Updatetyp: Wichtig

In einem Microsoft-Softwareprodukt wurde ein Sicherheitsproblem festgestellt, das Auswirkungen auf Ihr System haben könnte. Durch die Installation dieses Updates von Microsoft können Sie zum Schutz Ihres Systems beitragen. Eine vollständige Liste der Problembehebungen in diesem Update finden Sie in dem entsprechenden Microsoft Knowledge Base-Artikel. Nach der Installation dieses Updates müssen Sie das System gegebenenfalls neu starten.

Weitere Informationen: 
hxxp://support.microsoft.com/kb/3011780
         

Geändert von moona (29.01.2015 um 14:53 Uhr)

Alt 30.01.2015, 08:52   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Standard

Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam



Sichere jetzt bitte erstmal alle deine Daten extern. Dann machen wir weiter. Sieht so aus als würde da in naher Zukunft was hopps gehen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam
bericht, betriebssystem, browser, dateien, explorer, festgestellt, firefox, folge, google, internet, internet explorer, langsam, live, microsoft, microsoft essentials, mozilla, opera, ordner, pc sehr langsam, programm, programme, scan, skyhunter, suche, systemwiederherstellung, trojaner, windows



Ähnliche Themen: Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam


  1. windows 7 32bit: Fehlermeldung über fehlendes Bild sowie systemwiederherstellung obwohl keine gemacht wurde
    Log-Analyse und Auswertung - 13.05.2015 (9)
  2. Windows 7, quickstart
    Plagegeister aller Art und deren Bekämpfung - 16.01.2015 (7)
  3. win7 nach merkel virus neu gemacht - trotdem inet download sehr langsam
    Log-Analyse und Auswertung - 02.11.2014 (7)
  4. Windows 8 friert ein | Systemwiederherstellung gemacht | Logfile "unknown owner/file missing" ?
    Log-Analyse und Auswertung - 31.07.2014 (3)
  5. Windows7: TR/Injector eingefangen - Internet sehr langsam
    Log-Analyse und Auswertung - 07.06.2014 (7)
  6. UKASH-Virus eingefangen -OTL-Scan gemacht, aber nichts ändert sich
    Log-Analyse und Auswertung - 30.09.2013 (11)
  7. PC reagiert sehr langsam; Systemwiederherstellung, Defragmentierung nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (11)
  8. Sony vaio netbook 1111 WIN 7, Polizei Virus, TR/ATRAPS.Gen2 und TR/Crypt.zpack6990, Systemwiederherstellung gemacht - wieder alles o.k.?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (13)
  9. GVU Trojaner eingefangen, was nach Systemwiederherstellung machen
    Log-Analyse und Auswertung - 18.01.2013 (11)
  10. MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (42)
  11. viele Internetseiten nicht mehr erreichbar oder sehr sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (13)
  12. PC sehr langsam und Programme öffnen sich sehr langsam...
    Log-Analyse und Auswertung - 01.05.2012 (5)
  13. Trojaner eingefangen , pc sehr langsam geworden
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (4)
  14. Trojaner eingefangen , pc sehr langsam geworden
    Mülltonne - 13.04.2012 (1)
  15. Notebook sehr langsam, hab mir wohl was eingefangen
    Log-Analyse und Auswertung - 29.07.2010 (3)
  16. Prozesse doppelt, PC sehr sehr langsam, hängt sich auf, noch zu retten?
    Log-Analyse und Auswertung - 30.06.2010 (2)
  17. Hab ich einen Trojaner eingefangen? IE sehr langsam
    Log-Analyse und Auswertung - 20.03.2007 (3)

Zum Thema Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam - Hallo ihr lieben Helfer, Probleme gibt es mit meinem Rechner schon seit ca. November.. Aber zu allem Übel hatte ich mir letzte Woche auch noch Quickstart eingefangen. Spyhunter, den ich - Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam...
Archiv
Du betrachtest: Quickstart eingefangen, Systemwiederherstellung gemacht, PC sehr langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.