Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: zu hoher Datenverbrauch, Malware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.07.2015, 07:36   #1
xXxPhoenixX
 
zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Hallo,
seit ein paar Tagen habe ich Probleme mit meinem PC/Vista (32bit). Ich gehe mit einem mobilcom debitel Stick (O2) ins Internet und habe mir wohl einiges eingefangen.

Wenn ich den Stick starte, habe ich schon einen hohen Datenverbrauch, ohne irgendwas zu machen. Öffne ich dann Google Chrome Brower (habe alternativ auch Iron getestet) verbrauche ich 10x mehr als üblich. Besonders der upload ist sehr hoch und es läd weiter, obwohl ich nichts mehr mache. Gestern habe ich 4 verschiedene Anti Virus Programme geladen, bis ich einen gefunden habe, mit dem ich Malware kostenlos entfernen kann, aber das Problem wurde nicht wirklich behoben.

In einem anderen Tread habe ich gesehen, das man einen Farbar Recovery Scan machen soll und dort finde ich beängstigende links von www.007guard.com angefangen, über 100sexlinks.com bis 123haustiereundmehr.com, die ich aber nie geöffnet habe.

Was kann ich nun tun, um meinen PC zu reinigen? Da ich viele Pics gespeichert habe und mich allgemein nicht sehr gut auskenne, ist formatieren nicht so die beste Lösung.

Vielen Dank schon mal.

Alt 25.07.2015, 09:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 25.07.2015, 13:08   #3
xXxPhoenixX
 
zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Das ist der Addition-Editor (ich habe den Tex kopiert, das ist ja ganz schön viel, wusste nicht, wie ich das sonst alles einfügen sollte^^):
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Sandra\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2010-08-07 16:12 - 00415906 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04672349-6C87-4543-9E6C-29D0CCC90F34} - \GPUP No Task File <==== ATTENTION
Task: {05C028A0-C11B-4F15-B923-6B0DCD16EC40} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-2 No Task File <==== ATTENTION
Task: {06B3ECA7-D67D-4DAE-A65C-4A16AA407F52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)
Task: {127E4671-C565-43C0-A807-EDAA43B6BE0E} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-1 No Task File <==== ATTENTION
Task: {17C0D0B4-5297-416C-89B6-70D62348D1AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1D03FC86-0B87-442D-A3F6-00565DC6AD8D} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {279DCF4B-0AAA-4E8C-96A7-BC8E6FE40037} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Task: {3242C53A-87B1-4E03-A12D-E65046410206} - System32\Tasks\{BBC0DD05-563E-45DE-94E3-3D78AA7B2DA8} => C:\Program Files\Skype\Phone\Skype.exe
Task: {4599A9A7-2950-49DA-9642-DFABDDB5A0CE} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-3 No Task File <==== ATTENTION
Task: {4A8AE827-7072-4A34-8F33-77D2F9805363} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sandra => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {4C2DE83B-06EF-4D34-8F6A-CF64C36B082D} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-3 No Task File <==== ATTENTION
Task: {4FA0E1BD-A5D1-4902-910A-FF8524AE7147} - System32\Tasks\{9E9A01BD-BCCD-4B27-9326-E45F95CFF5CD} => pcalua.exe -a "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" -d C:\Users\Sandra\Desktop -c "C:\Program Files\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WVGCSFN\gameInitializer[1].rgi"
Task: {590E9503-34A9-4868-99E3-5CDAAA16A602} - System32\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {6606CB3F-EFF4-4107-A848-B7029DE6EFB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {69549D7C-CF36-47DD-A3E2-C9704D2A15C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6CA740DB-A552-42D6-8E81-453A8862BAC2} - \AmiUpdXp No Task File <==== ATTENTION
Task: {78EAAA95-67B2-48D8-B67E-2CE5B38B3E82} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-4 No Task File <==== ATTENTION
Task: {7B3DBA45-99C5-4216-B2EF-E1CCA5D108B9} - System32\Tasks\{FA5F355F-9358-4DC5-9301-C2395B9662E9} => pcalua.exe -a C:\Users\Sandra\Documents\vlc-1.0.3-win32.exe -d C:\Users\Sandra\Documents
Task: {856ED67D-DEF9-447F-82D4-B8D739621AD8} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-5 No Task File <==== ATTENTION
Task: {88A46644-2A4D-4B05-9655-D38622DCC782} - System32\Tasks\{BC4D9D0F-7DF9-421D-A196-5DF2608A37C5} => pcalua.exe -a C:\Users\Sandra\Desktop\streamripper-windows-installer-1.64.6.exe -d C:\Users\Sandra\Desktop
Task: {96BCD58D-B94D-4717-8068-89EDB44C6EA5} - System32\Tasks\{41BFFA87-B312-43F9-AE86-C48DDF479674} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9I9INF2\gamesplayerinstall.exe" -d C:\Users\Sandra\Desktop
Task: {A51642B9-2DC1-4268-9DD6-1D5F5FC1F573} - \SimpleFiles Installer Starter No Task File <==== ATTENTION
Task: {B8E12A15-CD06-4C84-9B38-0B43993598C4} - System32\Tasks\{B9615E8E-AFEA-4B25-8042-16B0D1EC9B17} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNAY72AE\IE8-Setup-Full-32[1].exe" -d C:\Users\Sandra\Desktop
Task: {C2A98972-5255-46A0-BA57-0BAA9F59F799} - System32\Tasks\{4BB544CD-66D4-419C-B209-BEEE863EAFF5} => pcalua.exe -a C:\Users\Sandra\Desktop\softonic-Deutsch.exe -d C:\Users\Sandra\Desktop <==== ATTENTION
Task: {C6B5B700-5F50-4BDF-AFE0-8FAC63AC5F50} - System32\Tasks\AFC Secure Net Task => C:\Program Files\AFC Secure Net\amjob.exe <==== ATTENTION
Task: {CF87E585-8CF9-44D9-92B1-70DF85502219} - System32\Tasks\Google Updater and Installer => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D0260882-6FD0-4214-9AA5-A85C10C79D2E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D26D54EB-ED86-4549-AA55-10AFD4BF6595} - System32\Tasks\Program Security Task => C:\Program Files\Program Security\ProgramSecurity.exe [2015-04-08] (Secure Updater)
Task: {D7CC05C7-2469-4295-A0B3-C7B55306AFB5} - System32\Tasks\{C02FE5B2-2FE4-419B-9D53-4B5CBF562CDE} => pcalua.exe -a C:\Users\Sandra\Desktop\Download\qc848deu.exe -d C:\Users\Sandra\Desktop\Download
Task: {E7C317C7-946E-43E5-A9B5-61E1572C5722} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {EEDC6659-64C5-480B-8B1C-FE772757C3D2} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-4 No Task File <==== ATTENTION
Task: {F8DA7A8C-6417-4D00-A265-E23F812C0583} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe
Task: {FADB5DAD-656F-432B-98A7-7AE8CB0CBDFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (Whitelisted) ==============

2014-09-22 08:39 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 00329872 ____N () C:\Program Files\XSManager\WTGService.exe
2014-09-22 08:39 - 2012-10-29 13:08 - 00118784 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe
2013-12-31 23:46 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-03-23 18:49 - 2010-05-13 10:41 - 00594432 _____ () C:\Program Files\congstar\Internetmanager\Bin\dbus-1.dll
2014-03-23 18:49 - 2010-05-13 10:41 - 00157696 _____ () C:\Program Files\congstar\Internetmanager\Bin\libgconf-2.dll
2014-03-23 18:49 - 2010-06-17 09:53 - 00089600 _____ () C:\Program Files\congstar\Internetmanager\Bin\itapi.dll
2014-03-23 18:49 - 2008-05-06 13:50 - 00971776 _____ () C:\Program Files\congstar\Internetmanager\Bin\libxml2.dll
2014-03-23 18:49 - 2009-03-28 09:19 - 00080688 _____ () C:\Program Files\congstar\Internetmanager\Bin\zlib1.dll
2014-03-23 18:49 - 2010-06-17 09:53 - 00054272 _____ () C:\Program Files\congstar\Internetmanager\Bin\coder.dll
2014-03-23 18:49 - 2010-06-17 09:53 - 00025088 _____ () C:\Program Files\congstar\Internetmanager\Bin\log.dll
2014-03-23 18:49 - 2010-06-17 09:53 - 00043008 _____ () C:\Program Files\congstar\Internetmanager\Bin\audio.dll
2014-03-23 18:49 - 2010-06-12 08:10 - 00034304 _____ () C:\Program Files\congstar\Internetmanager\Bin\libctlsvr.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 02091152 ____N () C:\Program Files\XSManager\XSManager.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 00018576 ____N () C:\Program Files\XSManager\WTGDebugs.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00399504 ____N () C:\Program Files\XSManager\WtgCore.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00049808 ____N () C:\Program Files\XSManager\WtgDriverInstall.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00231568 ____N () C:\Program Files\XSManager\WtgUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00186512 ____N () C:\Program Files\XSManager\WtgDetection.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00092304 ____N () C:\Program Files\XSManager\WtgPorts.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00112784 ____N () C:\Program Files\XSManager\WtgDatabase.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\WtgDialup.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00145552 ____N () C:\Program Files\XSManager\WtgBluetooth.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\4GSystems_OneClickAssistantGer.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00604304 ____N () C:\Program Files\XSManager\WTGXMLUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00202896 ____N () C:\Program Files\XSManager\WTGSMSPCClient.Dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00011920 ____N () C:\Program Files\XSManager\4GSystems_WTGSMSPCClientGer.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00018064 ____N () C:\Program Files\XSManager\WTGDriverInstallX.Dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00263312 ____N () C:\Program Files\XSManager\WtgMobileBroadband7.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00546960 ____N () C:\Program Files\XSManager\WtgNdisQmiUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\NDISDirectDial.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00028304 ____N () C:\Program Files\XSManager\LogModule.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\ToolKit.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00067728 ____N () C:\Program Files\XSManager\tinyxml.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00444560 ____N () C:\Program Files\XSManager\sqlite3.dll
2014-03-23 18:49 - 2010-05-13 10:42 - 00215552 _____ () C:\Program Files\congstar\Internetmanager\Bin\dbus-daemon.exe
2014-03-23 18:49 - 2007-09-09 17:07 - 00151552 _____ () C:\Program Files\congstar\Internetmanager\Bin\libexpat.dll
2014-03-23 18:49 - 2010-05-13 10:42 - 00043008 _____ () C:\Program Files\congstar\Internetmanager\Bin\gconfd-2.exe
2014-03-23 18:49 - 2010-05-13 10:41 - 00055808 _____ () C:\Program Files\congstar\Internetmanager\Bin\libgconfbackend-xml.dll
2014-03-23 18:49 - 2010-05-13 10:42 - 00031232 _____ () C:\Program Files\congstar\Internetmanager\Bin\db_daemon.exe
2014-03-23 18:49 - 2010-05-13 10:39 - 00341504 _____ () C:\Program Files\congstar\Internetmanager\Bin\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\Users\Sandra:zylomtest
AlternateDataStreams: C:\Users\Sandra:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-6C5V-289TUR10SVUF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CV8I}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVBF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVF7}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVM5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-9MH3-26R8QGLT2VVT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVLB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVPT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVS5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVUD}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-ONL2-28KUTKHT8DD5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-TONE-28JR2EO88NS1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VST}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVSB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-CMRU-27KCBJ656VVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVQN}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVTO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVV1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVE}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-298CPF2SOVVG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-BTPP-21HGNJ8AQVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVHE}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVLT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVI}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-28M5NPU00VV4}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVTG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVQ}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVVG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVVS}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVUK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVUV}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVVH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVQN}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVV8}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVTK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVUH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVVK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-EG1B-25KGP2UCCVUF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-S5RF-2A7U3EJND000}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVND}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VVI}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28HCA9OPAVTD}
AlternateDataStreams: C:\Users\Sandra:zylomtr{007F99P2-504Q-L9VJ-AT87-509CA1F53AR6}
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\ProgramData\TEMP:008586AE
AlternateDataStreams: C:\ProgramData\TEMP:0406003C
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:04BB186B
AlternateDataStreams: C:\ProgramData\TEMP:054F0F17
AlternateDataStreams: C:\ProgramData\TEMP:058A7351
AlternateDataStreams: C:\ProgramData\TEMP:070D9534
AlternateDataStreams: C:\ProgramData\TEMP:0C5BC70E
AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB
AlternateDataStreams: C:\ProgramData\TEMP:0E67073E
AlternateDataStreams: C:\ProgramData\TEMP:0E684AC9
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545
AlternateDataStreams: C:\ProgramData\TEMP:0F38B460
AlternateDataStreams: C:\ProgramData\TEMP:0F3F6B1E
AlternateDataStreams: C:\ProgramData\TEMP:109734F6
AlternateDataStreams: C:\ProgramData\TEMP:10D98D98
AlternateDataStreams: C:\ProgramData\TEMP:123A86B5
AlternateDataStreams: C:\ProgramData\TEMP:12D2EB9C
AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9
AlternateDataStreams: C:\ProgramData\TEMP:1316EAD4
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:17F7AEA3
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC
AlternateDataStreams: C:\ProgramData\TEMP:193CB03B
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204
AlternateDataStreams: C:\ProgramData\TEMP:1B927722
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:1F4329D4
AlternateDataStreams: C:\ProgramData\TEMP:204BEE0F
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:225CD7D5
AlternateDataStreams: C:\ProgramData\TEMP:2495D97A
AlternateDataStreams: C:\ProgramData\TEMP:25249477
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:2D78CEB3
AlternateDataStreams: C:\ProgramData\TEMP:2E45FA8F
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C
AlternateDataStreams: C:\ProgramData\TEMP:2F6462DF
AlternateDataStreams: C:\ProgramData\TEMP:2FBB2B9B
AlternateDataStreams: C:\ProgramData\TEMP:2FC7B9E4
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:32FC67BC
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:35C78DCC
AlternateDataStreams: C:\ProgramData\TEMP:35FAD15D
AlternateDataStreams: C:\ProgramData\TEMP:3651A580
AlternateDataStreams: C:\ProgramData\TEMP:36A39835
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:386B39C3
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3AD6342E
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3D186293
AlternateDataStreams: C:\ProgramData\TEMP:3D36932D
AlternateDataStreams: C:\ProgramData\TEMP:3D6B89CE
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F
AlternateDataStreams: C:\ProgramData\TEMP:405D842B
AlternateDataStreams: C:\ProgramData\TEMP:413E2927
AlternateDataStreams: C:\ProgramData\TEMP:425759C6
AlternateDataStreams: C:\ProgramData\TEMP:42A3BDD7
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0
AlternateDataStreams: C:\ProgramData\TEMP:47A24D4B
AlternateDataStreams: C:\ProgramData\TEMP:48977386
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4B1195DD
AlternateDataStreams: C:\ProgramData\TEMP:4C528C86
AlternateDataStreams: C:\ProgramData\TEMP:4E243396
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:4EF94CF3
AlternateDataStreams: C:\ProgramData\TEMP:4FE30352
AlternateDataStreams: C:\ProgramData\TEMP:4FE42FFC
AlternateDataStreams: C:\ProgramData\TEMP:50636E35
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:5197985B
AlternateDataStreams: C:\ProgramData\TEMP:5335CE76
AlternateDataStreams: C:\ProgramData\TEMP:53DF59D1
AlternateDataStreams: C:\ProgramData\TEMP:551BED5F
AlternateDataStreams: C:\ProgramData\TEMP:55E1514E
AlternateDataStreams: C:\ProgramData\TEMP:56C17A93
AlternateDataStreams: C:\ProgramData\TEMP:57176330
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C
AlternateDataStreams: C:\ProgramData\TEMP:583FE1DA
AlternateDataStreams: C:\ProgramData\TEMP:592D7272
AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C
AlternateDataStreams: C:\ProgramData\TEMP:5AE33054
AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:5F538558
AlternateDataStreams: C:\ProgramData\TEMP:5FA4CB99
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:61A065F2
AlternateDataStreams: C:\ProgramData\TEMP:61B54B15
AlternateDataStreams: C:\ProgramData\TEMP:6247E766
AlternateDataStreams: C:\ProgramData\TEMP:62525FE7
AlternateDataStreams: C:\ProgramData\TEMP:63B94956
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:663B62CA
AlternateDataStreams: C:\ProgramData\TEMP:66871744
AlternateDataStreams: C:\ProgramData\TEMP:68A56598
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20
AlternateDataStreams: C:\ProgramData\TEMP:6E11933F
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:6FD26134
AlternateDataStreams: C:\ProgramData\TEMP:6FD3C973
AlternateDataStreams: C:\ProgramData\TEMP:6FE17A89
AlternateDataStreams: C:\ProgramData\TEMP:701FCC18
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:7124B44D
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:71FA8B7F
AlternateDataStreams: C:\ProgramData\TEMP:73461BFA
AlternateDataStreams: C:\ProgramData\TEMP:737160C1
AlternateDataStreams: C:\ProgramData\TEMP:73AFBB96
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:7547DA5B
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9
AlternateDataStreams: C:\ProgramData\TEMP:7881FECE
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A3AAF2E
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB
AlternateDataStreams: C:\ProgramData\TEMP:80EA2EA3
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:8140CB50
AlternateDataStreams: C:\ProgramData\TEMP:81653DC8
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:883EDFB5
AlternateDataStreams: C:\ProgramData\TEMP:88698068
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1
AlternateDataStreams: C:\ProgramData\TEMP:8924043A
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C
AlternateDataStreams: C:\ProgramData\TEMP:8AD1F2E0
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8BA6C9F8
AlternateDataStreams: C:\ProgramData\TEMP:8BFA0030
AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14
AlternateDataStreams: C:\ProgramData\TEMP:8D5A0C4E
AlternateDataStreams: C:\ProgramData\TEMP:8FA72FF8
AlternateDataStreams: C:\ProgramData\TEMP:9026FFAC
AlternateDataStreams: C:\ProgramData\TEMP:90D89144
AlternateDataStreams: C:\ProgramData\TEMP:918B7566
AlternateDataStreams: C:\ProgramData\TEMP:91DEEE71
AlternateDataStreams: C:\ProgramData\TEMP:92A815D8
AlternateDataStreams: C:\ProgramData\TEMP:93B0BB6F
AlternateDataStreams: C:\ProgramData\TEMP:943E8182
AlternateDataStreams: C:\ProgramData\TEMP:953FDC1A
AlternateDataStreams: C:\ProgramData\TEMP:957E9765
AlternateDataStreams: C:\ProgramData\TEMP:97C4F81F
AlternateDataStreams: C:\ProgramData\TEMP:98982C88
AlternateDataStreams: C:\ProgramData\TEMP:996104FC
AlternateDataStreams: C:\ProgramData\TEMP:9A7BF72D
AlternateDataStreams: C:\ProgramData\TEMP:9AE67195
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9DB67071
AlternateDataStreams: C:\ProgramData\TEMP:9DCE3A1C
AlternateDataStreams: C:\ProgramData\TEMP:9E9A3410
AlternateDataStreams: C:\ProgramData\TEMP:9F50A55A
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A0C7D68A
AlternateDataStreams: C:\ProgramData\TEMP:A0CB43B2
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00
AlternateDataStreams: C:\ProgramData\TEMP:A296A63F
AlternateDataStreams: C:\ProgramData\TEMP:A5584049
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1
AlternateDataStreams: C:\ProgramData\TEMP:A60D0FA6
AlternateDataStreams: C:\ProgramData\TEMP:A6CDBCAC
AlternateDataStreams: C:\ProgramData\TEMP:A7B70C4E
AlternateDataStreams: C:\ProgramData\TEMP:AABCC5A7
AlternateDataStreams: C:\ProgramData\TEMP:AB82C54F
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9
AlternateDataStreams: C:\ProgramData\TEMP:AC57032B
AlternateDataStreams: C:\ProgramData\TEMP:AC73CDCE
AlternateDataStreams: C:\ProgramData\TEMP:AD727397
AlternateDataStreams: C:\ProgramData\TEMP:ADFAD95A
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B093E177
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:B4980368
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B8EA2C49
AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99
AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC
AlternateDataStreams: C:\ProgramData\TEMP:BD8C785E
AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530
AlternateDataStreams: C:\ProgramData\TEMP:BDF08FAF
AlternateDataStreams: C:\ProgramData\TEMP:BE40C8A2
AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B
AlternateDataStreams: C:\ProgramData\TEMP:C0A9D0E7
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C30487EE
AlternateDataStreams: C:\ProgramData\TEMP:C3392F75
AlternateDataStreams: C:\ProgramData\TEMP:C35B4B19
AlternateDataStreams: C:\ProgramData\TEMP:C36B1175
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:C4AB79AE
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C611D6C8
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
AlternateDataStreams: C:\ProgramData\TEMP:C7973317
AlternateDataStreams: C:\ProgramData\TEMP:C81D3839
AlternateDataStreams: C:\ProgramData\TEMP:C86B29EB
AlternateDataStreams: C:\ProgramData\TEMP:C9CDDE5E
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CA8D6B60
AlternateDataStreams: C:\ProgramData\TEMP:CA99FD89
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8
AlternateDataStreams: C:\ProgramData\TEMP:CB0EB1DE
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:CE6885F1
AlternateDataStreams: C:\ProgramData\TEMP:CF1334B0
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:CFDE7852
AlternateDataStreams: C:\ProgramData\TEMP:CFFC9DD0
AlternateDataStreams: C:\ProgramData\TEMP0D17155
AlternateDataStreams: C:\ProgramData\TEMP2397415
AlternateDataStreams: C:\ProgramData\TEMP2C57161
AlternateDataStreams: C:\ProgramData\TEMP2D4B33E
AlternateDataStreams: C:\ProgramData\TEMP354012D
AlternateDataStreams: C:\ProgramData\TEMP390A6A7
AlternateDataStreams: C:\ProgramData\TEMP3A89E47
AlternateDataStreams: C:\ProgramData\TEMP3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP453E38B
AlternateDataStreams: C:\ProgramData\TEMP46ECFD5
AlternateDataStreams: C:\ProgramData\TEMP4BB0AD6
AlternateDataStreams: C:\ProgramData\TEMP74C2847
AlternateDataStreams: C:\ProgramData\TEMP8D58038
AlternateDataStreams: C:\ProgramData\TEMP8F9D810
AlternateDataStreams: C:\ProgramData\TEMP9B1EB7E
AlternateDataStreams: C:\ProgramData\TEMPC21D414
AlternateDataStreams: C:\ProgramData\TEMPD04902E
AlternateDataStreams: C:\ProgramData\TEMPE47A3DA
AlternateDataStreams: C:\ProgramData\TEMPE9AC04F
AlternateDataStreams: C:\ProgramData\TEMPF0BC727
AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D818F7
AlternateDataStreams: C:\ProgramData\TEMP:E3B5F2D1
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E4FCDFD9
AlternateDataStreams: C:\ProgramData\TEMP:E6A96BE9
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E732B44B
AlternateDataStreams: C:\ProgramData\TEMP:E774F04D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:E7B49FBF
AlternateDataStreams: C:\ProgramData\TEMP:E7C9DAAE
AlternateDataStreams: C:\ProgramData\TEMP:E8CB831A
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:EA1919C7
AlternateDataStreams: C:\ProgramData\TEMP:EA701346
AlternateDataStreams: C:\ProgramData\TEMP:EA7D76BE
AlternateDataStreams: C:\ProgramData\TEMP:EAEE7554
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC
AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0
AlternateDataStreams: C:\ProgramData\TEMP:EDC744FB
AlternateDataStreams: C:\ProgramData\TEMP:EEED3F26
AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444
AlternateDataStreams: C:\ProgramData\TEMP:EF5B3572
AlternateDataStreams: C:\ProgramData\TEMP:F0A06891
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F3EFA8A8
AlternateDataStreams: C:\ProgramData\TEMP:F43B7E8F
AlternateDataStreams: C:\ProgramData\TEMP:F7370879
AlternateDataStreams: C:\ProgramData\TEMP:F7F6E6CB
AlternateDataStreams: C:\ProgramData\TEMP:F81E7082
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:F9E46E4C
AlternateDataStreams: C:\ProgramData\TEMP:F9EDCFB0
AlternateDataStreams: C:\ProgramData\TEMP:FAFEC4B9
AlternateDataStreams: C:\ProgramData\TEMP:FB647F34
AlternateDataStreams: C:\ProgramData\TEMP:FD000392
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FECEF728

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7358 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-891572633-1774761820-252287049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\Application Data\Pictures\Drache1.jpg
DNS Servers: 193.189.244.225 - 193.189.244.206
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{637B9502-262B-4680-8440-9F93780503AB}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4B1D55F8-D758-4657-AC3A-DE59BD432B5C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{763A9BFE-AF9D-4598-AB33-0CAC42C4329F}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{82E6866A-456B-4FA2-9255-CEA55E07F257}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{8532313D-6991-4F90-9020-D160BD8A8231}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9017EDC8-49B9-46D6-8FA3-C11EBC31FCBC}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{37EFC497-31E9-4305-80D8-8FD93559F3DF}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{9EA43957-1A2C-419E-8F50-22BF8DE39B4C}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [TCP Query User{73E83C09-C343-42F5-9C06-7F29244FF95A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{5EC8FB2D-F09E-4C5A-B679-54FADA91474C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{6F4D1074-856A-4C64-ACF8-1CD93154FD0F}] => (Allow) LPort=80
FirewallRules: [{2B5F215C-83D8-405F-B200-FA3FDBA04952}] => (Allow) LPort=80
FirewallRules: [{08C8CF5F-BCE2-42AD-A410-83781F5BCAC2}] => (Allow) LPort=80
FirewallRules: [{BDA735D0-96F0-44A4-8EA9-FC9899EE3BE7}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe
FirewallRules: [{399DF4C3-B2CC-4BB5-A184-3794FE94AF1F}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe
FirewallRules: [{4DC96EA1-4031-485D-973D-1E0610F18211}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{703AC5DC-7522-4A5E-BAB6-EBE9B22E80F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{693FFD98-9206-4546-9E8B-515167CFDED1}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [UDP Query User{2DB7ECB7-1B5A-42D4-A8C1-1637A28909B6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [TCP Query User{0ED3ABDE-419A-434E-8596-7305420D9041}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{6DCD1365-4EA1-411A-977B-99384019AD14}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{0921335B-E9C8-4FCC-94EC-E44FB6528D9A}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [UDP Query User{9F6876B9-17C8-4B97-ADAB-8ECEB11B70A6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [{94631EAF-E186-4D79-8B1C-8D1900F8E2D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{64977571-955F-4037-91F7-77A705548C8F}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe
FirewallRules: [{99A14943-855E-48FF-9794-EC516BE5D315}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe
FirewallRules: [{A631F5FE-0753-4E43-98C5-953A91EAE2F4}] => (Allow) C:\Program Files\Bench\Proxy\proc.exe
FirewallRules: [{666CE59E-EEF3-49BB-AF43-8645562FA2DE}] => (Allow) C:\Program Files\Bench\Proxy\pwdg.exe
FirewallRules: [{827C6E82-CF2B-4BAE-ADF2-D78AC6A4761A}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe
FirewallRules: [{0B8A5018-DC8F-41A9-AC1F-E6FEDFC84BCA}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe
FirewallRules: [{79F79E0B-50B1-4617-9B45-36391DF95D42}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{2C11D001-28E2-4BD0-9E9F-9F6F7AF546F7}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{B0040FE3-CDCC-4F29-B004-87F4A6574B76}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{CC29AF40-6ED8-4CE4-B529-003AEC14CED2}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{956D70E1-9AA4-49B3-9947-EA8F2091C006}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{E189E505-C50E-465C-BEC6-C6B777FFB910}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{F4A3DCDE-5A33-4E9D-8E66-AA41066E6DC3}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{F9F0F3DE-5AE4-45F1-8A61-30484AAEC5A6}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{BE2E9025-8DB8-430E-BD83-F989B5EF45D1}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{00EDA72F-48BB-431A-8289-56EEE99128CF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)

Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)


System errors:
=============

Microsoft Office:
=========================
Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL

Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL

Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL

Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL

Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL

Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL

Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL

Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL

Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL

Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog


Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL


CodeIntegrity Errors:
===================================
Date: 2015-07-24 21:23:39.648
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 20:05:19.745
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 20:05:19.355
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 20:05:18.981
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 20:05:18.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 20:05:18.216
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 20:05:17.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 19:56:03.404
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 19:53:35.170
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-07-24 11:15:10.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\iS3\STOPzilla AntiVirus\Drivers\i386\w2k\SBTIS.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
Percentage of memory in use: 54%
Total physical RAM: 2046.45 MB
Available physical RAM: 932.38 MB
Total Virtual: 4341.89 MB
Available Virtual: 2717.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:124.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:117.19 GB) (Free:106.48 GB) NTFS
Drive e: () (Fixed) (Total:153.26 GB) (Free:147.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B74FD3AC)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.3 GB) - (Type=07 NTFS)

==================== End of log =========================


und hier der FRST Editor :
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Sandra (administrator) on HOUSEFRAU on 25-07-2015 08:15:01
Running from C:\Users\Sandra\Downloads
Loaded Profiles: Sandra (Available Profiles: Sandra & Dean & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Program Files\XSManager\WTGService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ZTE) C:\Program Files\congstar\Internetmanager\Bin\mcserver.exe
(Skillbrains) C:\Program Files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
() C:\Program Files\XSManager\XSManager.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\congstar\Internetmanager\Bin\dbus-daemon.exe
() C:\Program Files\congstar\Internetmanager\Bin\gconfd-2.exe
() C:\Program Files\congstar\Internetmanager\Bin\db_daemon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-04] (Realtek Semiconductor)
HKLM\...\Run: [NBKeyScan] => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Sparhandy_Germany Silverstone ModemListener] => C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe [118784 2012-10-29] ()
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Run: [LightShot] => C:\Users\Sandra\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Run: [Amazon Cloud Player] => C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-06-15]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-891572633-1774761820-252287049-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51105;https=127.0.0.1:51105
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> {19B9443B-07B6-4098-8DB6-06A520A70696} URL = https://www.google.com/search?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} -  No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.de/s/v/66.35/uploader2.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} hxxp://gamescenter.sat1.de/online2/insaniquarium/oberongamesloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 17 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 28 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{50B1677B-DE90-423A-9282-8B2F88497843}: [DhcpNameServer] 193.189.244.225 193.189.244.206

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-03-15] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2009-07-06] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-891572633-1774761820-252287049-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sandra\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-891572633-1774761820-252287049-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\user.js [2015-07-24]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-04-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-07-08]
FF Extension: No Name - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-20]
FF Extension: No Name - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\e20dc619-d8c4-48f1-ae07-641cefb43165@3c4d943f-ad97-4f6e-aa94-d9671175a3d0.com [2014-04-20]
FF Extension: Search Assistant - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2012-05-18]
FF Extension: RefControl - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2011-09-13]
FF Extension: Greasemonkey - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-06-15]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b [2014-11-24]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\d87a1bbc5dfe9f400228128419b2512b [2014-12-12]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\{BB99E7E76B75CD90888179CD3AC88C56} [2014-11-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-13]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\congstar\Internetmanager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\congstar\Internetmanager\Bin\addon [2014-03-23]

Chrome: 
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-16]
CHR Extension: (Google Search) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-16]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 Sparhandy_Germany Silverstone Modem Device Helper; C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329872 2013-04-15] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2009-05-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-21] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13184 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 CAM1210; C:\Windows\System32\Drivers\cam1210.sys [94080 2007-08-30] (USB video camera) [File not signed]
R3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [120320 2015-07-24] (Wireless Data Device)
R3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [107520 2015-07-24] (Wireless Device)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-05-02] ()
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
S3 MobileBroadbandDCser; C:\Windows\System32\DRIVERS\MobileBroadbandDCser.sys [108032 2015-07-24] (MobileBroadband.)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [121472 2005-04-11] (Mars Semiconductor Corp.)
S3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-05-02] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
U3 adishbb7; C:\Windows\system32\Drivers\adishbb7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Sandra\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap; system32\DRIVERS\LVcKap.sys [X]
S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [X]
S3 LVPr2Mon; system32\DRIVERS\LVPr2Mon.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2093-10-30 09:56 - 2093-10-30 09:56 - 00004034 _____ C:\Windows\system32\jupdate-1.6.0_22-b04.log
2015-07-25 08:15 - 2015-07-25 08:15 - 00022444 _____ C:\Users\Sandra\Downloads\FRST.txt
2015-07-25 08:14 - 2015-07-25 08:15 - 00000000 ____D C:\FRST
2015-07-25 08:13 - 2015-07-25 08:14 - 01638912 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2015-07-24 23:06 - 2015-07-24 23:06 - 00000000 ____D C:\Users\Sandra\AppData\Local\FullTiltPoker.eu
2015-07-24 19:52 - 2015-07-24 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-24 19:48 - 2015-07-24 19:51 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sandra\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-24 19:36 - 2015-07-24 19:38 - 24706984 _____ (ReviverSoft LLC) C:\Users\Sandra\Downloads\PCReviverSetup.exe
2015-07-24 17:59 - 2015-07-24 17:59 - 00001923 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 17:59 - 2015-07-24 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-24 17:57 - 2015-07-25 08:02 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 17:57 - 2015-07-25 07:52 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 17:56 - 2015-07-24 17:56 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (4).exe
2015-07-24 17:36 - 2015-07-24 17:37 - 00000000 ____D C:\Users\Dean\AppData\Roaming\XSManager
2015-07-24 16:27 - 2015-07-24 18:26 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\ReviverSoft
2015-07-24 16:27 - 2015-07-24 16:56 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\SECRV
2015-07-24 16:25 - 2015-07-24 16:25 - 04602104 _____ (ReviverSoft ) C:\Users\Sandra\Downloads\SecurityReviverSetup_ppc.exe
2015-07-24 16:20 - 2015-07-24 16:20 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (3).exe
2015-07-24 16:17 - 2015-07-24 16:17 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (2).exe
2015-07-24 13:17 - 2015-07-24 13:20 - 49026264 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\Windows-KB890830-V5.26 (1).exe
2015-07-24 11:55 - 2015-07-24 11:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Sandra\Downloads\SpyHunter-Installer (1).exe
2015-07-22 04:32 - 2015-07-22 04:32 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (1).exe
2015-07-21 13:00 - 2015-07-14 18:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 13:00 - 2015-07-14 16:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 12:40 - 2015-07-21 12:40 - 00000000 ____D C:\ProgramData\VIPRE
2015-07-21 12:40 - 2015-07-21 12:40 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-21 12:11 - 2015-07-24 11:14 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-07-21 12:11 - 2015-07-21 12:11 - 00000000 ____D C:\Program Files\iS3
2015-07-21 12:06 - 2015-07-21 12:07 - 02042328 _____ (iS3, Inc.) C:\Users\Sandra\Downloads\STOPzillaPRO_Downloader.exe
2015-07-15 13:05 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 13:04 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:04 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:04 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:03 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 13:02 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 13:01 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 13:01 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 13:01 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 13:01 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 13:01 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 13:01 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 13:01 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 13:01 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:11 - 2015-07-03 07:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:11 - 2015-07-03 07:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:11 - 2015-06-17 03:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:11 - 2015-06-17 03:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:11 - 2015-06-17 03:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:11 - 2015-06-17 03:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:11 - 2015-06-17 03:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:11 - 2015-06-17 03:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:11 - 2015-06-17 03:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:11 - 2015-06-17 03:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:11 - 2015-06-17 03:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 11:11 - 2015-06-17 03:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-14 20:40 - 2015-07-14 20:43 - 49026264 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\Windows-KB890830-V5.26.exe
2015-07-14 20:09 - 2015-07-14 20:09 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Sandra\Downloads\SpyHunter-Installer.exe
2015-07-12 21:57 - 2015-07-12 22:14 - 00000165 _____ C:\Windows\Reimage.ini
2015-07-12 21:56 - 2015-07-12 21:57 - 00772016 _____ (Reimage®) C:\Users\Sandra\Downloads\ReimageRepair.exe
2015-07-09 14:42 - 2015-07-24 22:11 - 00000000 ____D C:\Program Files\AFC Secure Net

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 08:06 - 2011-08-10 13:44 - 01692522 _____ C:\Windows\WindowsUpdate.log
2015-07-25 07:52 - 2013-12-31 21:30 - 00311332 _____ C:\Windows\PFRO.log
2015-07-25 07:52 - 2013-05-24 20:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-25 07:52 - 2009-04-12 16:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-25 07:52 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 07:52 - 2006-11-02 14:47 - 00004128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 07:52 - 2006-11-02 14:47 - 00004128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-24 23:26 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-24 23:18 - 2013-03-28 12:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-24 23:06 - 2014-02-20 20:13 - 00000000 ____D C:\Users\Sandra\AppData\Local\cache
2015-07-24 23:02 - 2006-11-02 12:33 - 00264390 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-24 22:59 - 2011-09-03 10:57 - 00000378 _____ C:\Windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job
2015-07-24 20:14 - 2015-02-14 18:34 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Angry_Birds
2015-07-24 20:14 - 2014-11-24 21:03 - 00000000 ____D C:\Program Files\Jelbrus Secure Web
2015-07-24 20:14 - 2014-08-30 18:38 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\GetPrivate
2015-07-24 20:14 - 2014-08-30 18:38 - 00000000 ____D C:\Program Files\GetPrivate
2015-07-24 20:14 - 2014-04-20 02:31 - 00000000 ____D C:\Program Files\MediaPlayerplus
2015-07-24 19:32 - 2011-09-03 10:56 - 00000378 _____ C:\Windows\Tasks\update-sys.job
2015-07-24 18:38 - 2014-08-31 18:38 - 00070144 _____ C:\Windows\system32\tasks.dll
2015-07-24 17:58 - 2010-08-12 15:30 - 00000000 ____D C:\Program Files\Google
2015-07-24 17:38 - 2011-03-03 15:30 - 00000680 __RSH C:\Users\Sandra\ntuser.pol
2015-07-24 17:38 - 2008-12-17 00:16 - 00000000 ____D C:\Users\Sandra
2015-07-24 17:35 - 2014-09-09 10:03 - 00134144 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCWwan.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00120320 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00108032 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCser.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00107520 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00103424 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00101056 _____ C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-07-24 17:35 - 2014-09-09 10:03 - 00092456 _____ C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-07-24 17:35 - 2014-09-09 10:03 - 00079036 _____ C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-07-24 17:35 - 2014-09-09 10:03 - 00052128 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00019968 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\MobileBroadbandDCUsb.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00001678 _____ C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-07-24 17:35 - 2014-09-09 10:03 - 00001672 _____ C:\Users\Public\Desktop\XSManager.lnk
2015-07-24 17:35 - 2014-09-09 10:03 - 00000040 _____ C:\Windows\system32\Drivers\smsbda.cfg
2015-07-24 17:35 - 2014-09-09 10:03 - 00000000 ____D C:\Program Files\XSManager
2015-07-24 17:32 - 2011-03-03 16:13 - 00001326 __RSH C:\Users\Dean\ntuser.pol
2015-07-24 17:32 - 2011-03-03 16:13 - 00000000 ____D C:\Users\Dean
2015-07-24 17:30 - 2011-03-03 16:13 - 00054552 _____ C:\Users\Dean\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-22 04:10 - 2010-08-12 15:30 - 00000000 ____D C:\Users\Sandra\AppData\Local\Google
2015-07-22 04:10 - 2009-04-19 10:38 - 00000000 ____D C:\ProgramData\Google
2015-07-21 13:29 - 2006-11-02 14:47 - 00252864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 13:20 - 2015-04-10 22:44 - 00000319 _____ C:\Users\Sandra\Downloads\QuickTime Player 7 76 80 95 Downloader.zip
2015-07-21 13:20 - 2015-02-21 21:55 - 00000943 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract) (3).zip
2015-07-21 13:20 - 2015-02-17 11:24 - 00000945 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract) (2).zip
2015-07-21 13:20 - 2015-02-17 11:23 - 00000945 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract) (1).zip
2015-07-21 13:20 - 2015-02-17 11:20 - 00000945 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract).zip
2015-07-18 09:08 - 2012-10-25 14:00 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-14 21:21 - 2013-03-28 12:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 21:21 - 2013-03-28 12:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-09 17:47 - 2015-03-03 15:34 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\ActivePresenter
2015-07-09 17:36 - 2015-05-26 16:18 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\UseNeXT
2015-07-03 08:49 - 2006-11-02 12:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-30 23:20 - 2015-05-26 16:18 - 00000000 ____D C:\Users\Sandra\Documents\UseNeXT
2015-06-28 20:30 - 2014-09-09 10:03 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\XSManager
2015-06-28 20:03 - 2014-01-03 02:25 - 00027752 _____ C:\Windows\setupact.log
2015-06-27 18:46 - 2015-05-21 16:37 - 00001849 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-06-27 18:46 - 2013-08-06 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== Files in the root of some directories =======

2010-07-20 10:55 - 2002-07-26 17:02 - 0153088 ____N () C:\Program Files\UNWISE.EXE
2015-03-28 19:40 - 2015-03-28 19:40 - 0009662 _____ () C:\Users\Sandra\AppData\Roaming\em_64x64.ico
2009-09-23 21:45 - 2009-09-23 21:45 - 0000760 _____ () C:\Users\Sandra\AppData\Roaming\setup_ldm.iss
2009-12-01 01:12 - 2011-05-01 17:21 - 0022646 _____ () C:\Users\Sandra\AppData\Roaming\UserTile.png
2010-07-28 22:04 - 2013-03-04 09:41 - 0000680 _____ () C:\Users\Sandra\AppData\Local\d3d9caps.dat
2010-07-21 18:50 - 2015-02-24 10:16 - 0123904 _____ () C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-25 12:47 - 2010-07-25 12:47 - 0000848 _____ () C:\Users\Sandra\AppData\Local\recently-used.xbel
2010-12-02 21:25 - 2010-12-02 22:22 - 0012670 _____ () C:\Users\Sandra\AppData\Local\slot1.mm1
2011-09-03 10:56 - 2011-09-03 10:56 - 0000003 _____ () C:\Users\Sandra\AppData\Local\updater.log
2011-09-03 10:57 - 2015-04-23 22:07 - 0001577 _____ () C:\Users\Sandra\AppData\Local\UserProducts.xml
2011-03-17 17:47 - 2011-03-17 17:49 - 0019456 _____ () C:\Users\Sandra\AppData\Local\WebpageIcons.db

Some files in TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\AskSLib.dll
C:\Users\Dean\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\1irehevd.zyc.exe
C:\Users\Sandra\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54552D102.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54566C8F1.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54666C8C1.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd5468E1911.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd546A33101.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547380CB2.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547380D44.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547D74022.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547D745A4.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54A192121.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Sandra\AppData\Local\Temp\post2.dll
C:\Users\Sandra\AppData\Local\Temp\post2.exe
C:\Users\Sandra\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Sandra\AppData\Local\Temp\sqlite3.exe
C:\Users\Sandra\AppData\Local\Temp\UNT15E9.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\UNT15FE.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\UNT160F.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\UNT1610.tmp.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-25 07:58

==================== End of log ============================
         
--- --- ---
__________________

Alt 26.07.2015, 12:53   #4
schrauber
/// the machine
/// TB-Ausbilder
 

zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Addition.txt bitte nochmal, da fehlt die Hälfte
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2015, 13:39   #5
xXxPhoenixX
 
zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 26-07-2015
durchgeführt von Sandra an 2015-07-27 14:35:23
Gestartet von c:\Users\Sandra\Downloads
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-891572633-1774761820-252287049-500 - Administrator - Disabled)
Dean (S-1-5-21-891572633-1774761820-252287049-1001 - Limited - Enabled) => C:\Users\Dean
Gast (S-1-5-21-891572633-1774761820-252287049-501 - Limited - Disabled)
Sandra (S-1-5-21-891572633-1774761820-252287049-1000 - Administrator - Enabled) => C:\Users\Sandra
UpdatusUser (S-1-5-21-891572633-1774761820-252287049-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Ask Toolbar Updater (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ATTENTION
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Chrome (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\Google Chrome) (Version: 23.0.1271.64 - Google Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lightshot-5.2.1.1 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Paradise Beach Deluxe (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\Paradise Beach Deluxe) (Version: 1.0.0 - Zylom Games)
PDF Reader (HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\PDF Reader) (Version:  - )
PDF Reader (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\PDF Reader) (Version:  - )
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 2.80 - Philipp Winterberg)
Sparhandy Modem (HKLM\...\Sparhandy_Germany Silverstone HSPA USB MODEM_is1) (Version:  - Sparhandy_Germany)
Unity Web Player (HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
XSManager (HKLM\...\XSManager) (Version: 3.2 - XSManager)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Sandra\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.3\psuser.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.5\psuser.dll Keine Datei

==================== Wiederherstellungspunkte =========================

ATTENTION: Systemwiederherstellung ist deaktiviert

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2006-11-02 12:23 - 2010-08-07 16:12 - 00415906 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

Da befinden sich 1000 zusätzliche Einträge.


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {04672349-6C87-4543-9E6C-29D0CCC90F34} - \GPUP No Task File <==== ATTENTION
Task: {05C028A0-C11B-4F15-B923-6B0DCD16EC40} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-2 No Task File <==== ATTENTION
Task: {06B3ECA7-D67D-4DAE-A65C-4A16AA407F52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)
Task: {127E4671-C565-43C0-A807-EDAA43B6BE0E} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-1 No Task File <==== ATTENTION
Task: {17C0D0B4-5297-416C-89B6-70D62348D1AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1D03FC86-0B87-442D-A3F6-00565DC6AD8D} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {279DCF4B-0AAA-4E8C-96A7-BC8E6FE40037} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Task: {3242C53A-87B1-4E03-A12D-E65046410206} - System32\Tasks\{BBC0DD05-563E-45DE-94E3-3D78AA7B2DA8} => C:\Program Files\Skype\Phone\Skype.exe
Task: {4599A9A7-2950-49DA-9642-DFABDDB5A0CE} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-3 No Task File <==== ATTENTION
Task: {4A8AE827-7072-4A34-8F33-77D2F9805363} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sandra => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {4C2DE83B-06EF-4D34-8F6A-CF64C36B082D} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-3 No Task File <==== ATTENTION
Task: {4FA0E1BD-A5D1-4902-910A-FF8524AE7147} - System32\Tasks\{9E9A01BD-BCCD-4B27-9326-E45F95CFF5CD} => pcalua.exe -a "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" -d C:\Users\Sandra\Desktop -c "C:\Program Files\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WVGCSFN\gameInitializer[1].rgi"
Task: {590E9503-34A9-4868-99E3-5CDAAA16A602} - System32\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {6606CB3F-EFF4-4107-A848-B7029DE6EFB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {69549D7C-CF36-47DD-A3E2-C9704D2A15C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6CA740DB-A552-42D6-8E81-453A8862BAC2} - \AmiUpdXp No Task File <==== ATTENTION
Task: {78EAAA95-67B2-48D8-B67E-2CE5B38B3E82} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-4 No Task File <==== ATTENTION
Task: {7B3DBA45-99C5-4216-B2EF-E1CCA5D108B9} - System32\Tasks\{FA5F355F-9358-4DC5-9301-C2395B9662E9} => pcalua.exe -a C:\Users\Sandra\Documents\vlc-1.0.3-win32.exe -d C:\Users\Sandra\Documents
Task: {856ED67D-DEF9-447F-82D4-B8D739621AD8} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-5 No Task File <==== ATTENTION
Task: {88A46644-2A4D-4B05-9655-D38622DCC782} - System32\Tasks\{BC4D9D0F-7DF9-421D-A196-5DF2608A37C5} => pcalua.exe -a C:\Users\Sandra\Desktop\streamripper-windows-installer-1.64.6.exe -d C:\Users\Sandra\Desktop
Task: {96BCD58D-B94D-4717-8068-89EDB44C6EA5} - System32\Tasks\{41BFFA87-B312-43F9-AE86-C48DDF479674} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9I9INF2\gamesplayerinstall.exe" -d C:\Users\Sandra\Desktop
Task: {A51642B9-2DC1-4268-9DD6-1D5F5FC1F573} - \SimpleFiles Installer Starter No Task File <==== ATTENTION
Task: {B8E12A15-CD06-4C84-9B38-0B43993598C4} - System32\Tasks\{B9615E8E-AFEA-4B25-8042-16B0D1EC9B17} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNAY72AE\IE8-Setup-Full-32[1].exe" -d C:\Users\Sandra\Desktop
Task: {C2A98972-5255-46A0-BA57-0BAA9F59F799} - System32\Tasks\{4BB544CD-66D4-419C-B209-BEEE863EAFF5} => pcalua.exe -a C:\Users\Sandra\Desktop\softonic-Deutsch.exe -d C:\Users\Sandra\Desktop <==== ATTENTION
Task: {C6B5B700-5F50-4BDF-AFE0-8FAC63AC5F50} - System32\Tasks\AFC Secure Net Task => C:\Program Files\AFC Secure Net\amjob.exe <==== ATTENTION
Task: {CF87E585-8CF9-44D9-92B1-70DF85502219} - System32\Tasks\Google Updater and Installer => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D0260882-6FD0-4214-9AA5-A85C10C79D2E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D26D54EB-ED86-4549-AA55-10AFD4BF6595} - System32\Tasks\Program Security Task => C:\Program Files\Program Security\ProgramSecurity.exe [2015-04-08] (Secure Updater)
Task: {D7CC05C7-2469-4295-A0B3-C7B55306AFB5} - System32\Tasks\{C02FE5B2-2FE4-419B-9D53-4B5CBF562CDE} => pcalua.exe -a C:\Users\Sandra\Desktop\Download\qc848deu.exe -d C:\Users\Sandra\Desktop\Download
Task: {E7C317C7-946E-43E5-A9B5-61E1572C5722} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {EEDC6659-64C5-480B-8B1C-FE772757C3D2} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-4 No Task File <==== ATTENTION
Task: {F8DA7A8C-6417-4D00-A265-E23F812C0583} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe
Task: {FADB5DAD-656F-432B-98A7-7AE8CB0CBDFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-09-22 08:39 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 00329872 ____N () C:\Program Files\XSManager\WTGService.exe
2014-09-22 08:39 - 2012-10-29 13:08 - 00118784 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe
2013-12-31 23:46 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 02091152 ____N () C:\Program Files\XSManager\XSManager.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 00018576 ____N () C:\Program Files\XSManager\WTGDebugs.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00399504 ____N () C:\Program Files\XSManager\WtgCore.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00049808 ____N () C:\Program Files\XSManager\WtgDriverInstall.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00231568 ____N () C:\Program Files\XSManager\WtgUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00186512 ____N () C:\Program Files\XSManager\WtgDetection.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00092304 ____N () C:\Program Files\XSManager\WtgPorts.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00112784 ____N () C:\Program Files\XSManager\WtgDatabase.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\WtgDialup.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00145552 ____N () C:\Program Files\XSManager\WtgBluetooth.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\4GSystems_OneClickAssistantGer.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00604304 ____N () C:\Program Files\XSManager\WTGXMLUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00202896 ____N () C:\Program Files\XSManager\WTGSMSPCClient.Dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00011920 ____N () C:\Program Files\XSManager\4GSystems_WTGSMSPCClientGer.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00018064 ____N () C:\Program Files\XSManager\WTGDriverInstallX.Dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00263312 ____N () C:\Program Files\XSManager\WtgMobileBroadband7.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00546960 ____N () C:\Program Files\XSManager\WtgNdisQmiUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\NDISDirectDial.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00028304 ____N () C:\Program Files\XSManager\LogModule.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\ToolKit.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00067728 ____N () C:\Program Files\XSManager\tinyxml.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00444560 ____N () C:\Program Files\XSManager\sqlite3.dll
2014-04-11 09:38 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-11 09:38 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\Users\Sandra:zylomtest
AlternateDataStreams: C:\Users\Sandra:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-6C5V-289TUR10SVUF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CV8I}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVBF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVF7}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVM5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-9MH3-26R8QGLT2VVT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVLB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVPT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVS5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVUD}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-ONL2-28KUTKHT8DD5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-TONE-28JR2EO88NS1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VST}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVSB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-CMRU-27KCBJ656VVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVQN}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVTO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVV1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVE}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-298CPF2SOVVG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-BTPP-21HGNJ8AQVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVHE}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVLT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVI}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-28M5NPU00VV4}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVTG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVQ}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVVG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVVS}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVUK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVUV}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVVH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVQN}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVV8}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVTK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVUH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVVK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-EG1B-25KGP2UCCVUF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-S5RF-2A7U3EJND000}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVND}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VVI}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28HCA9OPAVTD}
AlternateDataStreams: C:\Users\Sandra:zylomtr{007F99P2-504Q-L9VJ-AT87-509CA1F53AR6}
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\ProgramData\TEMP:008586AE
AlternateDataStreams: C:\ProgramData\TEMP:0406003C
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:04BB186B
AlternateDataStreams: C:\ProgramData\TEMP:054F0F17
AlternateDataStreams: C:\ProgramData\TEMP:058A7351
AlternateDataStreams: C:\ProgramData\TEMP:070D9534
AlternateDataStreams: C:\ProgramData\TEMP:0C5BC70E
AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB
AlternateDataStreams: C:\ProgramData\TEMP:0E67073E
AlternateDataStreams: C:\ProgramData\TEMP:0E684AC9
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545
AlternateDataStreams: C:\ProgramData\TEMP:0F38B460
AlternateDataStreams: C:\ProgramData\TEMP:0F3F6B1E
AlternateDataStreams: C:\ProgramData\TEMP:109734F6
AlternateDataStreams: C:\ProgramData\TEMP:10D98D98
AlternateDataStreams: C:\ProgramData\TEMP:123A86B5
AlternateDataStreams: C:\ProgramData\TEMP:12D2EB9C
AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9
AlternateDataStreams: C:\ProgramData\TEMP:1316EAD4
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:17F7AEA3
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC
AlternateDataStreams: C:\ProgramData\TEMP:193CB03B
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204
AlternateDataStreams: C:\ProgramData\TEMP:1B927722
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:1F4329D4
AlternateDataStreams: C:\ProgramData\TEMP:204BEE0F
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:225CD7D5
AlternateDataStreams: C:\ProgramData\TEMP:2495D97A
AlternateDataStreams: C:\ProgramData\TEMP:25249477
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:2D78CEB3
AlternateDataStreams: C:\ProgramData\TEMP:2E45FA8F
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C
AlternateDataStreams: C:\ProgramData\TEMP:2F6462DF
AlternateDataStreams: C:\ProgramData\TEMP:2FBB2B9B
AlternateDataStreams: C:\ProgramData\TEMP:2FC7B9E4
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:32FC67BC
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:35C78DCC
AlternateDataStreams: C:\ProgramData\TEMP:35FAD15D
AlternateDataStreams: C:\ProgramData\TEMP:3651A580
AlternateDataStreams: C:\ProgramData\TEMP:36A39835
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:386B39C3
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3AD6342E
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3D186293
AlternateDataStreams: C:\ProgramData\TEMP:3D36932D
AlternateDataStreams: C:\ProgramData\TEMP:3D6B89CE
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F
AlternateDataStreams: C:\ProgramData\TEMP:405D842B
AlternateDataStreams: C:\ProgramData\TEMP:413E2927
AlternateDataStreams: C:\ProgramData\TEMP:425759C6
AlternateDataStreams: C:\ProgramData\TEMP:42A3BDD7
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0
AlternateDataStreams: C:\ProgramData\TEMP:47A24D4B
AlternateDataStreams: C:\ProgramData\TEMP:48977386
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4B1195DD
AlternateDataStreams: C:\ProgramData\TEMP:4C528C86
AlternateDataStreams: C:\ProgramData\TEMP:4E243396
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:4EF94CF3
AlternateDataStreams: C:\ProgramData\TEMP:4FE30352
AlternateDataStreams: C:\ProgramData\TEMP:4FE42FFC
AlternateDataStreams: C:\ProgramData\TEMP:50636E35
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:5197985B
AlternateDataStreams: C:\ProgramData\TEMP:5335CE76
AlternateDataStreams: C:\ProgramData\TEMP:53DF59D1
AlternateDataStreams: C:\ProgramData\TEMP:551BED5F
AlternateDataStreams: C:\ProgramData\TEMP:55E1514E
AlternateDataStreams: C:\ProgramData\TEMP:56C17A93
AlternateDataStreams: C:\ProgramData\TEMP:57176330
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C
AlternateDataStreams: C:\ProgramData\TEMP:583FE1DA
AlternateDataStreams: C:\ProgramData\TEMP:592D7272
AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C
AlternateDataStreams: C:\ProgramData\TEMP:5AE33054
AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:5F538558
AlternateDataStreams: C:\ProgramData\TEMP:5FA4CB99
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:61A065F2
AlternateDataStreams: C:\ProgramData\TEMP:61B54B15
AlternateDataStreams: C:\ProgramData\TEMP:6247E766
AlternateDataStreams: C:\ProgramData\TEMP:62525FE7
AlternateDataStreams: C:\ProgramData\TEMP:63B94956
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:663B62CA
AlternateDataStreams: C:\ProgramData\TEMP:66871744
AlternateDataStreams: C:\ProgramData\TEMP:68A56598
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20
AlternateDataStreams: C:\ProgramData\TEMP:6E11933F
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:6FD26134
AlternateDataStreams: C:\ProgramData\TEMP:6FD3C973
AlternateDataStreams: C:\ProgramData\TEMP:6FE17A89
AlternateDataStreams: C:\ProgramData\TEMP:701FCC18
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:7124B44D
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:71FA8B7F
AlternateDataStreams: C:\ProgramData\TEMP:73461BFA
AlternateDataStreams: C:\ProgramData\TEMP:737160C1
AlternateDataStreams: C:\ProgramData\TEMP:73AFBB96
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:7547DA5B
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9
AlternateDataStreams: C:\ProgramData\TEMP:7881FECE
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A3AAF2E
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB
AlternateDataStreams: C:\ProgramData\TEMP:80EA2EA3
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:8140CB50
AlternateDataStreams: C:\ProgramData\TEMP:81653DC8
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:883EDFB5
AlternateDataStreams: C:\ProgramData\TEMP:88698068
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1
AlternateDataStreams: C:\ProgramData\TEMP:8924043A
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C
AlternateDataStreams: C:\ProgramData\TEMP:8AD1F2E0
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8BA6C9F8
AlternateDataStreams: C:\ProgramData\TEMP:8BFA0030
AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14
AlternateDataStreams: C:\ProgramData\TEMP:8D5A0C4E
AlternateDataStreams: C:\ProgramData\TEMP:8FA72FF8
AlternateDataStreams: C:\ProgramData\TEMP:9026FFAC
AlternateDataStreams: C:\ProgramData\TEMP:90D89144
AlternateDataStreams: C:\ProgramData\TEMP:918B7566
AlternateDataStreams: C:\ProgramData\TEMP:91DEEE71
AlternateDataStreams: C:\ProgramData\TEMP:92A815D8
AlternateDataStreams: C:\ProgramData\TEMP:93B0BB6F
AlternateDataStreams: C:\ProgramData\TEMP:943E8182
AlternateDataStreams: C:\ProgramData\TEMP:953FDC1A
AlternateDataStreams: C:\ProgramData\TEMP:957E9765
AlternateDataStreams: C:\ProgramData\TEMP:97C4F81F
AlternateDataStreams: C:\ProgramData\TEMP:98982C88
AlternateDataStreams: C:\ProgramData\TEMP:996104FC
AlternateDataStreams: C:\ProgramData\TEMP:9A7BF72D
AlternateDataStreams: C:\ProgramData\TEMP:9AE67195
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9DB67071
AlternateDataStreams: C:\ProgramData\TEMP:9DCE3A1C
AlternateDataStreams: C:\ProgramData\TEMP:9E9A3410
AlternateDataStreams: C:\ProgramData\TEMP:9F50A55A
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A0C7D68A
AlternateDataStreams: C:\ProgramData\TEMP:A0CB43B2
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00
AlternateDataStreams: C:\ProgramData\TEMP:A296A63F
AlternateDataStreams: C:\ProgramData\TEMP:A5584049
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1
AlternateDataStreams: C:\ProgramData\TEMP:A60D0FA6
AlternateDataStreams: C:\ProgramData\TEMP:A6CDBCAC
AlternateDataStreams: C:\ProgramData\TEMP:A7B70C4E
AlternateDataStreams: C:\ProgramData\TEMP:AABCC5A7
AlternateDataStreams: C:\ProgramData\TEMP:AB82C54F
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9
AlternateDataStreams: C:\ProgramData\TEMP:AC57032B
AlternateDataStreams: C:\ProgramData\TEMP:AC73CDCE
AlternateDataStreams: C:\ProgramData\TEMP:AD727397
AlternateDataStreams: C:\ProgramData\TEMP:ADFAD95A
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B093E177
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:B4980368
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B8EA2C49
AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99
AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC
AlternateDataStreams: C:\ProgramData\TEMP:BD8C785E
AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530
AlternateDataStreams: C:\ProgramData\TEMP:BDF08FAF
AlternateDataStreams: C:\ProgramData\TEMP:BE40C8A2
AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B
AlternateDataStreams: C:\ProgramData\TEMP:C0A9D0E7
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C30487EE
AlternateDataStreams: C:\ProgramData\TEMP:C3392F75
AlternateDataStreams: C:\ProgramData\TEMP:C35B4B19
AlternateDataStreams: C:\ProgramData\TEMP:C36B1175
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:C4AB79AE
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C611D6C8
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
AlternateDataStreams: C:\ProgramData\TEMP:C7973317
AlternateDataStreams: C:\ProgramData\TEMP:C81D3839
AlternateDataStreams: C:\ProgramData\TEMP:C86B29EB
AlternateDataStreams: C:\ProgramData\TEMP:C9CDDE5E
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CA8D6B60
AlternateDataStreams: C:\ProgramData\TEMP:CA99FD89
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8
AlternateDataStreams: C:\ProgramData\TEMP:CB0EB1DE
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:CE6885F1
AlternateDataStreams: C:\ProgramData\TEMP:CF1334B0
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:CFDE7852
AlternateDataStreams: C:\ProgramData\TEMP:CFFC9DD0
AlternateDataStreams: C:\ProgramData\TEMP:D0D17155
AlternateDataStreams: C:\ProgramData\TEMP:D2397415
AlternateDataStreams: C:\ProgramData\TEMP:D2C57161
AlternateDataStreams: C:\ProgramData\TEMP:D2D4B33E
AlternateDataStreams: C:\ProgramData\TEMP:D354012D
AlternateDataStreams: C:\ProgramData\TEMP:D390A6A7
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D453E38B
AlternateDataStreams: C:\ProgramData\TEMP:D46ECFD5
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6
AlternateDataStreams: C:\ProgramData\TEMP:D74C2847
AlternateDataStreams: C:\ProgramData\TEMP:D8D58038
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E
AlternateDataStreams: C:\ProgramData\TEMP:DC21D414
AlternateDataStreams: C:\ProgramData\TEMP:DD04902E
AlternateDataStreams: C:\ProgramData\TEMP:DE47A3DA
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:DF0BC727
AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D818F7
AlternateDataStreams: C:\ProgramData\TEMP:E3B5F2D1
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E4FCDFD9
AlternateDataStreams: C:\ProgramData\TEMP:E6A96BE9
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E732B44B
AlternateDataStreams: C:\ProgramData\TEMP:E774F04D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:E7B49FBF
AlternateDataStreams: C:\ProgramData\TEMP:E7C9DAAE
AlternateDataStreams: C:\ProgramData\TEMP:E8CB831A
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:EA1919C7
AlternateDataStreams: C:\ProgramData\TEMP:EA701346
AlternateDataStreams: C:\ProgramData\TEMP:EA7D76BE
AlternateDataStreams: C:\ProgramData\TEMP:EAEE7554
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC
AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0
AlternateDataStreams: C:\ProgramData\TEMP:EDC744FB
AlternateDataStreams: C:\ProgramData\TEMP:EEED3F26
AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444
AlternateDataStreams: C:\ProgramData\TEMP:EF5B3572
AlternateDataStreams: C:\ProgramData\TEMP:F0A06891
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F3EFA8A8
AlternateDataStreams: C:\ProgramData\TEMP:F43B7E8F
AlternateDataStreams: C:\ProgramData\TEMP:F7370879
AlternateDataStreams: C:\ProgramData\TEMP:F7F6E6CB
AlternateDataStreams: C:\ProgramData\TEMP:F81E7082
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:F9E46E4C
AlternateDataStreams: C:\ProgramData\TEMP:F9EDCFB0
AlternateDataStreams: C:\ProgramData\TEMP:FAFEC4B9
AlternateDataStreams: C:\ProgramData\TEMP:FB647F34
AlternateDataStreams: C:\ProgramData\TEMP:FD000392
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FECEF728

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7358 mehr eingeschränkte Seiten.

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-891572633-1774761820-252287049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\Application Data\Pictures\Drache1.jpg
HKU\S-1-5-21-891572633-1774761820-252287049-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dean\AppData\Roaming\Jewel Match 3\wallpaper_4.bmp
HKU\S-1-5-21-891572633-1774761820-252287049-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 193.189.244.206 - 193.189.244.225
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: )
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{637B9502-262B-4680-8440-9F93780503AB}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4B1D55F8-D758-4657-AC3A-DE59BD432B5C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{763A9BFE-AF9D-4598-AB33-0CAC42C4329F}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{82E6866A-456B-4FA2-9255-CEA55E07F257}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{8532313D-6991-4F90-9020-D160BD8A8231}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9017EDC8-49B9-46D6-8FA3-C11EBC31FCBC}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{37EFC497-31E9-4305-80D8-8FD93559F3DF}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{9EA43957-1A2C-419E-8F50-22BF8DE39B4C}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [TCP Query User{73E83C09-C343-42F5-9C06-7F29244FF95A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{5EC8FB2D-F09E-4C5A-B679-54FADA91474C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{6F4D1074-856A-4C64-ACF8-1CD93154FD0F}] => (Allow) LPort=80
FirewallRules: [{2B5F215C-83D8-405F-B200-FA3FDBA04952}] => (Allow) LPort=80
FirewallRules: [{08C8CF5F-BCE2-42AD-A410-83781F5BCAC2}] => (Allow) LPort=80
FirewallRules: [{BDA735D0-96F0-44A4-8EA9-FC9899EE3BE7}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe
FirewallRules: [{399DF4C3-B2CC-4BB5-A184-3794FE94AF1F}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe
FirewallRules: [{4DC96EA1-4031-485D-973D-1E0610F18211}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{703AC5DC-7522-4A5E-BAB6-EBE9B22E80F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{693FFD98-9206-4546-9E8B-515167CFDED1}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [UDP Query User{2DB7ECB7-1B5A-42D4-A8C1-1637A28909B6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [TCP Query User{0ED3ABDE-419A-434E-8596-7305420D9041}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{6DCD1365-4EA1-411A-977B-99384019AD14}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{0921335B-E9C8-4FCC-94EC-E44FB6528D9A}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [UDP Query User{9F6876B9-17C8-4B97-ADAB-8ECEB11B70A6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [{94631EAF-E186-4D79-8B1C-8D1900F8E2D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{64977571-955F-4037-91F7-77A705548C8F}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe
FirewallRules: [{99A14943-855E-48FF-9794-EC516BE5D315}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe
FirewallRules: [{A631F5FE-0753-4E43-98C5-953A91EAE2F4}] => (Allow) C:\Program Files\Bench\Proxy\proc.exe
FirewallRules: [{666CE59E-EEF3-49BB-AF43-8645562FA2DE}] => (Allow) C:\Program Files\Bench\Proxy\pwdg.exe
FirewallRules: [{827C6E82-CF2B-4BAE-ADF2-D78AC6A4761A}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe
FirewallRules: [{0B8A5018-DC8F-41A9-AC1F-E6FEDFC84BCA}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe
FirewallRules: [{79F79E0B-50B1-4617-9B45-36391DF95D42}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{2C11D001-28E2-4BD0-9E9F-9F6F7AF546F7}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{B0040FE3-CDCC-4F29-B004-87F4A6574B76}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{CC29AF40-6ED8-4CE4-B529-003AEC14CED2}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{09EFE728-7DFF-46DE-8882-65BA0AFAC8D1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{E189E505-C50E-465C-BEC6-C6B777FFB910}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{F4A3DCDE-5A33-4E9D-8E66-AA41066E6DC3}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{F9F0F3DE-5AE4-45F1-8A61-30484AAEC5A6}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{BE2E9025-8DB8-430E-BD83-F989B5EF45D1}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{00EDA72F-48BB-431A-8289-56EEE99128CF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/27/2015 01:28:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000065,
Prozess-ID 0x15b0, Anwendungsstartzeit XSManager.exe0.

Error: (07/26/2015 07:50:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x6c61766e,
Prozess-ID 0x1578, Anwendungsstartzeit XSManager.exe0.

Error: (07/26/2015 01:06:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0000005e,
Prozess-ID 0x978, Anwendungsstartzeit XSManager.exe0.

Error: (07/25/2015 07:22:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x54206563,
Prozess-ID 0x9c8, Anwendungsstartzeit XSManager.exe0.

Error: (07/25/2015 06:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0000004c,
Prozess-ID 0xcbc, Anwendungsstartzeit XSManager.exe0.

Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/25/2015 03:24:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/25/2015 03:24:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (07/25/2015 03:21:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CCSSMIDAS-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


Systemfehler:
=============

Microsoft Office:
=========================
Error: (07/27/2015 01:28:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000050000006515b001d0c7d847a629b4

Error: (07/26/2015 07:50:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000056c61766e157801d0c7aa58aee7c4

Error: (07/26/2015 01:06:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000050000005e97801d0c7799a425f94

Error: (07/25/2015 07:22:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c0000005542065639c801d0c6f94cb0ad12

Error: (07/25/2015 06:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000050000004ccbc01d0c6f43c41aec2

Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL

Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL

Error: (07/25/2015 03:24:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL

Error: (07/25/2015 03:24:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL

Error: (07/25/2015 03:21:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CCSSMIDAS-A.AKAMAIHD.NET\SETTINGS.SOL


CodeIntegrity Fehler:
===================================
  Date: 2015-07-24 21:23:39.648
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 20:05:19.745
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 20:05:19.355
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 20:05:18.981
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 20:05:18.591
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 20:05:18.216
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 20:05:17.795
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 19:56:03.404
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 19:53:35.170
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-07-24 11:15:10.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\iS3\STOPzilla AntiVirus\Drivers\i386\w2k\SBTIS.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
Percentage of memory in use: 45%
Total physical RAM: 2046.45 MB
Available physical RAM: 1106.8 MB
Total Virtual: 4337.89 MB
Available Virtual: 2445.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:124.5 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:117.19 GB) (Free:106.48 GB) NTFS
Drive e: () (Fixed) (Total:153.26 GB) (Free:147.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B74FD3AC)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.3 GB) - (Type=07 NTFS)

==================== Ende vom log ============================
         


Geändert von xXxPhoenixX (27.07.2015 um 13:40 Uhr) Grund: Hey, hier nochmal die Addition, ich hoffe es ist jetzt vollständig :) Vielen Dank

Alt 28.07.2015, 07:01   #6
schrauber
/// the machine
/// TB-Ausbilder
 

zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar Updater


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> zu hoher Datenverbrauch, Malware

Alt 28.07.2015, 12:04   #7
xXxPhoenixX
 
zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Hey, hab mir zuerst den Revo Uninstaller runter geladen und nach der Ask Toolbar gesucht. Die war dort aber nicht zu finden...
Dann habe ich Combofix runter geladen und bin, soweit ich konnte, den Anweisungen gefolgt. Ich habe Avira per Task Manager deaktiviert, weil ich nicht wusste, wie ich es sonst ausschalte. Leider hat Combofix einen Neustart gemacht und direkt angefangen, so dass Avira wieder aktiviert wurde.... soweit hat es hoffentlich keine Probleme verursacht^^

Hier ist der Combo Log File :
Code:
ATTFilter
ComboFix 15-07-23.01 - Sandra 28.07.2015   9:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.902 [GMT 2:00]
ausgeführt von:: c:\users\Sandra\Downloads\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\UNWISE.EXE
c:\users\Sandra\AppData\Local\.#
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\de\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\en\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\en_US\messages-sim.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\en_US\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\es\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\fr\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\it\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\pt_BR\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_metadata\computed_hashes.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_metadata\verified_contents.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\api-rules.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\app.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\blocked.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\base\search.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\content.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\engines\ask.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\engines\duckduckgo.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\engines\google.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\search.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Bold.eot
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Bold.woff
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Light.eot
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Light.woff
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro.eot
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro.woff
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\animated-overlay.gif
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_diagonals-thick_18_b81900_40x40.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_diagonals-thick_20_666666_40x40.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_flat_10_000000_40x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_glass_100_f6f6f6_1x400.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_glass_100_fdf5ce_1x400.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_glass_65_ffffff_1x400.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_gloss-wave_35_f6a828_500x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_highlight-soft_100_eeeeee_1x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_highlight-soft_75_ffe45c_1x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_222222_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_228ef1_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_ef8c08_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_ffd27a_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_ffffff_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\blocked.html
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\locale.html
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\templates\indexed.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\top.html
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\de-DE.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\en-US.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\es-ES.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\fr-FR.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\it-IT.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\pt-BR.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\abs_avira_umbrella_white.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\absb-attention.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\absb-checks.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\absb-close.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon128.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon16.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon24.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon32.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon48.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_logo.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_logo.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_safe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_safe_lg.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_unsafe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_unsafe_lg.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\close-offers-bar.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\close.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_close.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_close_white.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_feedback.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_dark.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_dark.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_light.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_light.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_normal.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\expand-arrow.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\info_empty.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\info_full.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\question-mark.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\scroll-down.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\serp_info_safe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\serp_info_unsafe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\settings-24.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\switch-on.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\trackers_icon.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\trackers_icon_nb.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\white_check.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\app.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\background.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\blocked.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\content.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\content_start.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\locale.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\search.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\standalone.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\manifest.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\000003.log
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\CURRENT
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOCK
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG.old
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\MANIFEST-000001
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage-journal
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-28 bis 2015-07-28  ))))))))))))))))))))))))))))))
.
.
2015-07-28 07:52 . 2015-07-28 07:55	--------	d-----w-	c:\users\Sandra\AppData\Local\temp
2015-07-28 07:52 . 2015-07-28 07:52	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-07-28 07:52 . 2015-07-28 07:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-28 07:52 . 2015-07-28 07:52	--------	d-----w-	c:\users\Dean\AppData\Local\temp
2015-07-28 07:30 . 2015-07-28 07:30	--------	d-----w-	c:\program files\VS Revo Group
2015-07-28 07:30 . 2015-07-15 01:33	9252608	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E271F09B-5B72-4040-9E44-2ACF6E480572}\mpengine.dll
2015-07-27 22:52 . 2015-07-27 22:53	98520	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 22:51 . 2015-07-27 22:51	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-07-27 22:51 . 2015-06-18 06:41	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-07-27 22:51 . 2015-06-18 06:41	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 22:51 . 2015-06-18 06:41	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-07-27 22:38 . 2015-07-27 22:48	--------	d-----w-	c:\users\Sandra\AppData\Roaming\ReviverSoft
2015-07-25 06:14 . 2015-07-27 12:36	--------	d-----w-	C:\FRST
2015-07-24 21:06 . 2015-07-24 21:06	--------	d-----w-	c:\users\Sandra\AppData\Local\FullTiltPoker.eu
2015-07-24 17:52 . 2015-07-24 17:52	--------	d-----w-	c:\programdata\Malwarebytes
2015-07-24 15:36 . 2015-07-24 15:37	--------	d-----w-	c:\users\Dean\AppData\Roaming\XSManager
2015-07-24 14:27 . 2015-07-24 14:56	--------	d-----w-	c:\users\Sandra\AppData\Roaming\SECRV
2015-07-21 11:00 . 2015-07-14 16:02	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-07-21 11:00 . 2015-07-14 14:23	296960	----a-w-	c:\windows\system32\atmfd.dll
2015-07-21 10:40 . 2015-07-21 10:40	--------	d-----w-	c:\programdata\VIPRE
2015-07-21 10:40 . 2015-07-21 10:40	--------	d-----w-	c:\program files\Common Files\AV
2015-07-21 10:11 . 2015-07-24 09:14	--------	d-----w-	c:\programdata\STOPzilla!
2015-07-21 10:11 . 2015-07-21 10:11	--------	d-----w-	c:\program files\iS3
2015-07-15 11:05 . 2015-06-25 02:57	2066432	----a-w-	c:\windows\system32\win32k.sys
2015-07-15 11:04 . 2015-07-03 16:04	1316864	----a-w-	c:\windows\system32\ole32.dll
2015-07-15 11:04 . 2015-06-17 15:09	73216	----a-w-	c:\windows\system32\msiexec.exe
2015-07-15 11:04 . 2015-06-17 16:50	2264576	----a-w-	c:\windows\system32\msi.dll
2015-07-15 11:03 . 2015-06-12 16:01	298496	----a-w-	c:\windows\system32\gdi32.dll
2015-07-15 11:02 . 2015-05-31 08:11	225792	----a-w-	c:\windows\system32\cewmdm.dll
2015-07-15 11:01 . 2015-06-27 14:21	217088	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 11:01 . 2015-06-27 14:21	81408	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 11:01 . 2015-01-09 00:17	107008	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2015-07-15 11:01 . 2015-06-27 16:02	218112	----a-w-	c:\windows\system32\msv1_0.dll
2015-07-15 11:01 . 2015-06-27 16:03	783872	----a-w-	c:\windows\system32\rpcrt4.dll
2015-07-15 11:01 . 2015-06-27 16:02	501248	----a-w-	c:\windows\system32\kerberos.dll
2015-07-15 11:01 . 2015-06-27 16:01	801280	----a-w-	c:\windows\system32\advapi32.dll
2015-07-15 11:01 . 2015-06-12 13:13	440768	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2015-07-09 12:42 . 2015-07-27 23:12	--------	d-----w-	c:\program files\AFC Secure Net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-27 09:50 . 2013-08-06 18:29	136728	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-07-27 09:50 . 2013-08-06 18:29	108448	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-07-24 16:38 . 2014-08-31 16:38	70144	----a-w-	c:\windows\system32\tasks.dll
2015-07-24 15:35 . 2014-09-09 08:03	120320	----a-w-	c:\windows\system32\drivers\cmntnet.sys
2015-07-24 15:35 . 2014-09-09 08:03	107520	----a-w-	c:\windows\system32\drivers\cmnuusbser.sys
2015-07-24 15:35 . 2014-09-09 08:03	103424	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2015-07-24 15:35 . 2014-09-09 08:03	52128	----a-w-	c:\windows\system32\drivers\smsbda.sys
2015-07-24 15:35 . 2014-09-09 08:03	19968	----a-w-	c:\windows\system32\drivers\MobileBroadbandDCUsb.sys
2015-07-24 15:35 . 2014-09-09 08:03	134144	----a-w-	c:\windows\system32\drivers\MobileBroadbandDCWwan.sys
2015-07-24 15:35 . 2014-09-09 08:03	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2015-07-24 15:35 . 2014-09-09 08:03	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2015-07-24 15:35 . 2014-09-09 08:03	108032	----a-w-	c:\windows\system32\drivers\MobileBroadbandDCser.sys
2015-07-24 15:35 . 2014-09-09 08:03	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2015-07-24 15:35 . 2014-09-09 08:03	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2015-07-14 19:21 . 2013-03-28 10:00	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-07-14 19:21 . 2013-03-28 10:00	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-23 11:27 . 2009-10-02 23:33	246952	------w-	c:\windows\system32\MpSigStub.exe
2015-05-21 14:34 . 2013-08-06 18:29	37896	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2015-05-04 22:50 . 2015-06-10 11:00	4096	----a-w-	c:\windows\system32\msdxm.ocx
2015-05-04 22:50 . 2015-06-10 11:00	4096	----a-w-	c:\windows\system32\dxmasf.dll
2015-05-04 22:50 . 2015-06-10 11:00	7680	----a-w-	c:\windows\system32\spwmp.dll
2015-05-04 21:21 . 2015-06-10 11:00	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2015-04-30 16:03 . 2015-05-13 11:22	279040	----a-w-	c:\windows\system32\schannel.dll
2015-04-30 13:14 . 2015-05-13 11:20	102608	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Amazon Cloud Player"="c:\users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-07-27 782008]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Sparhandy_Germany Silverstone ModemListener"="c:\program files\Sparhandy Modem\BackgroundService\ModemListener.exe" [2012-10-29 118784]
"Lightshot"="c:\program files\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Facebook Update"="c:\users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"WaitingDog"=c:\windows\StiD1210.exe
"WrtMon.exe"=c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
"WPCUMI"=c:\windows\system32\WpcUmi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-26 09:04	995144	----a-w-	c:\program files\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-28 19:21]
.
2015-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-07-24 15:56]
.
2015-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-07-24 15:56]
.
2015-07-27 c:\windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-09-03 16:44]
.
2015-07-27 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-09-03 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://safesearch.avira.com/
uDefault_Search_URL = https://safesearch.avira.com/
mStart Page = https://safesearch.avira.com/
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna05R2BP17RpXVs30Ualts2GY0E5kZy9bj1-D5FzAOyuCNK0jPtP0NKvweD1kIv8ofmpXIF8jX4EliaRKEeGd2CKEVglZ3Zdzro1Sm3MUs3MQgS4oaZNsGovomPOcVdUJA,,&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Save YouTube Video as MP3
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 193.189.244.206 193.189.244.225
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://gamescenter.sat1.de/online2/insaniquarium/oberongamesloader.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
WebBrowser-{9613CB43-EA4C-48B5-878D-13DFE1818EFE} - (no file)
HKCU-Run-LightShot - c:\users\Sandra\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9613CB43-EA4C-48B5-878D-13DFE1818EFE}"=hex:51,66,7a,6c,4c,1d,38,12,2d,c8,00,
   92,7e,a4,db,0d,f8,9b,50,9f,e4,df,ca,ea
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
   9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
   2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E141F5C3-2619-4996-8AF8-AA0A9439D986}"=hex:51,66,7a,6c,4c,1d,38,12,ad,f6,52,
   e5,2b,68,f8,0c,f5,ee,e9,4a,91,67,9d,92
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
   93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7e,34,32,1c,3a,26,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Sparhandy Modem\BackgroundService\ServiceManager.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\XSManager\WTGService.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-28  10:01:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-07-28 08:00
.
Vor Suchlauf: 10 Verzeichnis(se), 133.911.064.576 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 135.091.974.144 Bytes frei
.
- - End Of File - - 19AEFF162B9D549CDD1FDB948D1454FA
5C616939100B85E558DA92B899A0FC36
         
Also, ich war jetzt anschließend im Internet und das Problem ist leider nicht behoben worden. Ich habe die Statistik geöffnet um zu sehen wieviele Daten ich beim surfen verbrauche und normalerweise verbrauche ich im einstelligen Bereich.Also ich verbauche so 10.000 mb in1 std. Im Moment ist es aber so, dass ich 40.000mb in 2 minuten verbrauche. Allein für den Download der beiden o.g. Programme habe ich fast 200.000mb verbraucht... Da ich leider nur 7,5 gb flat habe, ist das für mich ein echtes Problem. Ich habe also nochmal den Malwarebytes durchlaufen lassen und wieder 64 Probleme gefunden und in Quarantäne verschoben. Nur wirklich genutzt hat es auch nichts. Woran kann es denn liegen?

Vielen Dank noch mal für deine Hilfe, ohne die wäre ich aufgeschmissen

Ach sry, ich meine natürlich KB und nicht MB ^^

Geändert von xXxPhoenixX (28.07.2015 um 11:27 Uhr)

Alt 29.07.2015, 06:42   #8
schrauber
/// the machine
/// TB-Ausbilder
 

zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.08.2015, 09:01   #9
xXxPhoenixX
 
zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware



Hey, ich habe das jetzt ein bissel beobachtet und es ist teilweise besser geworden. D.h. manchmal surfe ich ohne Probleme, dann mach ich 1 std später wieder den PC an und es zieht wieder irgendwas wie verrückt Daten, ohne dass sich die Seite richtig aufbaut. ich habe hier noch die Text Dateien, die du mir geraten hast.
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 01.08.2015
Suchlaufzeit: 08:15:44
Protokolldatei: malware.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.28.06
Rootkit-Datenbank: v2015.07.22.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Sandra

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 418068
Abgelaufene Zeit: 15 Min., 32 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\privoxy.exe, 1528, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070]

Module: 1
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\mgwz.dll, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], 

Registrierungsschlüssel: 2
PUP.Optional.SecureWeb.A, HKU\S-1-5-21-891572633-1774761820-252287049-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, In Quarantäne, [e640cb1c98f2a59115b7d5b59072f709], 
PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, In Quarantäne, [66c09e498802fd3997f8c64291729070], 

Registrierungswerte: 1
PUM.Bad.Proxy, HKU\S-1-5-21-891572633-1774761820-252287049-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, In Quarantäne, [53d362853c4e1d191c2f6d229e6633cd]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 3
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\content, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], 
PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], 

Dateien: 18
Backdoor.Agent.WD, C:\Users\Sandra\AppData\Local\temp\hp_u_232322.exe, In Quarantäne, [919539ae3d4d2511faf26ce34db34eb2], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\amjob.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\checkproxy.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\config.txt, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\default.action, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\default.filter, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\gmff.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\jswchromium.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\jswchromium64.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\mgwz.dll, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\privoxy.exe, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\privoxy.log, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\ssnet.dll, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\ssnet64.dll, In Quarantäne, [66c09e498802fd3997f8c64291729070], 
PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\content\load.js, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], 
PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\content\overlay.xul, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], 
PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\chrome.manifest, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], 
PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\install.rdf, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
Dann noch der AdwCleaner:

Code:
ATTFilter
# AdwCleaner v4.208 - Bericht erstellt 29/07/2015 um 11:49:57
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Sandra - HOUSEFRAU
# Gestarted von : c:\Users\Sandra\Downloads\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\FileCure
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files\Bench
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\GetPrivate
Ordner Gelöscht : C:\Program Files\MediaPlayerplus
Ordner Gelöscht : C:\Program Files\Jelbrus Secure Web
Ordner Gelöscht : C:\Program Files\AFC Secure Net
Ordner Gelöscht : C:\Program Files\Common Files\Tobit
Ordner Gelöscht : C:\Users\Dean\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Dean\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\apn
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Sandra\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\GetPrivate
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\Tobit
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_adbpopomabpienjnifocifondadaogpj_0
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\adbpopomabpienjnifocifondadaogpj
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\system32\RegistryHelperLM.ocx
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Temp\uninstaller.exe
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\user.js
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.searchnu.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage

***** [ Geplante Tasks ] *****

Task Gelöscht : update-sys
Task Gelöscht : AFC Secure Net Task
Task Gelöscht : update-S-1-5-21-891572633-1774761820-252287049-1000

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\System\CurrentControlSet\Services\Eventlog\Application\registry helper service
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422255}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425555}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426655}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424455}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Schlüssel Gelöscht : HKCU\Software\Free Video Converter
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\NetMon
Schlüssel Gelöscht : HKCU\Software\Appscion
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\SecureWebChannel
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MediaPlayerplus
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51105;hxxps=127.0.0.1:51105
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16669

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

-\\ Mozilla Firefox v


-\\ Google Chrome v44.0.2403.107


-\\ Chromium v

[C:\Users\Dean\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Sandra\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [12583 Bytes] - [29/07/2015 11:41:39]
AdwCleaner[R1].txt - [12643 Bytes] - [29/07/2015 11:48:40]
AdwCleaner[S0].txt - [11516 Bytes] - [29/07/2015 11:49:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11576  Bytes] ##########
         
und Junkware removel Tool:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sandra on 29.07.2015 at 13:01:01,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Alawar
Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\users\Public\Documents\alawarwrapper
Successfully deleted: [Folder] C:\Users\Sandra\Appdata\Local\newsoft
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\Alawar
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\AlawarEntertainment
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\newsoft
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\reviversoft
Successfully deleted: [Folder] C:\Users\Sandra\Documents\my pagemanager
Successfully deleted: [Folder] C:\Users\Sandra\Appdata\Local\21942



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\pozswhr6.default\minidumps [141 files]



~~~ Chrome


[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  booedmolknjekdopkepjjeckmjkdpfgl,
  flpcjncodpafbgdpnkljologafpionhb
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2015 at 13:06:47,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Vielen Dank nochmal für deine Mühe

Alt 01.08.2015, 15:08   #10
schrauber
/// the machine
/// TB-Ausbilder
 

zu hoher Datenverbrauch, Malware - Standard

zu hoher Datenverbrauch, Malware




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu zu hoher Datenverbrauch, Malware
allgemein, alter, anderen, anti, beste, entfernen, formatieren, gespeichert, google, hohe, hoher datenverbrauch, interne, internet, kostenlos, links, malware, malware / spyware, nichts, probleme, programme, recovery, scan, stick, upload, verschiedene, virus, wirklich



Ähnliche Themen: zu hoher Datenverbrauch, Malware


  1. hoher ping und immer wieder neue malware, nach gedownloadeter exe-datei
    Plagegeister aller Art und deren Bekämpfung - 24.08.2015 (32)
  2. Problem mit Datenverbrauch Internet, 3x mal mehr Daten gesendet als empfangen
    Plagegeister aller Art und deren Bekämpfung - 01.04.2015 (7)
  3. Extrem hohe Datenverbrauch und langsamer Rechner
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (1)
  4. Extrem hoher Datenverbrauch
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (1)
  5. Hoher Datenverbrauch. Malware im Hintergrund?
    Log-Analyse und Auswertung - 09.09.2014 (5)
  6. Langsames I-Net-Hoher Ping
    Log-Analyse und Auswertung - 06.10.2009 (1)
  7. hoher Upload
    Log-Analyse und Auswertung - 22.08.2009 (1)
  8. Scam_Mail deutsch hoher Qualität Malware nicht detektierbar
    Log-Analyse und Auswertung - 27.10.2008 (7)
  9. explorer.exe mit hoher Speicherbelegung
    Alles rund um Windows - 03.08.2008 (0)
  10. vsmon mit extrem hoher last
    Log-Analyse und Auswertung - 14.03.2008 (1)
  11. Hoher Ping
    Netzwerk und Hardware - 25.05.2007 (1)
  12. Problem mit hoher cpu last
    Log-Analyse und Auswertung - 16.05.2007 (2)
  13. Hilfe Hoher Upload!!!!!
    Plagegeister aller Art und deren Bekämpfung - 29.10.2006 (4)
  14. Hoher Upload!!!!
    Log-Analyse und Auswertung - 26.08.2006 (1)
  15. Hoher Traffic
    Netzwerk und Hardware - 30.03.2006 (7)
  16. Extrem hoher Upload ?!?
    Log-Analyse und Auswertung - 22.02.2005 (2)
  17. Zu hoher Upload!!! Was ist los?
    Log-Analyse und Auswertung - 27.10.2004 (4)

Zum Thema zu hoher Datenverbrauch, Malware - Hallo, seit ein paar Tagen habe ich Probleme mit meinem PC/Vista (32bit). Ich gehe mit einem mobilcom debitel Stick (O2) ins Internet und habe mir wohl einiges eingefangen. Wenn ich - zu hoher Datenverbrauch, Malware...
Archiv
Du betrachtest: zu hoher Datenverbrauch, Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.