Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Webseiten werden auf Werbung umgeleitet usw und grüne Links (https://www.trojaner-board.de/149579-windows-7-webseiten-werbung-umgeleitet-usw-gruene-links.html)

wallhalla23 10.02.2014 18:32
Windows 7: Webseiten werden auf Werbung umgeleitet usw und grüne Links
 
Hallo, nachdem ich 2 Tage alleine probiert habe das Problem in den Griff zu bekommen habe ich mich hier angemeldet und hoffe auf eure Hilfe.
Also es werden ziemlich viele Webseiten auf Werbung umgeleitet und in Texten sind Grün markierte Wörter die sich in links umgewandelt haben.
Habe schon einige Progs ausprobiert um das Problem zu beseitigen. Es waren Malwarebytes Anti-Malware ; Rkill ; Revo Uninstaller ; Spyhunter ; ADW-Cleaner und nun weiß ich nicht mehr weiter.

Larusso 10.02.2014 19:47
:hallo:

Code:
127.0.0.1 secure.tune-up.com
  127.0.0.1 order.tune-up.com
  127.0.0.1 tune-up.com
  127.0.0.1 tune-up.com/order
  127.0.0.1 registertuneup.com
  127.0.0.1 tuneup.de
http://www.trojaner-board.de/95393-c...-software.html

Wer crackt bitte freiwillig TuneUp. Seinen PC freiwillig noch mehr schrotten als es TuneUp von Haus aus schon tut.
Wenn die Software vollständig entfernt wurde, hätte ich gerne eine neue FRST Logfile

wallhalla23 10.02.2014 20:06
Habe es komplett entfernt...:daumenhoc

Hänge noch die andere mit an...weiß nicht ob das die richtige war.

Larusso 10.02.2014 21:10
Sehr gut. Finger weg von solch Zeugs.

Kommt dein Problem in allen Browsern vor ?

wallhalla23 11.02.2014 09:17
Ja benutze den Chrome und als ersatz hab ich nur den IE

Ich vergaß noch Auffälligkeiten auf den Webseiten. Es befinden sich auf freien stellen leere Rechtecke und darunter steht "Ads by ShowPassword". Habeschon versucht es mit ABP zu bekämpfen aber kommt immer wieder.

Larusso 11.02.2014 16:14
Hy.
Mal sehen was folgendes Tool so findet. In der FRST Log springt mich jetzt nichts an.

Deinstalliere bitte Spyhunter. Meiner Meinung nach ist diese Software selbst Malware.


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


wallhalla23 11.02.2014 20:48
Hallo, hoffe ja du findest was...ist echt nervig diese shit Ads

Larusso 11.02.2014 21:12
Ich gehe mal davon aus, dass die Ads noch da sind.

Kannst du Chrome mal im privaten Modus starten und mir sagen, ob die Ads hier auch noch da sind.
Menü -> neues Inkognito-Fenster

( PS: Ich muss jetzt ins Bett, da morgen um 4 der Wecker läutet und es ein laaanger Arbeitstag wird -.- )

wallhalla23 11.02.2014 21:17
hab es gerade probiert und es sind immer noch die gleichen Ads vorhanden

Danke dir auf jeden Fall...kann denn jemand anderes weitermachen?

Larusso 12.02.2014 20:03
Hy und sorry für die Verzögerung. Irgendwie hab ich dich übersehen.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

wallhalla23 12.02.2014 22:40
Hallo, und ich bin auch gerade erst zuhause aber hoffe das wir das noch über die Bühne bekommen.

Code:
ComboFix 14-02-12.01 - Andy 12.02.2014  22:10:25.1.8 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6510.4219 [GMT 1:00]
ausgeführt von:: c:\users\Andy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Pro Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uvnc_service
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-01-12 bis 2014-02-12  ))))))))))))))))))))))))))))))
.
.
2014-02-12 21:16 . 2014-02-12 21:16        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-02-11 14:14 . 2014-02-11 14:14        --------        d-----w-        c:\users\Andy\AppData\Roaming\ChemTable Software
2014-02-11 14:14 . 2014-02-11 14:14        --------        d-----w-        c:\program files (x86)\Reg Organizer
2014-02-11 14:14 . 2014-02-11 14:14        --------        d-----w-        c:\users\Andy\AppData\Local\ChemTable Software
2014-02-11 08:18 . 2013-12-04 03:28        10315576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6793BA1E-1B69-42C5-8D6A-FE6F420C0E92}\mpengine.dll
2014-02-10 14:32 . 2014-02-10 19:02        --------        d-----w-        C:\FRST
2014-02-09 10:30 . 2014-02-09 10:31        --------        d-----w-        c:\users\Andy\Iso
2014-02-09 09:29 . 2014-02-10 13:39        --------        d-----w-        C:\AdwCleaner
2014-02-09 09:26 . 2010-11-21 03:25        296448        ----a-w-        c:\windows\SysWow64\mfds.dll
2014-02-09 08:22 . 2014-02-09 08:22        --------        d-----w-        c:\windows\ERUNT
2014-02-08 21:29 . 2014-02-12 01:32        --------        d-----w-        c:\program files (x86)\Enigma Software Group
2014-02-08 21:29 . 2014-02-11 19:26        --------        d-----w-        c:\windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-02-08 19:30 . 2014-02-12 01:32        --------        d-----w-        c:\program files\Enigma Software Group
2014-02-08 19:30 . 2014-02-08 21:29        --------        d-----w-        c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-08 19:30 . 2014-02-08 21:29        --------        d-----w-        c:\program files (x86)\Common Files\Wise Installation Wizard
2014-02-08 11:04 . 2014-02-08 11:04        --------        d-----w-        c:\users\Andy\AppData\Roaming\Malwarebytes
2014-02-08 11:04 . 2014-02-08 11:04        --------        d-----w-        c:\programdata\Malwarebytes
2014-02-08 11:04 . 2014-02-08 11:04        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-08 11:04 . 2013-04-04 13:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2014-02-08 09:00 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2014-02-08 09:00 . 2012-06-06 06:06        1881600        ----a-w-        c:\windows\system32\msxml3.dll
2014-02-08 09:00 . 2012-06-06 05:05        1390080        ----a-w-        c:\windows\SysWow64\msxml6.dll
2014-02-08 09:00 . 2012-06-06 05:05        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2014-02-08 09:00 . 2010-06-26 03:55        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2014-02-08 09:00 . 2010-06-26 03:24        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2014-02-07 14:07 . 2014-02-07 14:07        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-02-07 11:25 . 2014-02-08 09:06        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2014-02-05 16:31 . 2014-02-05 16:31        --------        d-----w-        c:\program files (x86)\Shark007
2014-02-05 16:27 . 2014-02-09 09:27        --------        d-----w-        c:\programdata\Advanced
2014-02-03 20:30 . 2014-02-04 00:03        --------        d-----w-        c:\program files\Ekahau
2014-02-03 10:06 . 2014-02-03 10:06        --------        d-----w-        c:\windows\CheckSur
2014-02-02 10:36 . 2014-02-02 10:36        --------        d-----w-        c:\users\Andy\AppData\Local\Microsoft_Research
2014-02-02 09:59 . 2014-02-02 09:59        --------        d-----w-        c:\program files (x86)\Common Files\ASCOM
2014-02-02 09:59 . 2014-02-02 09:59        --------        d-----w-        c:\windows\Symbols
2014-02-02 09:59 . 2014-02-02 09:59        --------        d-----w-        c:\program files\Common Files\ASCOM
2014-02-02 09:59 . 2014-02-02 09:59        --------        d-----w-        c:\program files (x86)\ASCOM
2014-02-02 09:58 . 2014-02-04 00:02        --------        dc-h--w-        c:\programdata\{BBDFE733-F48B-4E86-B7C1-E6F173F01FCF}
2014-02-02 08:45 . 2010-05-26 10:41        511328        ----a-w-        c:\windows\system32\d3dx10_43.dll
2014-02-02 08:45 . 2010-05-26 10:41        470880        ----a-w-        c:\windows\SysWow64\d3dx10_43.dll
2014-02-02 08:45 . 2009-09-04 16:29        2582888        ----a-w-        c:\windows\system32\D3DCompiler_42.dll
2014-02-02 08:45 . 2009-09-04 16:29        235344        ----a-w-        c:\windows\SysWow64\d3dx11_42.dll
2014-02-02 08:45 . 2009-09-04 16:29        285024        ----a-w-        c:\windows\system32\d3dx11_42.dll
2014-02-02 08:45 . 2007-05-16 15:45        506728        ----a-w-        c:\windows\system32\d3dx10_34.dll
2014-02-02 08:45 . 2007-05-16 15:45        443752        ----a-w-        c:\windows\SysWow64\d3dx10_34.dll
2014-02-02 08:45 . 2007-05-16 15:45        1401200        ----a-w-        c:\windows\system32\D3DCompiler_34.dll
2014-02-02 08:45 . 2007-05-16 15:45        1124720        ----a-w-        c:\windows\SysWow64\D3DCompiler_34.dll
2014-02-02 08:45 . 2014-02-02 08:45        --------        d-----w-        c:\program files (x86)\Microsoft Research
2014-01-31 11:55 . 2014-01-31 11:55        --------        d-----w-        c:\users\Andy\AppData\Local\Wondershare
2014-01-31 11:55 . 2014-01-31 11:55        --------        d-----w-        c:\program files (x86)\Common Files\Wondershare
2014-01-31 11:55 . 2014-02-09 09:54        --------        d-----w-        c:\program files (x86)\Wondershare
2014-01-31 11:55 . 2014-01-31 11:55        --------        d-----w-        c:\programdata\Wondershare
2014-01-29 11:03 . 2014-01-29 11:03        1734        ----a-w-        c:\windows\patsearch.bin
2014-01-29 11:03 . 2014-01-28 14:20        55480        ----a-w-        c:\windows\system32\drivers\webinstr.sys
2014-01-28 09:57 . 2014-01-28 09:57        --------        d-----w-        c:\users\Andy\AppData\Roaming\UltraVNC
2014-01-28 09:54 . 2014-01-28 09:54        --------        d-----w-        c:\program files (x86)\uvnc bvba
2014-01-26 11:20 . 2014-01-26 11:20        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 11:20 . 2014-01-26 11:20        --------        d-----w-        c:\program files\iTunes
2014-01-26 11:20 . 2014-01-26 11:20        --------        d-----w-        c:\program files (x86)\iTunes
2014-01-26 11:20 . 2014-01-26 11:20        --------        d-----w-        c:\program files\iPod
2014-01-25 10:00 . 2014-01-25 10:01        --------        d-----w-        c:\programdata\Package Cache
2014-01-25 10:00 . 2014-01-28 13:14        --------        d-----w-        c:\program files (x86)\SixaxisPairTool
2014-01-21 13:57 . 2014-01-21 13:57        --------        d-----w-        c:\users\Andy\AppData\Local\MetaGeek,_LLC
2014-01-21 13:56 . 2014-01-21 13:56        --------        d-----w-        c:\program files (x86)\MetaGeek
2014-01-21 13:21 . 2014-01-21 13:21        --------        d-----w-        C:\Python27
2014-01-21 13:18 . 2014-01-21 13:18        --------        d-----w-        C:\Python33
2014-01-21 12:40 . 2014-01-21 12:41        --------        d-----w-        c:\programdata\Visan
2014-01-21 12:38 . 2014-02-05 09:34        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-21 12:38 . 2014-02-05 09:34        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-21 12:38 . 2014-01-21 12:38        --------        d-----w-        c:\windows\system32\Macromed
2014-01-21 12:35 . 2014-01-21 12:35        --------        d-----w-        c:\program files (x86)\MPC-HC
2014-01-21 12:33 . 2014-01-21 12:33        --------        d-----w-        c:\users\Default\AppData\Local\Adobe
2014-01-21 12:25 . 2014-01-21 12:25        --------        d-----w-        c:\users\Andy\AppData\Local\Secunia PSI
2014-01-21 12:25 . 2014-01-21 12:25        --------        d-----w-        c:\program files (x86)\Secunia
2014-01-18 08:55 . 2014-01-18 09:16        --------        d-----w-        c:\users\Andy\AppData\Roaming\FileZilla
2014-01-15 07:40 . 2013-11-27 01:41        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2014-01-15 07:40 . 2013-11-27 01:41        99840        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2014-01-15 07:40 . 2013-11-27 01:41        53248        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2014-01-15 07:40 . 2013-11-27 01:41        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2014-01-15 07:40 . 2013-11-27 01:41        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2014-01-15 07:40 . 2013-11-27 01:41        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2014-01-15 07:40 . 2013-11-27 01:41        7808        ----a-w-        c:\windows\system32\drivers\usbd.sys
2014-01-15 07:40 . 2013-11-26 11:40        376768        ----a-w-        c:\windows\system32\drivers\netio.sys
2014-01-15 07:40 . 2013-11-26 10:32        3156480        ----a-w-        c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 08:10 . 2013-10-27 09:52        86054176        ----a-w-        c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe
2013-12-17 13:18 . 2013-10-26 12:24        84720        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-12-17 13:18 . 2013-10-26 12:24        131576        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-12-17 13:18 . 2013-10-26 12:24        108440        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-12-11 08:38 . 2013-12-11 08:38        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-11 08:38 . 2013-12-11 08:38        194048        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-12-11 08:38 . 2013-12-11 08:38        71680        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-11 08:38 . 2013-12-11 08:38        645120        ----a-w-        c:\windows\SysWow64\jsIntl.dll
2013-12-11 08:38 . 2013-12-11 08:38        62464        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-12-11 08:38 . 2013-12-11 08:38        34816        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-11 08:38 . 2013-12-11 08:38        337408        ----a-w-        c:\windows\SysWow64\html.iec
2013-12-11 08:38 . 2013-12-11 08:38        24576        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-12-11 08:38 . 2013-12-11 08:38        235008        ----a-w-        c:\windows\system32\elshyph.dll
2013-12-11 08:38 . 2013-12-11 08:38        182272        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-12-11 08:38 . 2013-12-11 08:38        86016        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2013-12-11 08:38 . 2013-12-11 08:38        74240        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-11 08:38 . 2013-12-11 08:38        61952        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2013-12-11 08:38 . 2013-12-11 08:38        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2013-12-11 08:38 . 2013-12-11 08:38        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2013-12-11 08:38 . 2013-12-11 08:38        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-12-11 08:38 . 2013-12-11 08:38        454656        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-12-11 08:38 . 2013-12-11 08:38        36352        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-12-11 08:38 . 2013-12-11 08:38        151552        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-12-11 08:38 . 2013-12-11 08:38        139264        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-12-11 08:38 . 2013-12-11 08:38        13312        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-12-11 08:38 . 2013-12-11 08:38        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-12-11 08:38 . 2013-12-11 08:38        111616        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-12-11 08:38 . 2013-12-11 08:38        1051136        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-12-11 08:38 . 2013-12-11 08:38        942592        ----a-w-        c:\windows\system32\jsIntl.dll
2013-12-11 08:38 . 2013-12-11 08:38        90112        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-12-11 08:38 . 2013-12-11 08:38        86016        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2013-12-11 08:38 . 2013-12-11 08:38        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-12-11 08:38 . 2013-12-11 08:38        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-12-11 08:38 . 2013-12-11 08:38        247808        ----a-w-        c:\windows\system32\msls31.dll
2013-12-11 08:38 . 2013-12-11 08:38        195584        ----a-w-        c:\windows\system32\msrating.dll
2013-12-11 08:38 . 2013-12-11 08:38        13312        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-12-11 08:38 . 2013-12-11 08:38        131072        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-12-11 08:38 . 2013-12-11 08:38        105984        ----a-w-        c:\windows\system32\iesysprep.dll
2013-12-11 08:38 . 2013-12-11 08:38        84992        ----a-w-        c:\windows\system32\mshtmled.dll
2013-12-11 08:38 . 2013-12-11 08:38        83968        ----a-w-        c:\windows\system32\MshtmlDac.dll
2013-12-11 08:38 . 2013-12-11 08:38        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-12-11 08:38 . 2013-12-11 08:38        774144        ----a-w-        c:\windows\system32\jscript.dll
2013-12-11 08:38 . 2013-12-11 08:38        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-12-11 08:38 . 2013-12-11 08:38        626176        ----a-w-        c:\windows\system32\msfeeds.dll
2013-12-11 08:38 . 2013-12-11 08:38        62464        ----a-w-        c:\windows\system32\pngfilt.dll
2013-12-11 08:38 . 2013-12-11 08:38        616104        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-12-11 08:38 . 2013-12-11 08:38        548352        ----a-w-        c:\windows\system32\vbscript.dll
2013-12-11 08:38 . 2013-12-11 08:38        48128        ----a-w-        c:\windows\system32\imgutil.dll
2013-12-11 08:38 . 2013-12-11 08:38        453120        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-12-11 08:38 . 2013-12-11 08:38        413696        ----a-w-        c:\windows\system32\html.iec
2013-12-11 08:38 . 2013-12-11 08:38        40448        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-11 08:38 . 2013-12-11 08:38        30208        ----a-w-        c:\windows\system32\licmgr10.dll
2013-12-11 08:38 . 2013-12-11 08:38        296960        ----a-w-        c:\windows\system32\dxtrans.dll
2013-12-11 08:38 . 2013-12-11 08:38        263376        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-12-11 08:38 . 2013-12-11 08:38        243200        ----a-w-        c:\windows\system32\webcheck.dll
2013-12-11 08:38 . 2013-12-11 08:38        235520        ----a-w-        c:\windows\system32\url.dll
2013-12-11 08:38 . 2013-12-11 08:38        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-12-11 08:38 . 2013-12-11 08:38        147968        ----a-w-        c:\windows\system32\occache.dll
2013-12-11 08:38 . 2013-12-11 08:38        143872        ----a-w-        c:\windows\system32\wextract.exe
2013-12-11 08:38 . 2013-12-11 08:38        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-12-11 08:38 . 2013-12-11 08:38        135680        ----a-w-        c:\windows\system32\iepeers.dll
2013-12-11 08:38 . 2013-12-11 08:38        1228800        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-12-11 08:38 . 2013-12-11 08:38        101376        ----a-w-        c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-13 07:18        23183360        ----a-w-        c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-13 07:18        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-13 07:18        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-13 07:18        66048        ----a-w-        c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-13 07:18        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-13 07:18        2764288        ----a-w-        c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-13 07:18        53760        ----a-w-        c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-13 07:18        33792        ----a-w-        c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-13 07:18        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-13 07:18        574976        ----a-w-        c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-13 07:18        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-13 07:18        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-13 07:18        708608        ----a-w-        c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-13 07:18        218624        ----a-w-        c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-13 07:18        5769216        ----a-w-        c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-13 07:18        553472        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-13 07:18        4243968        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-13 07:18        1995264        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-13 07:18        12996608        ----a-w-        c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-13 07:18        1928192        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-13 07:18        2334208        ----a-w-        c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-13 07:18        1395200        ----a-w-        c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-13 07:18        817664        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-13 07:18        1820160        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 13:09        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 13:09        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-11-21 15:45 . 2013-11-22 10:00        655872        ----a-w-        c:\windows\msvcr90.dll
2013-11-21 15:25 . 2013-11-21 15:17        76384        ----a-w-        c:\windows\system32\libusb0.dll
2013-11-21 15:25 . 2013-11-21 15:17        52832        ----a-w-        c:\windows\system32\drivers\libusb0.sys
2013-11-21 15:17 . 2013-11-21 15:24        25088        ----a-w-        c:\windows\SysWow64\installer_x64.exe
2013-11-21 15:17 . 2013-11-21 15:24        23552        ----a-w-        c:\windows\SysWow64\installer_x86.exe
2013-11-18 20:19 . 2013-11-18 20:19        3923456        ----a-w-        c:\windows\system32\python33.dll
2013-11-18 20:18 . 2013-11-18 20:18        94208        ----a-w-        c:\windows\pyw.exe
2013-11-18 20:18 . 2013-11-18 20:18        93696        ----a-w-        c:\windows\py.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-27 08:58        220632        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-27 08:58        220632        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-27 08:58        220632        ----a-w-        c:\users\Andy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"HP Deskjet 3050 J610 series (NET)"="c:\program files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-01-19 285072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-10-25 73832]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2011-03-09 295744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
R4 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 webinstr;webinstr;c:\windows\system32\Drivers\webinstr.sys;c:\windows\SYSNATIVE\Drivers\webinstr.sys [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 libusb0;libusb-win32 - Kernel Driver 01/25/2014 0.0.0.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-10 12:41        1211720        ----a-w-        c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-21 09:34]
.
2014-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10 12:16]
.
2014-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-10 12:16]
.
2014-02-12 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-09-20 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:28        13776        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-12-20 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-05-10 1831528]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.192.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{11111111-1111-1111-1111-110511071178} - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2296709744-1596721445-3321598109-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2296709744-1596721445-3321598109-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
@DACL=(02 0000)
@="SyncingOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-2296709744-1596721445-3321598109-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
@DACL=(02 0000)
@="ErrorOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-2296709744-1596721445-3321598109-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
@DACL=(02 0000)
@="UpToDateOverlayHandler Class"
.
[HKEY_USERS\S-1-5-21-2296709744-1596721445-3321598109-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}]
@DACL=(02 0000)
@="SyncFileInformationProvider Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\AnVir Task Manager\anvir.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-02-12  22:24:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-02-12 21:24
.
Vor Suchlauf: 18 Verzeichnis(se), 310.030.000.128 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 309.913.411.584 Bytes frei
.
- - End Of File - - C1B2D092CFAE066DE98FC28401A05A41

Larusso 13.02.2014 16:57
Hy.

Deinstalliere bitte
Reg Organizer




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


wallhalla23 14.02.2014 01:04
Hallo, so hier jetzt der Online Logfile.

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64a125d60a4a8e499dca7e463787a397
# engine=17063
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-13 11:51:38
# local_time=2014-02-14 12:51:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 16733 11803826 9520 0
# compatibility_mode=5893 16776573 100 94 58896 143965348 0 0
# compatibility_mode=9217 16777214 75 4 8958266 8958266 0 0
# scanned=259507
# found=0
# cleaned=0
# scan_time=13056

Larusso 14.02.2014 13:02
Die Werbungen immer noch da ?

wallhalla23 14.02.2014 13:28
Hallo, ja leider ist diese shit Werbung immer noch da. Ich war schon am überlegen ob ich das System ganz neu aufspiele oder hast du noch eine idee?

Also Kritik hab ich keine da ich dabei ja lerne...ihr macht das ja auch freiwillig und dafür zolle ich höchsten Respekt.
Dann erzähl mal was als nächstes kommt :)

Larusso 14.02.2014 14:42
Ich will mir mal eine andere Logfile ansehen.

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

wallhalla23 14.02.2014 16:09
Code:
OTL logfile created on: 14.02.2014 15:48:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,36 Gb Total Physical Memory | 3,40 Gb Available Physical Memory | 53,43% Memory free
12,71 Gb Paging File | 8,96 Gb Available in Paging File | 70,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,54 Gb Total Space | 290,06 Gb Free Space | 42,75% Space Free | Partition Type: NTFS
Drive D: | 169,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\AnVir Task Manager\anvir.exe (AnVir Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a99f3a56bbedaa90734d2132d00016ec\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\921a4977671bce1f2f553e9adcdb06ee\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (CGVPNCliService) -- C:\Program Files\CyberGhost 5\Service.exe (CyberGhost S.R.L)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Live Updater Service) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (APNMCP) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TwonkyProxy) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe ()
SRV - (TwonkyServer) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe (PacketVideo)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe (NTI Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (webinstr) -- C:\Windows\SysNative\drivers\webinstr.sys (Corsica)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=2.1.10.1: C:\Users\Andy\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
 
 
[2013.10.27 13:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2013.10.27 13:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.de/
CHR - Extension: Google Translate = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Google Docs = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Wetter von wetter.com = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgapkfcninhaogfjjoohaleiclbhjmnp\1.21_0\
CHR - Extension: WOT = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Google-Suche = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Disconnect = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.13.0_0\
CHR - Extension: eBay-Erweiterung f\u00FCr Google Chrome\u2122 = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.2.0_0\
CHR - Extension: Webcam Toy = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\
CHR - Extension: MyPermissions Cleaner = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiikhhbkpmpomjmdofandjmdgapiahi\1.4.0_0\
CHR - Extension: Regen-Alarm = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.10_0\
CHR - Extension: Google Wallet = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Click&Clean App = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.4_0\
CHR - Extension: Click&Clean App = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Google Mail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014.02.12 22:20:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110511071178} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [HP Deskjet 3050 J610 series (NET)] C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49E70AA0-0D51-49B5-BB17-B93E107143FD}: DhcpNameServer = 192.168.192.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AnVirDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.02.08 20:31:08 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.17 02:11:47 | 000,000,131 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.02.14 15:44:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2014.02.14 10:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014.02.14 10:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014.02.14 10:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014.02.13 12:34:20 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Software Informer
[2014.02.13 12:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Informer
[2014.02.13 12:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2014.02.13 12:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftOrbits Photo Retoucher
[2014.02.13 12:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftOrbits Photo Retoucher
[2014.02.13 09:08:47 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.02.13 09:08:06 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.13 09:08:06 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.13 09:08:05 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.13 09:08:05 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.13 09:08:05 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.13 09:08:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.13 09:08:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.13 09:08:03 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.13 09:08:03 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.13 09:08:03 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.13 09:08:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.13 09:08:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.13 09:08:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.13 09:08:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.13 09:08:03 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.13 09:08:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.13 09:08:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.13 09:08:02 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.13 09:08:02 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.13 09:08:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.13 09:08:01 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.13 09:08:01 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.13 09:07:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.12 22:20:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.02.12 22:08:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.02.12 22:08:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.02.12 22:08:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.02.12 22:08:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.02.12 22:08:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.02.12 15:21:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.02.12 15:21:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.02.12 15:20:34 | 006,573,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014.02.12 15:20:34 | 005,693,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014.02.12 15:20:34 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014.02.12 15:20:34 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014.02.11 15:14:50 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\ChemTable Software
[2014.02.11 15:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reg Organizer
[2014.02.11 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ChemTable Software
[2014.02.10 16:32:15 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Logfiles
[2014.02.10 15:32:03 | 000,000,000 | ---D | C] -- C:\FRST
[2014.02.10 13:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014.02.09 11:30:50 | 000,000,000 | ---D | C] -- C:\Users\Andy\Iso
[2014.02.09 10:29:18 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.09 10:26:00 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2014.02.09 09:22:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.02.08 22:29:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2014.02.08 20:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014.02.08 20:30:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014.02.08 12:04:34 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2014.02.08 12:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.02.08 12:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.02.08 12:04:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.02.08 12:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014.02.07 15:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014.02.07 15:07:17 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014.02.07 12:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014.02.05 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shark007
[2014.02.05 17:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Advanced
[2014.02.04 08:37:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014.02.03 21:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Ekahau
[2014.02.03 11:06:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2014.02.02 11:36:23 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Microsoft_Research
[2014.02.02 10:59:00 | 000,000,000 | ---D | C] -- C:\Windows\Symbols
[2014.02.02 10:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOM Platform 6
[2014.02.02 10:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ASCOM
[2014.02.02 10:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ASCOM
[2014.02.02 10:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOM
[2014.02.02 10:58:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BBDFE733-F48B-4E86-B7C1-E6F173F01FCF}
[2014.02.02 10:58:37 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\ASCOM
[2014.02.02 09:49:15 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\WWT Collections
[2014.02.02 09:49:11 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\WWT MIDI Controller Maps
[2014.02.02 09:45:53 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2014.02.02 09:45:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2014.02.02 09:45:51 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2014.02.02 09:45:48 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2014.02.02 09:45:48 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2014.02.02 09:45:47 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2014.02.02 09:45:47 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2014.02.02 09:45:47 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2014.02.02 09:45:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2014.02.02 09:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Research
[2014.01.31 12:55:23 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Wondershare
[2014.01.31 12:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2014.01.31 12:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2014.01.31 12:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare
[2014.01.31 12:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2014.01.29 12:03:51 | 000,055,480 | ---- | C] (Corsica) -- C:\Windows\SysNative\drivers\webinstr.sys
[2014.01.28 10:57:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\UltraVNC
[2014.01.28 10:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2014.01.28 10:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uvnc bvba
[2014.01.26 12:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014.01.26 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014.01.26 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014.01.26 12:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014.01.26 12:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014.01.25 11:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014.01.25 11:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SixaxisPairTool
[2014.01.25 11:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SixaxisPairTool
[2014.01.21 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\MetaGeek,_LLC
[2014.01.21 14:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2014.01.21 14:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MetaGeek
[2014.01.21 14:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2014.01.21 14:21:00 | 000,000,000 | ---D | C] -- C:\Python27
[2014.01.21 14:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3
[2014.01.21 14:18:29 | 000,000,000 | ---D | C] -- C:\Python33
[2014.01.21 13:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014.01.21 13:38:15 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.01.21 13:38:15 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.01.21 13:38:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014.01.21 13:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
[2014.01.21 13:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
[2014.01.21 13:25:53 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Secunia PSI
[2014.01.21 13:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2014.01.18 09:55:16 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\FileZilla
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.02.14 15:44:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2014.02.14 15:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.02.14 15:26:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.14 15:08:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014.02.14 13:26:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.14 12:13:52 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.14 12:13:52 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.14 12:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.14 10:58:59 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014.02.13 17:57:58 | 001,620,796 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.02.13 17:57:58 | 000,699,786 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.02.13 17:57:58 | 000,654,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.02.13 17:57:58 | 000,149,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.02.13 17:57:58 | 000,122,198 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.02.13 12:31:31 | 000,001,079 | ---- | M] () -- C:\Users\Andy\Desktop\SoftOrbits Photo Retoucher.lnk
[2014.02.13 09:10:28 | 001,595,076 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.02.12 22:20:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.02.12 02:30:27 | 000,007,651 | ---- | M] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
[2014.02.11 14:29:07 | 669,878,021 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014.02.10 15:26:22 | 000,000,000 | ---- | M] () -- C:\Users\Andy\defogger_reenable
[2014.02.10 13:41:08 | 000,002,263 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.02.10 11:18:12 | 000,022,964 | ---- | M] () -- C:\Users\Andy\Documents\cc_20140210_111805.reg
[2014.02.10 11:17:49 | 000,038,058 | ---- | M] () -- C:\Users\Andy\Documents\cc_20140210_111744.reg
[2014.02.10 11:15:59 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014.02.08 20:31:08 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014.02.08 12:04:02 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.07 15:07:17 | 000,001,280 | ---- | M] () -- C:\Users\Andy\Desktop\Revo Uninstaller.lnk
[2014.02.06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.05 17:42:26 | 000,010,372 | ---- | M] () -- C:\Users\Andy\Documents\cc_20140205_174220.reg
[2014.02.05 10:34:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.02.05 10:34:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.02.03 21:54:25 | 000,210,490 | ---- | M] () -- C:\Users\Andy\Documents\368-awesome.jpg
[2014.02.03 21:54:02 | 000,253,455 | ---- | M] () -- C:\Users\Andy\Documents\74-awesome.jpg
[2014.02.03 21:53:52 | 000,246,837 | ---- | M] () -- C:\Users\Andy\Documents\366-awesome.jpg
[2014.02.03 21:52:22 | 000,206,014 | ---- | M] () -- C:\Users\Andy\Documents\152-awesome.jpg
[2014.02.03 21:52:03 | 000,221,243 | ---- | M] () -- C:\Users\Andy\Documents\4-awesome.jpg
[2014.02.03 21:51:22 | 000,140,895 | ---- | M] () -- C:\Users\Andy\Documents\104-awesome.jpg
[2014.02.02 11:53:49 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014.02.02 10:59:02 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\ASCOM Diagnostics.lnk
[2014.02.02 10:59:02 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ProfileExplorer.lnk
[2014.01.29 12:03:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf
[2014.01.29 12:03:50 | 000,001,734 | ---- | M] () -- C:\Windows\patsearch.bin
[2014.01.28 15:20:28 | 000,055,480 | ---- | M] (Corsica) -- C:\Windows\SysNative\drivers\webinstr.sys
[2014.01.28 10:54:50 | 000,001,166 | ---- | M] () -- C:\Users\Andy\Desktop\UltraVNC Viewer.lnk
[2014.01.28 10:54:50 | 000,001,149 | ---- | M] () -- C:\Users\Andy\Desktop\UltraVNC Server.lnk
[2014.01.26 12:20:44 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014.01.25 11:06:39 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.01.21 14:56:44 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\inSSIDer Home.lnk
[2014.01.21 13:41:08 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014.01.21 13:34:24 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014.01.18 14:38:38 | 000,000,600 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\winscp.rnd
[2014.01.16 09:17:21 | 000,289,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.02.14 10:08:24 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014.02.13 12:31:31 | 000,001,079 | ---- | C] () -- C:\Users\Andy\Desktop\SoftOrbits Photo Retoucher.lnk
[2014.02.12 22:08:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.02.12 22:08:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.02.12 22:08:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.02.12 22:08:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.02.12 22:08:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.02.12 02:30:27 | 000,007,651 | ---- | C] () -- C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
[2014.02.11 14:29:07 | 669,878,021 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014.02.10 15:26:22 | 000,000,000 | ---- | C] () -- C:\Users\Andy\defogger_reenable
[2014.02.10 13:16:42 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.02.10 13:16:33 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.10 13:16:33 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.10 11:18:07 | 000,022,964 | ---- | C] () -- C:\Users\Andy\Documents\cc_20140210_111805.reg
[2014.02.10 11:17:46 | 000,038,058 | ---- | C] () -- C:\Users\Andy\Documents\cc_20140210_111744.reg
[2014.02.08 20:31:08 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014.02.08 12:04:02 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.07 15:07:17 | 000,001,280 | ---- | C] () -- C:\Users\Andy\Desktop\Revo Uninstaller.lnk
[2014.02.05 17:42:23 | 000,010,372 | ---- | C] () -- C:\Users\Andy\Documents\cc_20140205_174220.reg
[2014.02.03 21:54:25 | 000,210,490 | ---- | C] () -- C:\Users\Andy\Documents\368-awesome.jpg
[2014.02.03 21:54:02 | 000,253,455 | ---- | C] () -- C:\Users\Andy\Documents\74-awesome.jpg
[2014.02.03 21:53:52 | 000,246,837 | ---- | C] () -- C:\Users\Andy\Documents\366-awesome.jpg
[2014.02.03 21:52:21 | 000,206,014 | ---- | C] () -- C:\Users\Andy\Documents\152-awesome.jpg
[2014.02.03 21:52:03 | 000,221,243 | ---- | C] () -- C:\Users\Andy\Documents\4-awesome.jpg
[2014.02.03 21:51:21 | 000,140,895 | ---- | C] () -- C:\Users\Andy\Documents\104-awesome.jpg
[2014.02.02 10:59:02 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\ASCOM Diagnostics.lnk
[2014.02.02 10:59:02 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ProfileExplorer.lnk
[2014.01.29 12:03:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webinstr_01009.Wdf
[2014.01.29 12:03:51 | 000,001,734 | ---- | C] () -- C:\Windows\patsearch.bin
[2014.01.28 10:54:50 | 000,001,166 | ---- | C] () -- C:\Users\Andy\Desktop\UltraVNC Viewer.lnk
[2014.01.28 10:54:50 | 000,001,149 | ---- | C] () -- C:\Users\Andy\Desktop\UltraVNC Server.lnk
[2014.01.26 12:20:44 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014.01.21 14:56:44 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\inSSIDer Home.lnk
[2014.01.21 13:41:08 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014.01.21 13:38:16 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.01.21 13:34:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2014.01.21 13:34:24 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014.01.18 09:54:43 | 000,000,600 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\winscp.rnd
[2013.12.25 12:08:05 | 001,595,076 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.11.28 11:52:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.11.21 16:25:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.11.21 16:24:09 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\installer_x64.exe
[2013.11.21 16:24:09 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\installer_x86.exe
[2013.11.04 11:57:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2013.10.29 18:17:05 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013.10.26 12:21:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.10.26 12:19:03 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Code:
OTL Extras logfile created on: 14.02.2014 15:48:33 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Andy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,36 Gb Total Physical Memory | 3,40 Gb Available Physical Memory | 53,43% Memory free
12,71 Gb Paging File | 8,96 Gb Available in Paging File | 70,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 678,54 Gb Total Space | 290,06 Gb Free Space | 42,75% Space Free | Partition Type: NTFS
Drive D: | 169,35 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00893836-E47D-4D47-92F3-576BECC60BAE}" = lport=139 | protocol=6 | dir=in | app=system |
"{0124D101-14A3-41C8-B39E-308114260548}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07428934-B925-44E4-A391-CFB20BEF6861}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1DFAA758-E3FC-4A3A-AC21-7E91C593CFE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1ED068DE-B044-44B3-9381-BE03AD069580}" = lport=2869 | protocol=6 | dir=in | app=system |
"{272808DA-7ADD-499D-9A24-485D6F230A91}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33CE99EE-DE82-46A9-886A-3A952E065B8E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3CEDF478-80B6-4DD5-AF6B-4475CA802B94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D3E00BC-CC38-4024-BF08-F64AE49EB7E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{45A50C95-50F9-43F0-9C68-27A7F047D75C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48C7C854-8CD0-4DEE-9181-4801FE4D73A6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5174235E-646C-404C-AD53-1A83051F1C41}" = lport=445 | protocol=6 | dir=in | app=system |
"{55975577-B50C-4394-93F4-FAAC7E13BBB0}" = rport=138 | protocol=17 | dir=out | app=system |
"{6F748A12-CD19-4E8D-A1E5-BD739DD72C9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{708B734C-17D1-4E49-B925-8B54437E2A9B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{729911B6-FEEF-4A4E-B387-C1E83EFFEC7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86CFCCA6-1064-4000-9939-378CB2A8C43F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{891E7D46-3902-47BE-93D4-57FA22359D4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{991445AA-ED4F-4C6C-8456-0300AC19D5F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C929CCD3-39DF-4FC0-BC2C-DC953877C658}" = lport=137 | protocol=17 | dir=in | app=system |
"{D870C75B-F90B-48CE-A67F-81068942C984}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD2A575F-DDA2-4FE1-9F76-63DC736F50FC}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4F8D53A-B3F6-4CB7-A833-1AA25C14CD53}" = lport=138 | protocol=17 | dir=in | app=system |
"{EDC8F2DF-1E86-4EB1-BE00-9A9053948022}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF6D7A9B-42EC-4672-A01D-D595385E76E6}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04123A8C-C30D-473C-A72C-EF30AC360E87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0798CDAD-CAF7-451F-8536-C7E2211713D7}" = protocol=17 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe |
"{0DA487D0-AF0F-4701-9F48-04AC76B47B60}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D439F50-FEB9-4E6D-B396-D93D2D0F21F2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2A91B698-D156-4319-9881-F05BC4EF872D}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{2AA43A1A-114A-4BC5-9E8D-ED2450E80AE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B1BA522-62EB-4D51-80CA-6600B77B8CC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4730C186-FD76-4374-BB9E-5E372BC13F5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47B81E1A-EAC5-4457-AD54-203204FE2CFA}" = protocol=17 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\vncviewer.exe |
"{4848237F-7F2B-43ED-8CFC-10E7F76CEBB1}" = protocol=6 | dir=out | app=system |
"{48B6551A-8BC8-4F49-9762-10580C05BB18}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4FF8D50E-36E1-48B1-9473-E6A2826014C8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5D15DCFE-7102-4243-B629-34AB973074B9}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicatorcom.exe |
"{6C3B1FA5-7EB6-4C05-AAEA-C5FE2D15150E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6F1CF5C1-2017-4CA9-934A-F9F019DBA8FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71E95E30-F5BD-4567-BE7B-4FB3C5843086}" = dir=in | app=c:\users\andy\appdata\local\microsoft\skydrive\skydrive.exe |
"{725CDEE9-D0EF-47C9-9D3D-657E425E4977}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72EA340D-E419-49A1-B7C0-B5A75D2D3AB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F34FA24-8354-427A-83B0-91388AA2F9BE}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{88F35BB9-EA74-45AC-AD83-C2A7529C821F}" = dir=in | app=c:\program files (x86)\cyberlink\homemedia\homemedia.exe |
"{8A81E08F-A66D-4B51-8CB2-AF9D3D5AB97C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C5AEE58-20D1-452D-9C0E-6759626F62B0}" = protocol=6 | dir=in | app=c:\users\andy\downloads\tinyumbrella-7.04.00.exe |
"{8CE3E07F-9E51-4497-9AFD-5F1D19204A14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CAEA2D2-6A53-4795-A49A-4B2421EA4E93}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D65C75D-B485-42FF-836C-5C60495BE058}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{A8152052-2135-4450-94C6-BA2162206E8B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B4104056-023F-4F43-939C-046290A850D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6CA7111-3AEE-4F21-BA52-3230C4C97F92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8BCCE57-E33D-4932-AA5B-FB9D6DB3DA0F}" = protocol=6 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\winvnc.exe |
"{CA9FA8AA-9506-4642-A524-EBFF2B2A9DF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD70AA4A-3977-4F67-808F-A02AC129D51D}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{CDE41431-965A-4711-86EF-61917E0A0EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CED5469A-B88E-46CE-9609-DDF16065EFCA}" = protocol=6 | dir=in | app=c:\program files (x86)\uvnc bvba\ultravnc\vncviewer.exe |
"{D3574EAE-6A11-4B4F-B522-DB49E9016BFE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D42B370C-0AE1-465F-BABE-95DCEDE51AF9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D9460844-4565-44BD-B108-FCEE3FC529BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB065251-9CC4-4AE0-B7D8-9A4D10F3D4C1}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{DB7E81F8-81AA-49FA-9257-D7D51EAF03B9}" = dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{DC259851-3FB8-4F99-9DB7-3F87F54E5184}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{DFB0856A-C1A4-46E5-9FBD-FE556168B77C}" = protocol=17 | dir=in | app=c:\users\andy\downloads\tinyumbrella-7.04.00.exe |
"{E44CB94B-E376-4CB6-82F2-05AA306D2371}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{F5013DFE-0B0C-43D7-9E29-834BACED5FA6}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{F6339508-E419-4D4E-82B8-FD72975C2697}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{F7EA5930-5976-479E-BBCF-883EEDE914FE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F8E310EA-255D-4BED-B056-F0147B117E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{74139AB5-0967-44EA-97BD-FD8D08ECAA11}C:\users\andy\downloads\tinyumbrella-7.02.01a.exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\tinyumbrella-7.02.01a.exe |
"TCP Query User{7B5F09F1-7604-493F-BDB1-551BB1FF1557}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"TCP Query User{87AAA673-8231-4993-B6A3-2E3F4CB100D8}C:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=6 | dir=in | app=c:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe |
"TCP Query User{C8C5A959-503D-44E4-AE11-42912B888FFB}C:\users\andy\downloads\tinyumbrella-7.04.00.exe" = protocol=6 | dir=in | app=c:\users\andy\downloads\tinyumbrella-7.04.00.exe |
"UDP Query User{83476296-1D45-4FE8-BE60-30975498988A}C:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe" = protocol=17 | dir=in | app=c:\users\andy\appdata\roaming\acestream\engine\ace_engine.exe |
"UDP Query User{94E12E9A-9CE7-426E-AE88-AA8CC541EBDE}C:\users\andy\downloads\tinyumbrella-7.04.00.exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\tinyumbrella-7.04.00.exe |
"UDP Query User{A1973AD8-7549-491F-9DBF-C5FDB5853C0A}C:\users\andy\downloads\tinyumbrella-7.02.01a.exe" = protocol=17 | dir=in | app=c:\users\andy\downloads\tinyumbrella-7.02.01a.exe |
"UDP Query User{EC3B538E-46A9-4AEB-8362-23538E51BB8C}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{29938C06-6962-4C27-A94C-25E4F424A665}_is1" = FileViewPro
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{30AD92E0-E077-EA9A-2D30-97C5E6644930}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8961E141-B307-4882-ABAD-77A3E76A40C1}" = ASCOM Platform 6 - SP3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}" = Python 2.7.6 (64-bit)
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E7F13A64-2E17-6800-06A9-D898C728A755}" = ATI Catalyst Install Manager
"{e9d90870-ab19-32a8-aa93-f8348ba21d05}" = Python 3.3.3 (64-bit)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF3293DE-FCAC-4742-91BF-AD0174143FC3}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"CCleaner" = CCleaner
"CyberGhost VPN 5_is1" = CyberGhost 5
"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
"HitmanPro37" = HitmanPro 3.7
"Software Informer_is1" = Software Informer 1.2
"VLC media player" = VLC media player 2.1.2
"WinRAR archiver" = WinRAR 5.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01994B47-23FB-7678-E11A-ACB21F6EFA08}" = CCC Help Korean
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"{0215ADBE-2C36-1651-F537-A37749153A65}" = CCC Help Japanese
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{060689B2-F271-4D1B-9E53-97FACB1FD107}" = Windows Live Essentials
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{078F45F3-4A17-47BA-8309-0B287198FFFA}" = Windows Live Essentials
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C22AFC1-F5B5-4FC5-B620-0326D4AE1053}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0CDBAAE4-BD9F-5DB4-BA6A-58373173FD4E}" = PX Profile Update
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DAC2E86-97E8-94F6-5BF0-C08043BFF517}" = CCC Help Turkish
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{119A44B5-6237-4D56-8424-5DAE70ED3F4E}" = Windows Live UX Platform Language Pack
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{18C928E6-31F0-4DD5-BD4D-55FBCF599712}" = Windows Live UX Platform Language Pack
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A68E3D6-7B89-4C9F-AF3E-8ED4FF79FB0C}" = Windows Live UX Platform Language Pack
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.0
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{278FC815-162D-459D-A42F-B3D8120E9725}" = Windows Live UX Platform Language Pack
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28950295-A98C-4081-AC82-045E9879945E}" = Windows Live UX Platform Language Pack
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2BB6EF5D-44A3-5206-BBD5-26ECC066F58F}" = CCC Help English
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{304D04C5-C4C7-DF22-E13B-653E48C841EE}" = CCC Help Finnish
"{30ADC681-8493-4955-B3E9-A08D4DAF316F}" = Windows Live Essentials
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3206854C-84DC-4BB0-9CDF-25BC3826810B}" = Windows Live UX Platform Language Pack
"{3272CD17-7958-452A-8E6E-8C85CFFDBEDF}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C60C40A-934A-4008-B68B-E70F58420AA1}" = Windows Live Essentials
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F3C94C4-C251-4D3B-B810-1C0319B8ACAD}" = Windows Live Temel Parçalar
"{41564952-412D-5637-00A7-A758B70C0A00}" = Avira SearchFree Toolbar
"{41F11B70-481A-76A9-3D4B-2D368F192CF5}" = CCC Help Russian
"{4224D19D-2E7D-4E90-97A4-20C654B28AB8}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45A5BEBD-2CA0-6B5D-70EC-D0DED8B0A473}" = CCC Help Polish
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46804E41-834A-4A0A-BC77-D4A744D78E8C}" = Windows Live Essentials
"{46BC55A2-B4CE-46B5-8303-A2076B899505}" = Windows Live UX Platform Language Pack
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{47824255-3AD0-400A-851A-FCC69553FE66}" = Windows Live Essentials
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4D27EAF3-5029-65C1-F240-48B1335F129B}" = CCC Help French
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E803843-C363-50D6-6CB2-5F11D667602D}" = CCC Help Danish
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{545C7FEC-BC4C-41DA-D6C1-59513E428CBE}" = CCC Help Norwegian
"{54FCE80F-7ED4-4612-29EA-3CBE66313038}" = CCC Help Czech
"{566E862A-6CFD-4CFD-A2BB-69C81A08176E}" = Windows Live UX Platform Language Pack
"{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}" = Catalyst Control Center - Branding
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5ADFC0D3-BED0-4BCA-946A-6B28D71BBEAA}" = Stereoscopic Player
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{602643BD-3C18-4ADE-B4A1-192F93D443EA}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{622A0A32-9711-43D3-A6F1-B0FC78F1A68A}_is1" = MassTube 12.0.0.271 Alpha 6
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6BA68C11-0B63-4192-B880-0B5E3F7949F9}" = Windows Live UX Platform Language Pack
"{6C25E9F7-D3F2-77A7-6C10-C1BD7B6C6280}" = CCC Help Dutch
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709D0207-B1F8-4ADC-BB2F-CDBE2367A475}_is1" = TweakMe!
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games)
"{70E5B14F-90ED-4D3D-A136-7851C9190942}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{763944C0-4CF7-473E-BEF3-9E6C9ACF5AD3}" = Windows Live Essentials
"{765D66D1-A924-4801-BC22-D0D7E0DDDEAF}" = Windows Live UX Platform Language Pack
"{767BF3D9-EC05-40BA-84BA-2B06C6B88FB2}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9122B2-CF90-4ACB-8E10-AA83F725916B}" = Основные компоненты Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82A7E300-CB80-4084-8BB5-423F2D6908B1}" = Windows Live UX Platform Language Pack
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84402369-AD42-8C41-090F-468BC3B1CEBB}" = CCC Help Chinese Traditional
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{89CD148A-64A8-18AA-E2E0-AF784B03D14E}" = CCC Help Hungarian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{9262B08F-E183-4FED-A2BD-23FF1A84EB7A}" = HPDiagnosticCoreDll
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9498AAF7-0D2A-430E-A2B0-8EBF23DB0C05}" = Windows Live Essentials
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9976E0BD-56A6-4A32-8597-B80FCE62063A}" = Windows Live Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9248E-C0E7-F51E-5B0E-F9C00D8663C8}" = Catalyst Control Center Localization All
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}" = inSSIDer Home
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A18681FF-9745-436F-A013-6FC1A7F7EC67}" = Windows Live UX Platform Language Pack
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
"{AA806DB1-E882-4834-8102-B5F256BE9A2F}" = Windows Live Essentials
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AAFDD7EF-1580-E9B2-6723-EBB386DD3253}" = CCC Help Thai
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADEB1E6F-1C01-4EEB-A551-8E3F8CD2F35F}" = Windows Live UX Platform Language Pack
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B22FB9DD-BA6C-CFCF-C31F-C19E611D6B7D}" = CCC Help Spanish
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B524274D-5B48-4DCC-8C1D-3D66A35B3685}" = Windows Live 程式集
"{B5DAF7CF-928B-3A5E-7BF5-8CCE4F5F69A4}" = CCC Help Chinese Standard
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B79EE44A-428E-4983-A366-7CD70545681F}" = Windows Live Essentials
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BDD0222F-D1C2-47DB-ABBE-62EB4F887A56}" = Windows Live UX Platform Language Pack
"{BDDC2D1F-092F-476F-A7D7-819AA5F434DF}" = Windows Live UX Platform Language Pack
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4557453-4DB0-4D45-8CD1-B098026A407D}" = Windows Live UX Platform Language Pack
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0083B85-A6DE-12E3-4AD3-AC4D44854222}" = CCC Help Italian
"{D069BF2F-8648-B4CE-FB72-09B1ABC74288}" = Catalyst Control Center Profiles Mobile
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D265857F-A9CB-C813-7F98-13A210DEF14C}" = Catalyst Control Center
"{D310DD60-9EF2-4C9C-AD66-A58185A1C7CB}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3A7E344-4732-4340-9E90-C3EB372711CD}" = Windows Live UX Platform Language Pack
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57EE916-8D07-12B9-AEE6-95579E3ED100}" = CCC Help Greek
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D7B24A43-A287-41AC-9957-F616A2B25A9D}_is1" = MassFaces 3.6.3.112
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DA3042C3-0112-4BBA-81EE-49A07085E7EC}" = Windows Live UX Platform Language Pack
"{DAA742AD-F959-4BD5-B5EB-E4AB593707FE}" = Windows Live Essentials
"{DAD92257-9160-45F6-B6C4-2DA354DCC5A9}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE7D8CF9-9C52-4BE0-B3E0-D4F116C524A8}" = Windows Live
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEE5D26C-EEE8-4D83-96D3-4F7D595D0FC4}" = Windows Live Essentials
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DFB53C63-3092-9EE6-3628-541479E81347}" = CCC Help Portuguese
"{DFF8BA6D-A415-F77C-2AAC-C1413B5D75E4}" = Catalyst Control Center InstallProxy
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E22F5F97-BEFE-9ACB-8410-9DD3AC2C4D8D}" = CCC Help Swedish
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E6FEFE9A-73C3-457B-ADF0-9865FFC5B3B3}" = Windows Live Essentials
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EC5B21B9-9AC6-4892-9E1B-C98D30AB0395}" = Windows Live UX Platform Language Pack
"{EC5E0CAF-BC28-401C-B8BE-89C496D6D66F}" = Windows Live Essentials
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE4C3B7B-ABFD-4985-9F16-3361031E4475}" = Windows Live Essentials
"{EE999A5F-3D40-4475-BBD3-FB867C93D77F}" = Windows Live Essentials
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{F077FF52-187F-406C-ABC9-222A693D1883}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F3080E90-9674-1627-2654-98437E7B31ED}" = CCC Help German
"{F45E6106-4877-4298-92E7-0948015560C2}" = Windows Liven peruspaketti
"{F4DC3E82-471A-4949-A311-7AE803D203E1}" = Windows Live Essentials
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{FA12037C-B6FA-4825-86BC-D58AA6A9CC24}" = Podstawowe programy Windows Live
"{FA29B84F-8306-4A62-A340-F2C41305E7AF}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF2DE2F0-A25E-4AE6-A2E0-056665520F1C}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"3DBDBuster 4.0 RC" = 3DBDBuster 4.0 RC Installer Version 0.001
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"AnVir Task Manager" = AnVir Task Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DartPro_is1" = DartPro 2.9.0.0
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Packard Bell MyBackup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"ipswDownloader" = ipswDownloader 2.0
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Thunderbird 24.3.0 (x86 de)" = Mozilla Thunderbird 24.3.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"PremElem90" = Adobe Premiere Elements 9
"Revo Uninstaller" = Revo Uninstaller 1.95
"SixaxisPairTool_is1" = SixaxisPairTool 0.2.5
"SoftOrbits Photo Retoucher_is1" = SoftOrbits Photo Retoucher 1.3
"TwonkyServer" = Twonky Server
"Ultravnc2_is1" = UltraVnc
"Veetle TV" = Veetle TV
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0d653228-8c68-483a-b555-4d96f39331c2" = Diner Dash 2 Restaurant Rescue
"WTA-137dd3cf-9c53-409c-bf57-49a2f363acf2" = Mystery P.I. - The London Caper
"WTA-2a206660-dc0b-48b7-8496-c427c3873c1a" = Agatha Christie - 4:50 from Paddington
"WTA-2b2d48bf-cd68-4c7a-85b4-03f8f7fc4995" = Penguins!
"WTA-3c111aff-fbd7-4ddd-8791-24c9ae8e8958" = Torchlight
"WTA-47f5720e-ef49-4ccd-8da7-2625befd0f3a" = Virtual Villagers - The Secret City
"WTA-58822e99-1a55-467a-80d7-d4cafdb54b72" = Crazy Chicken Kart 2
"WTA-607389e4-1972-48e3-827d-16497157680e" = Slingo Deluxe
"WTA-60b0e68b-e64b-4131-be47-65222162347f" = FATE
"WTA-909c1eb1-e701-483f-838a-2e430f2de39a" = Wedding Dash
"WTA-af8cd63f-d090-4d2f-ae91-2a3d5ee88f32" = Zuma Deluxe
"WTA-b710d369-03e1-4c57-a332-b4326ddc135b" = Jewel Quest Solitaire
"WTA-c50239f8-8180-49e3-bb2e-ab50446ac51c" = Polar Bowler
"WTA-cae679f6-45b3-4b4a-ac90-307517f9977e" = John Deere Drive Green
"WTA-dbf4d14e-1b8b-4b38-8b45-8fc60d0f04d9" = Bejeweled 2 Deluxe
"WTA-ee4b8618-49b0-4ca1-9dde-8281696f8f25" = Chuzzle Deluxe
"WTA-f682afe0-0226-4bc4-9223-ee73638e41c4" = Plants vs. Zombies - Game of the Year
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AceStream" = Ace Stream Media 2.1.10.1
"optimizer_chrome" = Widevine Media Optimizer Chrome 6.0.0
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Zero Install (per-user)_is1" = Zero Install (per-user)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2014 20:28:22 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
Error - 13.02.2014 20:28:22 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error - 13.02.2014 20:28:23 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.02.2014 20:28:23 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9002
 
Error - 13.02.2014 20:28:23 | Computer Name = Andy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9002
 
Error - 14.02.2014 05:51:30 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.02.2014 05:54:44 | Computer Name = Andy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Andy\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.02.2014 06:35:36 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.02.2014 07:03:43 | Computer Name = Andy-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Check Point Install Utility" konnte
 nicht heruntergefahren werden.
 
Error - 14.02.2014 07:05:56 | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 13.02.2014 12:56:49 | Computer Name = Andy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.02.2014 12:56:51 | Computer Name = Andy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.02.2014 12:56:52 | Computer Name = Andy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.02.2014 12:56:53 | Computer Name = Andy-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.02.2014 16:07:24 | Computer Name = Andy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?02.?2014 um 20:16:08 unerwartet heruntergefahren.
 
Error - 13.02.2014 18:54:11 | Computer Name = Andy-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 13.02.2014 19:51:30 | Computer Name = Andy-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 14.02.2014 05:50:37 | Computer Name = Andy-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?02.?2014 um 10:10:56 unerwartet heruntergefahren.
 
Error - 14.02.2014 08:16:02 | Computer Name = Andy-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 14.02.2014 10:58:33 | Computer Name = Andy-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
 
< End of report >

Larusso 14.02.2014 21:04
ich finde da nichts :wtf:

Downloade dir bitte einmal Avast Browser Cleaner und führe es wie beschrieben aus.

:/

wallhalla23 14.02.2014 21:16
Hatte den schon am 11.02. ausgeführt und zeigt mir an das alles sauber ist.
Schwieriger Fall...:(

Larusso 14.02.2014 21:17
Ich frag mal meine Kollegen. Eventuell übersehe ich was :)

Larusso 14.02.2014 22:04
Kurze Zwischenfrage.

Hast du ein Google Konto ?

wallhalla23 14.02.2014 22:11
Ja hab ich

Larusso 15.02.2014 10:06
Hy.

Das Problem ist bei Chrome, dass der sich automatisch mit Google synchronisiert. Bedeutet also, wenn wir ihn neu installieren dann kann es sein, dass die Malware,welche ich nicht finde, wieder von deinem Google Konto "mitinstalliert" wird.

Ich würde dich vorerst mal bitten, die automatische Synchronisierung auszuschalten
https://support.google.com/chromeboo.../1281195?hl=de

Danach einmal Chrome zu deinstallieren und neu installieren. :)

wallhalla23 15.02.2014 11:00
Wenn ich das richtig verstanden habe dann muss ich Chrome einfach deinstallieren dann neu installieren aber nicht anmelden...ist das richtig so? Denn ich finde nichts wo ich die automatische Syncronisation ausstellen kann.
Mal kurz angemerkt: Ich habe seit heute morgen keine Ads im Browser bemerkt aber das hatte ich schonmal. Eine Zeitlang geht es gut und dann 1-2 Std später ist wieder alles voll gewesen.

Wie gesagt Schwieriger Fall :(

Larusso 15.02.2014 11:38
Ja, versuchen wir es einfach mal mit dem simplen Weg.

Das auch der Grund, warum ich mich mit Chrome einfach nicht anfreunden kann.

wallhalla23 15.02.2014 12:06
Ich hatte eigentlich nie schwierigkeiten mit Chrome und benutze ihn schon von Anfang an.

Ich habe es jetzt doch etwas anders gemacht und zwar hab ich auf Erweiterte Synchronisationseinstellungen dann oben auf Auswahl Synchroniesieren geklickt. Habe alle haken entfernt außer Passwörter. Dann auf OK...die Meldung "wird vom Googlekonto gelöscht habe ich bestätigt.
Als nächstes Chrome deinstalliert und wieder neuinstalliert mit Anmeldung. Bis jetzt keine Ads zusehen...Ich denke das ich erstmal abwarten muß oder was meinst du dazu?

Larusso 15.02.2014 13:17
Cool :)

Beachte das mal bis morgen oder so und melde dich dann wieder wie es aussieht.

wallhalla23 16.02.2014 10:47
Ja klar das mache ich...schon einmal ein riesen Danke schön auch wenn es erst ein "vielleicht fertig" ist.:abklatsch:

So da bin ich wieder...also gestern hatte ich keine Ads und heute fing es vor einer halben std wieder an :( das soll mal einer verstehen aber dafür haben wir ja euch (Y)

Larusso 16.02.2014 11:08
Ich muss jetzt fragen.

Sonst noch irgendeine gecrackte Software installiert ?
Ich sehe bei dir einen Haufen Software, auf die man getrost verzichten kann.

wallhalla23 16.02.2014 11:31
Also nein ich habe keine weitere gecrackte Software drauf...nicht das ich wüßte...man ist ja immer Jäger und Sammler auch wenn man weiß das es im eigentlichen Sinne verkehrt ist...gehe öfters auch mal durch um überflüssiges zu entfernen aber meist ist das nicht viel.

Larusso 16.02.2014 11:40
Ich bin zwar nicht beim Sperrmüll ( heißt das in Deutschland so ? :D ) aber gut.

Deinstalliere bitte

FileViewPro
CCleaner
Software Informer 1.2
MassTube 12.0.0.271 Alpha 6
TweakMe!
JDownloader 0.9
AnVir Task Manager
ipswDownloader 2.0
Veetle TV
Zero Install


Starte danach den Rechner mal neu.

wallhalla23 16.02.2014 12:11
Habe den Sperrmüll rausgeschleppt ;) Puuuh...alles deinstalliert :) Rchner neu gestartet und im Browser leider immer noch Ads aber wenigstens schonmal einiges entrümpelt hehehe

Larusso 16.02.2014 12:13
Kommen die ADS nur in Chrome oder auch im IE vor ?

wallhalla23 16.02.2014 12:22
Hmmm auf den ersten Blick habe ich im IE keine Ads entdecken können...sollte ich vllt doch den Standard Browser wechseln? Naja wenn würde ich jetzt auf den Firefox wieder zurückgreifen..

Zufrüh gefreut...jetzt doch auch auf dem IE ADS...:(

Larusso 16.02.2014 13:01
Poste mir bitte einmal ein frisches FRST Logfile :)

wallhalla23 16.02.2014 13:15
Bitte schön :)


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by Andy (administrator) on ANDY-PC on 16-02-2014 13:09:45
Running from C:\Users\Andy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_44_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AllShareAgent] - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295744 2011-03-09] (NTI Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2296709744-1596721445-3321598109-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2296709744-1596721445-3321598109-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2296709744-1596721445-3321598109-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] - C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-10]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-10]
CHR Extension: (WOT) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-10]
CHR Extension: (Adblock Plus) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-16]
CHR Extension: (Google-Suche) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-10]
CHR Extension: (Vollbild-Flash) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejijbmhbanhbllpkhfojmimfolkjgdl [2014-02-15]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-10]
CHR Extension: (Google Mail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-10]
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Users\Andy\AppData\Roaming\ACEStream\extensions\chrome_new\magicplayer.crx [2013-11-07]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
S4 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63600 2013-12-17] (CyberGhost S.R.L)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
S4 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
S4 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [885576 2013-05-23] ()
S3 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [586568 2013-05-23] (PacketVideo)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2013-11-21] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
R2 webinstr; C:\Windows\system32\Drivers\webinstr.sys [55480 2014-01-28] (Corsica)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 13:09 - 2014-02-16 13:09 - 00012673 _____ () C:\Users\Andy\Desktop\FRST.txt
2014-02-16 13:09 - 2014-02-16 13:09 - 00000000 ____D () C:\Users\Andy\Desktop\FRST-OlderVersion
2014-02-16 11:49 - 2014-02-16 11:49 - 00000000 ____D () C:\ProgramData\0install.net
2014-02-16 08:12 - 2014-02-16 08:12 - 00001978 _____ () C:\Users\Public\Desktop\Deeper Dungeons.lnk
2014-02-16 08:12 - 2014-02-16 08:12 - 00001968 _____ () C:\Users\Public\Desktop\Dungeon Keeper Gold.lnk
2014-02-16 08:11 - 2014-02-16 08:11 - 00000000 ____D () C:\GOG Games
2014-02-15 17:52 - 2014-02-15 17:52 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-02-15 17:52 - 2014-02-15 17:52 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\chc
2014-02-15 10:47 - 2014-02-15 10:47 - 00002263 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-15 10:46 - 2014-02-16 12:57 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-15 10:46 - 2014-02-16 12:03 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-15 10:46 - 2014-02-15 10:52 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 10:46 - 2014-02-15 10:52 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 00:17 - 2014-02-15 00:18 - 258148408 _____ (GOG.com ) C:\Users\Andy\Downloads\setup_dungeon_keeper_gold_2.0.0.4.exe
2014-02-15 00:17 - 2014-02-15 00:17 - 03063402 _____ () C:\Users\Andy\Downloads\dk1_wallpaper.zip
2014-02-15 00:17 - 2014-02-15 00:17 - 01350643 _____ () C:\Users\Andy\Downloads\dungeon_keeper_manual.zip
2014-02-15 00:17 - 2014-02-15 00:17 - 00026618 _____ () C:\Users\Andy\Downloads\dk1_avatar.zip
2014-02-14 21:09 - 2014-02-14 21:09 - 02800104 _____ (AVAST Software) C:\Users\Andy\Downloads\avast-browser-cleanup.exe
2014-02-14 15:44 - 2014-02-14 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\Andy\Desktop\OTL.exe
2014-02-14 10:08 - 2014-02-14 10:58 - 00001881 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-14 10:08 - 2014-02-14 10:08 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-14 10:06 - 2014-02-14 11:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 10:05 - 2014-02-14 10:05 - 10820032 _____ (SurfRight B.V.) C:\Users\Andy\Downloads\HitmanPro_x64.exe
2014-02-13 17:58 - 2014-02-13 17:58 - 02347384 _____ (ESET) C:\Users\Andy\Downloads\esetsmartinstaller_enu.exe
2014-02-13 12:34 - 2014-02-16 12:00 - 00000000 ____D () C:\Program Files\Software Informer
2014-02-13 12:31 - 2014-02-13 12:31 - 00001079 _____ () C:\Users\Andy\Desktop\SoftOrbits Photo Retoucher.lnk
2014-02-13 12:31 - 2014-02-13 12:31 - 00000000 ____D () C:\Program Files (x86)\SoftOrbits Photo Retoucher
2014-02-13 12:30 - 2014-02-13 12:30 - 00000000 ____D () C:\Users\Andy\Downloads\Photoretoucher
2014-02-13 12:28 - 2014-02-13 12:29 - 21535125 _____ () C:\Users\Andy\Downloads\PhotoRetoucher14.zip
2014-02-13 09:43 - 2014-02-13 09:43 - 00935514 _____ () C:\Users\Andy\Downloads\com.hackyouriphone.linkstore_1.0.1_iphoneos-arm.deb
2014-02-13 09:08 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 09:08 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 09:08 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 09:08 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 09:08 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 09:08 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 09:08 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 09:08 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 09:08 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 09:08 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 09:08 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 09:08 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 09:08 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 09:08 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 09:08 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 09:08 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 09:08 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 09:08 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 09:08 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 09:08 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 09:08 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 09:08 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 09:08 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 09:08 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 09:08 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 09:08 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 09:08 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 09:08 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 09:08 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 09:08 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 09:08 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 09:08 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 09:08 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 09:08 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 09:08 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 09:08 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 09:08 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 09:08 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 09:07 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 09:07 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 09:07 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 22:24 - 2014-02-12 22:24 - 00037955 _____ () C:\ComboFix.txt
2014-02-12 22:08 - 2014-02-12 22:24 - 00000000 ____D () C:\Qoobox
2014-02-12 22:08 - 2014-02-12 22:23 - 00000000 ____D () C:\Windows\erdnt
2014-02-12 22:08 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-12 22:08 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-12 22:08 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-12 22:08 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-12 22:08 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-12 22:08 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-12 22:08 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-12 22:08 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-12 15:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 15:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 15:21 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 15:21 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 15:21 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 15:21 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 15:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 15:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 15:20 - 2013-11-27 00:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-12 15:20 - 2013-11-26 23:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-12 15:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 15:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 02:30 - 2014-02-12 02:30 - 00007651 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2014-02-11 15:52 - 2014-02-11 15:52 - 00049454 _____ () C:\Users\Andy\Downloads\AnVir_Prozesse [88].htm
2014-02-11 15:14 - 2014-02-16 10:29 - 00000000 ____D () C:\Program Files (x86)\Reg Organizer
2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\ChemTable Software
2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Users\Andy\AppData\Local\ChemTable Software
2014-02-11 14:29 - 2014-02-11 14:29 - 669878021 _____ () C:\Windows\MEMORY.DMP
2014-02-11 14:29 - 2014-02-11 14:29 - 00262144 _____ () C:\Windows\Minidump\021114-35287-01.dmp
2014-02-11 00:45 - 2014-02-11 00:45 - 02800104 _____ (AVAST Software) C:\Users\Andy\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-10 20:33 - 2014-02-10 20:33 - 00060664 _____ () C:\Users\Andy\Downloads\FRST (1).txt
2014-02-10 20:01 - 2014-02-10 20:02 - 00060664 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-02-10 20:00 - 2014-02-10 20:00 - 00000000 ____D () C:\Users\Andy\Downloads\FRST-OlderVersion
2014-02-10 15:57 - 2014-02-10 15:57 - 00380416 _____ () C:\Users\Andy\Downloads\Gmer-19357.exe
2014-02-10 15:32 - 2014-02-16 13:09 - 00000000 ____D () C:\FRST
2014-02-10 15:28 - 2014-02-16 13:09 - 02152960 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2014-02-10 15:26 - 2014-02-10 15:26 - 00000000 _____ () C:\Users\Andy\defogger_reenable
2014-02-10 15:24 - 2014-02-10 15:24 - 00050477 _____ () C:\Users\Andy\Downloads\Defogger.exe
2014-02-10 14:41 - 2014-02-16 12:03 - 00000784 _____ () C:\Windows\setupact.log
2014-02-10 14:41 - 2014-02-10 14:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-10 14:40 - 2014-02-16 12:03 - 00013536 _____ () C:\Windows\PFRO.log
2014-02-10 13:40 - 2014-02-10 13:40 - 00847336 _____ (Google Inc.) C:\Users\Andy\Downloads\ChromeSetup (2).exe
2014-02-10 11:18 - 2014-02-10 11:18 - 00022964 _____ () C:\Users\Andy\Documents\cc_20140210_111805.reg
2014-02-10 11:17 - 2014-02-10 11:17 - 00038058 _____ () C:\Users\Andy\Documents\cc_20140210_111744.reg
2014-02-10 11:15 - 2014-02-10 11:15 - 04721920 _____ (Piriform Ltd) C:\Users\Andy\Downloads\ccsetup410.exe
2014-02-10 11:15 - 2014-02-10 11:15 - 04721920 _____ (Piriform Ltd) C:\Users\Andy\Downloads\ccsetup410 (1).exe
2014-02-09 11:30 - 2014-02-09 11:31 - 00000000 ____D () C:\Users\Andy\Iso
2014-02-09 10:29 - 2014-02-10 14:39 - 00000000 ____D () C:\AdwCleaner
2014-02-09 10:28 - 2014-02-09 10:28 - 00614792 _____ (Chip Digital GmbH) C:\Users\Andy\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-02-09 10:26 - 2010-11-21 04:25 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-02-09 09:22 - 2014-02-09 09:22 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 09:21 - 2014-02-09 09:21 - 01037530 _____ (Thisisu) C:\Users\Andy\Downloads\JRT_6.1.1.exe
2014-02-08 22:29 - 2014-02-12 02:32 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-02-08 22:29 - 2014-02-11 20:26 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-02-08 22:14 - 2014-02-08 22:15 - 01977432 _____ () C:\Users\Andy\Downloads\winrar-x64-501.exe
2014-02-08 21:51 - 2014-02-08 21:52 - 00000752 _____ () C:\Users\Andy\Downloads\78cb0e0ec726e73656d63cca5baa53a2.dlc
2014-02-08 20:31 - 2014-02-08 20:31 - 00000000 _____ () C:\autoexec.bat
2014-02-08 20:30 - 2014-02-12 02:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-08 20:30 - 2014-02-08 22:29 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-08 12:04 - 2014-02-08 12:04 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 12:04 - 2014-02-08 12:04 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-02-08 12:04 - 2014-02-08 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 12:04 - 2014-02-08 12:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-08 12:02 - 2014-02-08 12:02 - 00614792 _____ (Chip Digital GmbH) C:\Users\Andy\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-08 10:00 - 2012-06-06 07:06 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-02-08 10:00 - 2012-06-06 06:05 - 01390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-02-08 09:41 - 2014-02-08 09:41 - 00449749 _____ () C:\Users\Andy\Downloads\Windows6.0-KB2864202-x86.msu
2014-02-08 09:40 - 2014-02-08 09:40 - 00633925 _____ () C:\Users\Andy\Downloads\Windows6.0-KB2849470-x86.msu
2014-02-08 09:39 - 2014-02-08 09:39 - 00937139 _____ () C:\Users\Andy\Downloads\Windows8-RT-KB2757638-x86.msu
2014-02-08 09:05 - 2014-02-08 09:05 - 00347816 _____ (Microsoft Corporation) C:\Users\Andy\Downloads\MicrosoftFixit.wu.RNP.37315273832125890.2.1.Run.exe
2014-02-08 09:01 - 2014-02-08 09:01 - 00985600 _____ () C:\Users\Andy\Downloads\MicrosoftFixit50123 (3).msi
2014-02-08 09:01 - 2014-02-08 09:01 - 00985600 _____ () C:\Users\Andy\Downloads\MicrosoftFixit50123 (2).msi
2014-02-08 09:01 - 2014-02-08 09:01 - 00985600 _____ () C:\Users\Andy\Downloads\MicrosoftFixit50123 (1).msi
2014-02-07 15:07 - 2014-02-07 15:07 - 00001280 _____ () C:\Users\Andy\Desktop\Revo Uninstaller.lnk
2014-02-07 15:07 - 2014-02-07 15:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-07 15:06 - 2014-02-07 15:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andy\Downloads\revosetup.exe
2014-02-07 15:06 - 2014-02-07 15:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andy\Downloads\revosetup (1).exe
2014-02-07 15:00 - 2014-02-07 15:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-02-07 12:25 - 2014-02-08 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 17:42 - 2014-02-05 17:42 - 00010372 _____ () C:\Users\Andy\Documents\cc_20140205_174220.reg
2014-02-05 17:31 - 2014-02-05 17:31 - 00000000 ____D () C:\Program Files (x86)\Shark007
2014-02-05 17:27 - 2014-02-09 10:27 - 00000000 ____D () C:\ProgramData\Advanced
2014-02-05 17:26 - 2014-02-05 17:26 - 29978800 _____ () C:\Users\Andy\Downloads\32bit_Advanced_v447.exe
2014-02-03 21:30 - 2014-02-04 01:03 - 00000000 ____D () C:\Program Files\Ekahau
2014-02-03 21:27 - 2014-02-03 21:27 - 00924988 _____ () C:\Users\Andy\Downloads\kismet_8441.gz
2014-02-03 16:58 - 2014-02-03 16:58 - 01286686 _____ () C:\Users\Andy\Downloads\UISounds.rar
2014-02-03 11:06 - 2014-02-03 11:06 - 00000000 ____D () C:\Windows\CheckSur
2014-02-03 11:03 - 2014-02-03 11:05 - 457019995 _____ () C:\Users\Andy\Downloads\Windows6.1-KB947821-v31-x64.msu
2014-02-02 11:36 - 2014-02-02 11:36 - 00000000 ____D () C:\Users\Andy\AppData\Local\Microsoft_Research
2014-02-02 10:59 - 2014-02-02 10:59 - 00001278 _____ () C:\Users\Public\Desktop\ASCOM Diagnostics.lnk
2014-02-02 10:59 - 2014-02-02 10:59 - 00001116 _____ () C:\Users\Public\Desktop\ProfileExplorer.lnk
2014-02-02 10:59 - 2014-02-02 10:59 - 00000000 ____D () C:\Windows\Symbols
2014-02-02 10:59 - 2014-02-02 10:59 - 00000000 ____D () C:\Program Files\Common Files\ASCOM
2014-02-02 10:59 - 2014-02-02 10:59 - 00000000 ____D () C:\Program Files (x86)\ASCOM
2014-02-02 10:58 - 2014-02-04 01:02 - 00000000 __HDC () C:\ProgramData\{BBDFE733-F48B-4E86-B7C1-E6F173F01FCF}
2014-02-02 10:58 - 2014-02-02 10:58 - 24829830 _____ (ASCOM Initiative ) C:\Users\Andy\Downloads\ASCOMPlatform6SP3.exe
2014-02-02 10:58 - 2014-02-02 10:58 - 00000000 ____D () C:\Users\Andy\Documents\ASCOM
2014-02-02 09:49 - 2014-02-02 09:49 - 00000000 ____D () C:\Users\Andy\Documents\WWT MIDI Controller Maps
2014-02-02 09:49 - 2014-02-02 09:49 - 00000000 ____D () C:\Users\Andy\Documents\WWT Collections
2014-02-02 09:45 - 2014-02-02 09:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Research
2014-02-02 09:45 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-02 09:45 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-02 09:45 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-02-02 09:45 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-02-02 09:45 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-02 09:45 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-02-02 09:45 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-02-02 09:45 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-02-02 09:45 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-02-02 09:42 - 2014-02-02 09:43 - 80880128 _____ () C:\Users\Andy\Downloads\wwtsetup.5.0.3.msi
2014-02-01 13:48 - 2014-02-01 13:48 - 00005398 _____ () C:\Users\Andy\Downloads\Main.zip
2014-02-01 13:48 - 2014-02-01 13:48 - 00005398 _____ () C:\Users\Andy\Downloads\Main (1).zip
2014-02-01 13:05 - 2014-02-01 13:08 - 168481318 _____ () C:\Users\Andy\Downloads\uniaw_ios7_cydget.rar
2014-01-31 12:55 - 2014-02-09 10:54 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-01-31 12:55 - 2014-01-31 12:55 - 00000000 ____D () C:\Users\Andy\AppData\Local\Wondershare
2014-01-31 12:55 - 2014-01-31 12:55 - 00000000 ____D () C:\ProgramData\Wondershare
2014-01-31 11:21 - 2014-01-31 11:21 - 27375656 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Andy\Downloads\ios-recovery (2).exe
2014-01-31 11:19 - 2014-01-31 11:20 - 27375520 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Andy\Downloads\ios-recovery (1).exe
2014-01-31 11:18 - 2014-01-31 11:19 - 29010304 _____ (Wondershare ) C:\Users\Andy\Downloads\mobile-transfer.exe
2014-01-31 11:18 - 2014-01-31 11:18 - 27375520 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Andy\Downloads\ios-recovery.exe
2014-01-31 11:18 - 2014-01-31 11:18 - 22655552 _____ (Wondershare ) C:\Users\Andy\Downloads\ios-manager.exe
2014-01-30 12:00 - 2014-01-30 12:04 - 10911944 _____ () C:\Users\Andy\Downloads\BeatsMusic-v321 (1).ipa
2014-01-29 12:03 - 2014-01-29 12:03 - 00001734 _____ () C:\Windows\patsearch.bin
2014-01-29 12:03 - 2014-01-29 12:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-01-29 12:03 - 2014-01-28 15:20 - 00055480 _____ (Corsica) C:\Windows\system32\Drivers\webinstr.sys
2014-01-28 10:57 - 2014-01-28 10:57 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\UltraVNC
2014-01-28 10:54 - 2014-01-28 10:54 - 00001166 _____ () C:\Users\Andy\Desktop\UltraVNC Viewer.lnk
2014-01-28 10:54 - 2014-01-28 10:54 - 00001149 _____ () C:\Users\Andy\Desktop\UltraVNC Server.lnk
2014-01-28 10:54 - 2014-01-28 10:54 - 00000000 ____D () C:\Program Files (x86)\uvnc bvba
2014-01-26 12:20 - 2014-01-26 12:20 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 10:51 - 2014-01-26 10:51 - 00145859 _____ () C:\Users\Andy\Downloads\hosts.rar
2014-01-25 11:00 - 2014-01-28 14:14 - 00000000 ____D () C:\Program Files (x86)\SixaxisPairTool
2014-01-25 11:00 - 2014-01-25 11:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-25 10:55 - 2014-01-25 10:55 - 13591657 _____ (Dancing Pixel Studios ) C:\Users\Andy\Downloads\SixaxisPairToolSetup-0.2.5.exe
2014-01-22 17:46 - 2014-01-22 17:46 - 00800127 _____ () C:\Users\Andy\Downloads\bAdaccell.zip
2014-01-22 17:46 - 2014-01-22 17:46 - 00594482 _____ () C:\Users\Andy\Downloads\LSClock.zip
2014-01-22 17:46 - 2014-01-22 17:46 - 00001477 _____ () C:\Users\Andy\Downloads\BlurredLS.zip
2014-01-22 14:41 - 2014-01-22 14:41 - 02278856 _____ () C:\Users\Andy\Downloads\avira_pc_cleaner_de.exe
2014-01-21 17:49 - 2014-01-21 17:50 - 16674816 _____ () C:\Users\Andy\Downloads\python-2.7.6.amd64 (1).msi
2014-01-21 17:46 - 2014-01-21 17:48 - 17458242 _____ () C:\Users\Andy\Downloads\python-2.7.6.amd64-pdb.zip
2014-01-21 14:57 - 2014-01-21 14:57 - 00000000 ____D () C:\Users\Andy\AppData\Local\MetaGeek,_LLC
2014-01-21 14:56 - 2014-01-21 14:56 - 04767744 _____ () C:\Users\Andy\Downloads\inSSIDer31-installer.msi
2014-01-21 14:56 - 2014-01-21 14:56 - 00002489 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-01-21 14:56 - 2014-01-21 14:56 - 00000000 ____D () C:\Program Files (x86)\MetaGeek
2014-01-21 14:21 - 2014-01-21 14:21 - 00000000 ____D () C:\Python27
2014-01-21 14:18 - 2014-01-21 14:18 - 00000000 ____D () C:\Python33
2014-01-21 13:41 - 2014-02-16 13:08 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-01-21 13:41 - 2014-02-10 19:50 - 00003342 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-01-21 13:40 - 2014-01-21 13:41 - 00000000 ____D () C:\ProgramData\Visan
2014-01-21 13:38 - 2014-02-16 12:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 13:38 - 2014-02-15 18:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-21 13:38 - 2014-02-15 18:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-21 13:38 - 2014-02-15 18:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-21 13:38 - 2014-01-21 13:38 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-21 13:35 - 2014-01-21 13:35 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2014-01-21 13:34 - 2014-01-21 13:34 - 00002031 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-21 13:33 - 2014-01-21 13:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2014-01-21 13:33 - 2014-01-21 13:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2014-01-21 13:25 - 2014-01-21 13:25 - 00000000 ____D () C:\Users\Andy\AppData\Local\Secunia PSI
2014-01-21 13:25 - 2014-01-21 13:25 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-01-18 09:55 - 2014-01-18 10:16 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\FileZilla
2014-01-18 09:54 - 2014-01-18 14:38 - 00000600 _____ () C:\Users\Andy\AppData\Roaming\winscp.rnd

==================== One Month Modified Files and Folders =======

2014-02-16 13:10 - 2014-02-16 13:09 - 00012673 _____ () C:\Users\Andy\Desktop\FRST.txt
2014-02-16 13:09 - 2014-02-16 13:09 - 00000000 ____D () C:\Users\Andy\Desktop\FRST-OlderVersion
2014-02-16 13:09 - 2014-02-10 15:32 - 00000000 ____D () C:\FRST
2014-02-16 13:09 - 2014-02-10 15:28 - 02152960 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2014-02-16 13:08 - 2014-01-21 13:41 - 00000336 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-16 12:57 - 2014-02-15 10:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 12:51 - 2013-10-31 08:17 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BEF03C6-9BEE-4AAD-9BEE-7F4F020EC8F1}
2014-02-16 12:34 - 2014-01-21 13:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-16 12:11 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 12:11 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 12:03 - 2014-02-15 10:46 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-16 12:03 - 2014-02-10 14:41 - 00000784 _____ () C:\Windows\setupact.log
2014-02-16 12:03 - 2014-02-10 14:40 - 00013536 _____ () C:\Windows\PFRO.log
2014-02-16 12:03 - 2013-10-26 12:18 - 01573345 _____ () C:\Windows\WindowsUpdate.log
2014-02-16 12:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-16 12:02 - 2013-10-27 17:29 - 00000000 ____D () C:\Program Files\FileViewPro
2014-02-16 12:00 - 2014-02-13 12:34 - 00000000 ____D () C:\Program Files\Software Informer
2014-02-16 11:57 - 2011-06-03 05:26 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-02-16 11:57 - 2011-06-03 04:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-16 11:49 - 2014-02-16 11:49 - 00000000 ____D () C:\ProgramData\0install.net
2014-02-16 10:29 - 2014-02-11 15:14 - 00000000 ____D () C:\Program Files (x86)\Reg Organizer
2014-02-16 08:24 - 2013-10-27 10:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 08:22 - 2013-10-27 10:52 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 08:12 - 2014-02-16 08:12 - 00001978 _____ () C:\Users\Public\Desktop\Deeper Dungeons.lnk
2014-02-16 08:12 - 2014-02-16 08:12 - 00001968 _____ () C:\Users\Public\Desktop\Dungeon Keeper Gold.lnk
2014-02-16 08:11 - 2014-02-16 08:11 - 00000000 ____D () C:\GOG Games
2014-02-16 07:22 - 2013-10-26 22:10 - 00699786 _____ () C:\Windows\system32\perfh007.dat
2014-02-16 07:22 - 2013-10-26 22:10 - 00149636 _____ () C:\Windows\system32\perfc007.dat
2014-02-16 07:22 - 2009-07-14 06:13 - 01620796 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-15 19:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 18:06 - 2014-01-21 13:38 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-15 18:06 - 2014-01-21 13:38 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-15 18:06 - 2014-01-21 13:38 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-15 18:06 - 2013-10-26 13:20 - 00000000 ____D () C:\Users\Andy\AppData\Local\Adobe
2014-02-15 17:52 - 2014-02-15 17:52 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-02-15 17:52 - 2014-02-15 17:52 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\chc
2014-02-15 17:52 - 2013-10-26 14:04 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Adobe
2014-02-15 10:52 - 2014-02-15 10:46 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 10:52 - 2014-02-15 10:46 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 10:47 - 2014-02-15 10:47 - 00002263 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-15 10:47 - 2013-10-26 14:07 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-15 00:18 - 2014-02-15 00:17 - 258148408 _____ (GOG.com ) C:\Users\Andy\Downloads\setup_dungeon_keeper_gold_2.0.0.4.exe
2014-02-15 00:17 - 2014-02-15 00:17 - 03063402 _____ () C:\Users\Andy\Downloads\dk1_wallpaper.zip
2014-02-15 00:17 - 2014-02-15 00:17 - 01350643 _____ () C:\Users\Andy\Downloads\dungeon_keeper_manual.zip
2014-02-15 00:17 - 2014-02-15 00:17 - 00026618 _____ () C:\Users\Andy\Downloads\dk1_avatar.zip
2014-02-14 21:09 - 2014-02-14 21:09 - 02800104 _____ (AVAST Software) C:\Users\Andy\Downloads\avast-browser-cleanup.exe
2014-02-14 15:44 - 2014-02-14 15:44 - 00602112 _____ (OldTimer Tools) C:\Users\Andy\Desktop\OTL.exe
2014-02-14 11:21 - 2014-02-14 10:06 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 10:58 - 2014-02-14 10:08 - 00001881 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-02-14 10:08 - 2014-02-14 10:08 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-14 10:05 - 2014-02-14 10:05 - 10820032 _____ (SurfRight B.V.) C:\Users\Andy\Downloads\HitmanPro_x64.exe
2014-02-13 17:58 - 2014-02-13 17:58 - 02347384 _____ (ESET) C:\Users\Andy\Downloads\esetsmartinstaller_enu.exe
2014-02-13 12:31 - 2014-02-13 12:31 - 00001079 _____ () C:\Users\Andy\Desktop\SoftOrbits Photo Retoucher.lnk
2014-02-13 12:31 - 2014-02-13 12:31 - 00000000 ____D () C:\Program Files (x86)\SoftOrbits Photo Retoucher
2014-02-13 12:30 - 2014-02-13 12:30 - 00000000 ____D () C:\Users\Andy\Downloads\Photoretoucher
2014-02-13 12:29 - 2014-02-13 12:28 - 21535125 _____ () C:\Users\Andy\Downloads\PhotoRetoucher14.zip
2014-02-13 09:43 - 2014-02-13 09:43 - 00935514 _____ () C:\Users\Andy\Downloads\com.hackyouriphone.linkstore_1.0.1_iphoneos-arm.deb
2014-02-13 09:10 - 2013-12-25 12:08 - 01595076 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 22:24 - 2014-02-12 22:24 - 00037955 _____ () C:\ComboFix.txt
2014-02-12 22:24 - 2014-02-12 22:08 - 00000000 ____D () C:\Qoobox
2014-02-12 22:24 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-12 22:23 - 2014-02-12 22:08 - 00000000 ____D () C:\Windows\erdnt
2014-02-12 22:20 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-12 22:16 - 2009-07-14 03:34 - 66584576 _____ () C:\Windows\system32\config\software.bak
2014-02-12 22:16 - 2009-07-14 03:34 - 18087936 _____ () C:\Windows\system32\config\system.bak
2014-02-12 22:16 - 2009-07-14 03:34 - 00786432 _____ () C:\Windows\system32\config\default.bak
2014-02-12 22:16 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\security.bak
2014-02-12 22:16 - 2009-07-14 03:34 - 00024576 _____ () C:\Windows\system32\config\sam.bak
2014-02-12 22:15 - 2013-10-26 13:20 - 00000000 ___RD () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-12 02:32 - 2014-02-08 22:29 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2014-02-12 02:32 - 2014-02-08 20:30 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-12 02:30 - 2014-02-12 02:30 - 00007651 _____ () C:\Users\Andy\AppData\Local\Resmon.ResmonCfg
2014-02-11 20:26 - 2014-02-08 22:29 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-02-11 15:52 - 2014-02-11 15:52 - 00049454 _____ () C:\Users\Andy\Downloads\AnVir_Prozesse [88].htm
2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\ChemTable Software
2014-02-11 15:14 - 2014-02-11 15:14 - 00000000 ____D () C:\Users\Andy\AppData\Local\ChemTable Software
2014-02-11 15:09 - 2013-12-15 08:59 - 00000000 ____D () C:\Users\Andy\AppData\Local\AnVir
2014-02-11 15:06 - 2013-11-22 13:48 - 00002942 _____ () C:\Windows\System32\Tasks\{8FBDFD42-C049-4C84-85CE-32F02398AE9E}
2014-02-11 14:29 - 2014-02-11 14:29 - 669878021 _____ () C:\Windows\MEMORY.DMP
2014-02-11 14:29 - 2014-02-11 14:29 - 00262144 _____ () C:\Windows\Minidump\021114-35287-01.dmp
2014-02-11 14:29 - 2013-11-26 13:56 - 00000000 ____D () C:\Windows\Minidump
2014-02-11 09:07 - 2013-11-04 11:57 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-02-11 00:45 - 2014-02-11 00:45 - 02800104 _____ (AVAST Software) C:\Users\Andy\Downloads\avast-browser-cleanup_9.0.0.184.exe
2014-02-10 20:33 - 2014-02-10 20:33 - 00060664 _____ () C:\Users\Andy\Downloads\FRST (1).txt
2014-02-10 20:02 - 2014-02-10 20:01 - 00060664 _____ () C:\Users\Andy\Downloads\FRST.txt
2014-02-10 20:00 - 2014-02-10 20:00 - 00000000 ____D () C:\Users\Andy\Downloads\FRST-OlderVersion
2014-02-10 19:51 - 2013-11-12 09:23 - 00003676 _____ () C:\Windows\System32\Tasks\HP-Online-Aktualisierungsprogramm
2014-02-10 19:50 - 2014-01-21 13:41 - 00003342 _____ () C:\Windows\System32\Tasks\HP Photo Creations Communicator
2014-02-10 16:36 - 2013-11-12 10:21 - 00000000 ____D () C:\Users\Andy\Desktop\RK_Quarantine
2014-02-10 15:57 - 2014-02-10 15:57 - 00380416 _____ () C:\Users\Andy\Downloads\Gmer-19357.exe
2014-02-10 15:26 - 2014-02-10 15:26 - 00000000 _____ () C:\Users\Andy\defogger_reenable
2014-02-10 15:26 - 2013-10-26 13:17 - 00000000 ____D () C:\Users\Andy
2014-02-10 15:24 - 2014-02-10 15:24 - 00050477 _____ () C:\Users\Andy\Downloads\Defogger.exe
2014-02-10 14:41 - 2014-02-10 14:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-10 14:39 - 2014-02-09 10:29 - 00000000 ____D () C:\AdwCleaner
2014-02-10 13:40 - 2014-02-10 13:40 - 00847336 _____ (Google Inc.) C:\Users\Andy\Downloads\ChromeSetup (2).exe
2014-02-10 13:16 - 2013-10-26 14:07 - 00000000 ____D () C:\Users\Andy\AppData\Local\Google
2014-02-10 13:07 - 2013-10-27 16:09 - 00000000 ____D () C:\Users\Andy\Downloads\jdown
2014-02-10 11:18 - 2014-02-10 11:18 - 00022964 _____ () C:\Users\Andy\Documents\cc_20140210_111805.reg
2014-02-10 11:17 - 2014-02-10 11:17 - 00038058 _____ () C:\Users\Andy\Documents\cc_20140210_111744.reg
2014-02-10 11:16 - 2013-10-27 10:36 - 00000000 ____D () C:\Users\Andy\AppData\Local\CrashDumps
2014-02-10 11:15 - 2014-02-10 11:15 - 04721920 _____ (Piriform Ltd) C:\Users\Andy\Downloads\ccsetup410.exe
2014-02-10 11:15 - 2014-02-10 11:15 - 04721920 _____ (Piriform Ltd) C:\Users\Andy\Downloads\ccsetup410 (1).exe
2014-02-09 11:35 - 2014-01-05 21:16 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\.ACEStream
2014-02-09 11:31 - 2014-02-09 11:30 - 00000000 ____D () C:\Users\Andy\Iso
2014-02-09 11:09 - 2013-10-30 08:56 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-02-09 11:08 - 2013-10-29 09:39 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-02-09 11:06 - 2011-06-03 05:05 - 00000000 ____D () C:\Program Files (x86)\Packard Bell
2014-02-09 10:54 - 2014-01-31 12:55 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-02-09 10:28 - 2014-02-09 10:28 - 00614792 _____ (Chip Digital GmbH) C:\Users\Andy\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-02-09 10:27 - 2014-02-05 17:27 - 00000000 ____D () C:\ProgramData\Advanced
2014-02-09 09:22 - 2014-02-09 09:22 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 09:21 - 2014-02-09 09:21 - 01037530 _____ (Thisisu) C:\Users\Andy\Downloads\JRT_6.1.1.exe
2014-02-09 00:10 - 2013-10-26 13:36 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-08 23:57 - 2013-11-22 08:09 - 00002942 _____ () C:\Windows\System32\Tasks\{8BC343F1-2606-4424-8E92-FF7B9092DAA0}
2014-02-08 23:57 - 2013-11-22 07:49 - 00002984 _____ () C:\Windows\System32\Tasks\{F0A3E213-E374-43FB-8069-4FED942CE32A}
2014-02-08 23:57 - 2013-11-21 17:11 - 00003004 _____ () C:\Windows\System32\Tasks\{4120A149-E659-4DEC-9C41-278D729D86BC}
2014-02-08 23:57 - 2013-11-21 17:07 - 00002990 _____ () C:\Windows\System32\Tasks\{27C13EC4-49AF-45BA-893D-7A79763EF64A}
2014-02-08 23:57 - 2013-11-21 16:52 - 00000000 ____D () C:\Users\Andy\Downloads\iRecovery
2014-02-08 22:29 - 2014-02-08 20:30 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-08 22:15 - 2014-02-08 22:14 - 01977432 _____ () C:\Users\Andy\Downloads\winrar-x64-501.exe
2014-02-08 22:15 - 2013-11-02 09:23 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-08 21:52 - 2014-02-08 21:51 - 00000752 _____ () C:\Users\Andy\Downloads\78cb0e0ec726e73656d63cca5baa53a2.dlc
2014-02-08 20:31 - 2014-02-08 20:31 - 00000000 _____ () C:\autoexec.bat
2014-02-08 12:04 - 2014-02-08 12:04 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-08 12:04 - 2014-02-08 12:04 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\Malwarebytes
2014-02-08 12:04 - 2014-02-08 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-08 12:04 - 2014-02-08 12:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-08 12:02 - 2014-02-08 12:02 - 00614792 _____ (Chip Digital GmbH) C:\Users\Andy\Downloads\Malwarebytes Anti Malware - CHIP-Downloader.exe
2014-02-08 11:34 - 2013-10-27 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-08 10:06 - 2014-02-07 12:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-08 10:03 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-08 09:41 - 2014-02-08 09:41 - 00449749 _____ () C:\Users\Andy\Downloads\Windows6.0-KB2864202-x86.msu
2014-02-08 09:40 - 2014-02-08 09:40 - 00633925 _____ () C:\Users\Andy\Downloads\Windows6.0-KB2849470-x86.msu
2014-02-08 09:39 - 2014-02-08 09:39 - 00937139 _____ () C:\Users\Andy\Downloads\Windows8-RT-KB2757638-x86.msu
2014-02-08 09:05 - 2014-02-08 09:05 - 00347816 _____ (Microsoft Corporation) C:\Users\Andy\Downloads\MicrosoftFixit.wu.RNP.37315273832125890.2.1.Run.exe
2014-02-08 09:01 - 2014-02-08 09:01 - 00985600 _____ () C:\Users\Andy\Downloads\MicrosoftFixit50123 (3).msi
2014-02-08 09:01 - 2014-02-08 09:01 - 00985600 _____ () C:\Users\Andy\Downloads\MicrosoftFixit50123 (2).msi
2014-02-08 09:01 - 2014-02-08 09:01 - 00985600 _____ () C:\Users\Andy\Downloads\MicrosoftFixit50123 (1).msi
2014-02-07 15:17 - 2013-10-26 13:43 - 00000000 ____D () C:\Program Files (x86)\NeoSmart Technologies
2014-02-07 15:07 - 2014-02-07 15:07 - 00001280 _____ () C:\Users\Andy\Desktop\Revo Uninstaller.lnk
2014-02-07 15:07 - 2014-02-07 15:07 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-02-07 15:06 - 2014-02-07 15:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andy\Downloads\revosetup.exe
2014-02-07 15:06 - 2014-02-07 15:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andy\Downloads\revosetup (1).exe
2014-02-07 15:00 - 2014-02-07 15:00 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Andy\Downloads\rkill.exe
2014-02-06 17:27 - 2013-11-25 12:15 - 00000000 ____D () C:\Users\Andy\Documents\MassFaces
2014-02-06 13:16 - 2014-02-13 09:08 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 09:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 09:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 09:08 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 09:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 09:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 09:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 09:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 09:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 09:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 09:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 09:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 09:07 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 09:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 09:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 09:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 09:07 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 09:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 09:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 09:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 09:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 09:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 09:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 09:08 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 09:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 09:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 09:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 09:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:25 - 2014-02-13 09:07 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:24 - 2014-02-13 09:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 09:08 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 09:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 09:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 09:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 09:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 09:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 09:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 09:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 09:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-06 08:48 - 2013-10-27 15:22 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\vlc
2014-02-05 17:44 - 2013-11-13 11:23 - 00000000 ____D () C:\Windows\pss
2014-02-05 17:42 - 2014-02-05 17:42 - 00010372 _____ () C:\Users\Andy\Documents\cc_20140205_174220.reg
2014-02-05 17:41 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2014-02-05 17:31 - 2014-02-05 17:31 - 00000000 ____D () C:\Program Files (x86)\Shark007
2014-02-05 17:31 - 2013-10-29 09:42 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-02-05 17:26 - 2014-02-05 17:26 - 29978800 _____ () C:\Users\Andy\Downloads\32bit_Advanced_v447.exe
2014-02-04 08:49 - 2009-07-14 03:34 - 68419584 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old
2014-02-04 08:49 - 2009-07-14 03:34 - 17563648 _____ () C:\Windows\system32\config\SYSTEM_tureg_old
2014-02-04 08:49 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY_tureg_old
2014-02-04 08:47 - 2009-07-14 03:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT_tureg_old
2014-02-04 08:47 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM_tureg_old
2014-02-04 01:03 - 2014-02-03 21:30 - 00000000 ____D () C:\Program Files\Ekahau
2014-02-04 01:02 - 2014-02-02 10:58 - 00000000 __HDC () C:\ProgramData\{BBDFE733-F48B-4E86-B7C1-E6F173F01FCF}
2014-02-03 21:27 - 2014-02-03 21:27 - 00924988 _____ () C:\Users\Andy\Downloads\kismet_8441.gz
2014-02-03 16:58 - 2014-02-03 16:58 - 01286686 _____ () C:\Users\Andy\Downloads\UISounds.rar
2014-02-03 11:06 - 2014-02-03 11:06 - 00000000 ____D () C:\Windows\CheckSur
2014-02-03 11:05 - 2014-02-03 11:03 - 457019995 _____ () C:\Users\Andy\Downloads\Windows6.1-KB947821-v31-x64.msu
2014-02-02 11:53 - 2013-10-27 15:22 - 00000883 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-02 11:36 - 2014-02-02 11:36 - 00000000 ____D () C:\Users\Andy\AppData\Local\Microsoft_Research
2014-02-02 10:59 - 2014-02-02 10:59 - 00001278 _____ () C:\Users\Public\Desktop\ASCOM Diagnostics.lnk
2014-02-02 10:59 - 2014-02-02 10:59 - 00001116 _____ () C:\Users\Public\Desktop\ProfileExplorer.lnk
2014-02-02 10:59 - 2014-02-02 10:59 - 00000000 ____D () C:\Windows\Symbols
2014-02-02 10:59 - 2014-02-02 10:59 - 00000000 ____D () C:\Program Files\Common Files\ASCOM
2014-02-02 10:59 - 2014-02-02 10:59 - 00000000 ____D () C:\Program Files (x86)\ASCOM
2014-02-02 10:58 - 2014-02-02 10:58 - 24829830 _____ (ASCOM Initiative ) C:\Users\Andy\Downloads\ASCOMPlatform6SP3.exe
2014-02-02 10:58 - 2014-02-02 10:58 - 00000000 ____D () C:\Users\Andy\Documents\ASCOM
2014-02-02 09:49 - 2014-02-02 09:49 - 00000000 ____D () C:\Users\Andy\Documents\WWT MIDI Controller Maps
2014-02-02 09:49 - 2014-02-02 09:49 - 00000000 ____D () C:\Users\Andy\Documents\WWT Collections
2014-02-02 09:45 - 2014-02-02 09:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Research
2014-02-02 09:43 - 2014-02-02 09:42 - 80880128 _____ () C:\Users\Andy\Downloads\wwtsetup.5.0.3.msi
2014-02-01 13:48 - 2014-02-01 13:48 - 00005398 _____ () C:\Users\Andy\Downloads\Main.zip
2014-02-01 13:48 - 2014-02-01 13:48 - 00005398 _____ () C:\Users\Andy\Downloads\Main (1).zip
2014-02-01 13:08 - 2014-02-01 13:05 - 168481318 _____ () C:\Users\Andy\Downloads\uniaw_ios7_cydget.rar
2014-01-31 12:55 - 2014-01-31 12:55 - 00000000 ____D () C:\Users\Andy\AppData\Local\Wondershare
2014-01-31 12:55 - 2014-01-31 12:55 - 00000000 ____D () C:\ProgramData\Wondershare
2014-01-31 11:21 - 2014-01-31 11:21 - 27375656 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Andy\Downloads\ios-recovery (2).exe
2014-01-31 11:20 - 2014-01-31 11:19 - 27375520 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Andy\Downloads\ios-recovery (1).exe
2014-01-31 11:19 - 2014-01-31 11:18 - 29010304 _____ (Wondershare ) C:\Users\Andy\Downloads\mobile-transfer.exe
2014-01-31 11:18 - 2014-01-31 11:18 - 27375520 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Andy\Downloads\ios-recovery.exe
2014-01-31 11:18 - 2014-01-31 11:18 - 22655552 _____ (Wondershare ) C:\Users\Andy\Downloads\ios-manager.exe
2014-01-30 12:04 - 2014-01-30 12:00 - 10911944 _____ () C:\Users\Andy\Downloads\BeatsMusic-v321 (1).ipa
2014-01-29 12:03 - 2014-01-29 12:03 - 00001734 _____ () C:\Windows\patsearch.bin
2014-01-29 12:03 - 2014-01-29 12:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-01-29 12:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-28 15:20 - 2014-01-29 12:03 - 00055480 _____ (Corsica) C:\Windows\system32\Drivers\webinstr.sys
2014-01-28 14:14 - 2014-01-25 11:00 - 00000000 ____D () C:\Program Files (x86)\SixaxisPairTool
2014-01-28 10:57 - 2014-01-28 10:57 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\UltraVNC
2014-01-28 10:54 - 2014-01-28 10:54 - 00001166 _____ () C:\Users\Andy\Desktop\UltraVNC Viewer.lnk
2014-01-28 10:54 - 2014-01-28 10:54 - 00001149 _____ () C:\Users\Andy\Desktop\UltraVNC Server.lnk
2014-01-28 10:54 - 2014-01-28 10:54 - 00000000 ____D () C:\Program Files (x86)\uvnc bvba
2014-01-27 10:00 - 2011-06-03 05:22 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-26 12:20 - 2014-01-26 12:20 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\Program Files\iTunes
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\Program Files\iPod
2014-01-26 12:20 - 2014-01-26 12:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-01-26 12:16 - 2013-10-27 07:41 - 00000000 ____D () C:\ProgramData\Apple
2014-01-26 10:51 - 2014-01-26 10:51 - 00145859 _____ () C:\Users\Andy\Downloads\hosts.rar
2014-01-25 11:06 - 2013-11-21 16:25 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-01-25 11:01 - 2014-01-25 11:00 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-25 10:55 - 2014-01-25 10:55 - 13591657 _____ (Dancing Pixel Studios ) C:\Users\Andy\Downloads\SixaxisPairToolSetup-0.2.5.exe
2014-01-23 10:17 - 2013-11-07 10:49 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2014-01-22 19:16 - 2013-11-26 10:35 - 00000000 ____D () C:\Users\Andy\Documents\MassTube
2014-01-22 17:46 - 2014-01-22 17:46 - 00800127 _____ () C:\Users\Andy\Downloads\bAdaccell.zip
2014-01-22 17:46 - 2014-01-22 17:46 - 00594482 _____ () C:\Users\Andy\Downloads\LSClock.zip
2014-01-22 17:46 - 2014-01-22 17:46 - 00001477 _____ () C:\Users\Andy\Downloads\BlurredLS.zip
2014-01-22 14:41 - 2014-01-22 14:41 - 02278856 _____ () C:\Users\Andy\Downloads\avira_pc_cleaner_de.exe
2014-01-21 17:50 - 2014-01-21 17:49 - 16674816 _____ () C:\Users\Andy\Downloads\python-2.7.6.amd64 (1).msi
2014-01-21 17:48 - 2014-01-21 17:46 - 17458242 _____ () C:\Users\Andy\Downloads\python-2.7.6.amd64-pdb.zip
2014-01-21 14:57 - 2014-01-21 14:57 - 00000000 ____D () C:\Users\Andy\AppData\Local\MetaGeek,_LLC
2014-01-21 14:56 - 2014-01-21 14:56 - 04767744 _____ () C:\Users\Andy\Downloads\inSSIDer31-installer.msi
2014-01-21 14:56 - 2014-01-21 14:56 - 00002489 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-01-21 14:56 - 2014-01-21 14:56 - 00000000 ____D () C:\Program Files (x86)\MetaGeek
2014-01-21 14:21 - 2014-01-21 14:21 - 00000000 ____D () C:\Python27
2014-01-21 14:18 - 2014-01-21 14:18 - 00000000 ____D () C:\Python33
2014-01-21 14:01 - 2013-12-25 12:08 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\SoftGrid Client
2014-01-21 13:41 - 2014-01-21 13:40 - 00000000 ____D () C:\ProgramData\Visan
2014-01-21 13:41 - 2013-11-11 13:36 - 00002184 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-01-21 13:41 - 2013-11-11 13:36 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-01-21 13:41 - 2013-11-11 13:36 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-01-21 13:38 - 2014-01-21 13:38 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-21 13:35 - 2014-01-21 13:35 - 00000000 ____D () C:\Program Files (x86)\MPC-HC
2014-01-21 13:34 - 2014-01-21 13:34 - 00002031 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-21 13:34 - 2011-06-03 05:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-21 13:33 - 2014-01-21 13:33 - 00000000 ____D () C:\Users\Default\AppData\Local\Adobe
2014-01-21 13:33 - 2014-01-21 13:33 - 00000000 ____D () C:\Users\Default User\AppData\Local\Adobe
2014-01-21 13:25 - 2014-01-21 13:25 - 00000000 ____D () C:\Users\Andy\AppData\Local\Secunia PSI
2014-01-21 13:25 - 2014-01-21 13:25 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-01-18 14:38 - 2014-01-18 09:54 - 00000600 _____ () C:\Users\Andy\AppData\Roaming\winscp.rnd
2014-01-18 10:17 - 2014-01-10 12:13 - 00000000 ____D () C:\Users\Andy\AppData\Local\0install.net
2014-01-18 10:16 - 2014-01-18 09:55 - 00000000 ____D () C:\Users\Andy\AppData\Roaming\FileZilla
2014-01-18 09:51 - 2013-10-26 13:18 - 00061720 _____ () C:\Users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT

Some content of TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 06:54

==================== End Of Log ============================
--- --- ---

Larusso 16.02.2014 14:55
Okay. Dann suchen wir weiter.

Starte bitte den Rechner in den abgesicherten Modus mit Netzwerktreibern.

Starte hier mal deine Browser und berichte, ob die ADS da auch kommen.

wallhalla23 16.02.2014 17:21
Ja bin gerade im abgesicherten Modus und habe momentan keine Ads aber hatte vorher etwa die letzten 15 min auch keine im normalen Modus.Hatte nochmal alle meine Cookies gelöscht und den Browser zurückgesetzt.

Bin jetzt wieder im Normal Modus und werde gleich wieder mit ADS attakiert.
Also im abgesicherten keine ADS..so nun bist du wieder dran ;)

Larusso 16.02.2014 18:24
Kannst du mir mal erklären, wofür folgende Software gut ist ?
TwonkyProxy

wallhalla23 16.02.2014 18:46
Ja den hatte ich mal in gebrauch für irgendwas zu streamen aber hab ich auch schon runter geschmissen ;)

Larusso 18.02.2014 19:41
Sorry, aber ich steh hier gerade echt an.

Im abgesicherten Modus keine ADS. Dann würde ich mal versuchen herauszufinden, welche Software dafür verantwortlich sein kann.

Drücke bitte die WIndows + R Taste und gib msconfig ein.
Wechsle bitte in dein Reiter Dienste und setze einen Haken bei "alle Microsoft-Dienste ausblenden".

Entfernen nun alle Haken und starte den Rechner neu. Berichte mal, ob die ADS wieder kommen.

wallhalla23 21.02.2014 11:03
Hallo,Ich kam nachher gar nicht mehr in Windows rein und habe dann mein System neu aufgespielt.Vielleicht hast du noch ein paar Tips für mich wie ich mein System sauber und flink halten kann.
Desweiteren möchte ich gerne vom jetzigen neuen System mit allem was drauf ist ein bootbaren usbstick erstellen damit ich bei einem Problem es komplett wieder aufspielen kann. Vllt hast du da auch was für mich.
Auf jeden fall möchte ich mich für deinen Einsatz bedanken...hab auch einiges bei gelernt.

Gruß Andreas

Larusso 21.02.2014 15:41
Hm, ich frage mich immernoch, was dafür verantwortlich war -.-

Zur ImageErstellung hab ich das hier mal gefunden --> Festplatten-Image*-*Wie erstellt man ein Festplatten-Image? Das wird hier erklärt*-*PC-Erfahrung.de

Bitte update dein System jetzt. Adobe Reader und Java ( falls installiert ) sowie alle Browser und Plugins


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

wallhalla23 21.02.2014 23:08
Also von mir aus ist alles erledigt und kannst das Thema gerne beenden.
Nochmal Danke und bis bald mal.:daumenhoc

Larusso 22.02.2014 18:10
Froh, dass wir helfen konnten :abklatsch:


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20