boris1000 | 13.11.2014 10:01 | Hi Schrauber,
Danke werde ich jetzt machen. Nur zwei Fragen... Ich habe eine systemwiederherstellung gemacht und dann über Nacht antivir pro drüber laufen lassen. Hier wurde nix gemeldet, der Rechner läuft anscheinend auch problemlos. Trotzdem Combofix ausführen?
Nur aus Interesse... Wie lange dauert Combofix?
Liebe Grüße und danke für die Hilfe!
Erledigt... sieht gut aus :-) Code:
ComboFix 14-11-12.01 - Boris Odenthal 13.11.2014 8:31.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3039.1819 [GMT 1:00]
ausgeführt von:: c:\users\Boris Odenthal\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR231E.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\Icons
c:\windows\system32\Icons\1409680887_647714-excel-512.png
c:\windows\system32\Icons\1409680893_647719-word-512.png
c:\windows\system32\Icons\1409680900_647717-powerpoint-512.png
c:\windows\system32\Icons\1409680975_272712.ico
c:\windows\system32\Icons\1409748901_79673.ico
c:\windows\system32\Icons\excelicon.ico
c:\windows\system32\Icons\pdficon.ico
c:\windows\system32\Icons\wordicon.ico
c:\windows\system32\stapo.tmp
c:\windows\system32\YingInstall
c:\windows\system32\YingInstall\409.ini
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-13 bis 2014-11-13 ))))))))))))))))))))))))))))))
.
.
2014-11-13 07:51 . 2014-11-13 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-13 07:51 . 2014-11-13 07:51 -------- d-----w- c:\users\Boris\AppData\Local\temp
2014-11-12 21:57 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 21:57 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 21:57 . 2014-08-21 06:23 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-12 21:57 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 21:57 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 21:57 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 21:57 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 21:57 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 21:56 . 2014-10-25 01:32 67584 ----a-w- c:\windows\system32\packager.dll
2014-11-12 21:56 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 21:56 . 2014-10-03 01:44 275968 ----a-w- c:\windows\system32\EncDump.dll
2014-11-12 21:56 . 2014-10-03 01:44 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-12 21:56 . 2014-10-03 01:44 475136 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-12 21:56 . 2014-10-03 01:44 374784 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-12 21:56 . 2014-10-03 01:44 195584 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-12 21:55 . 2014-09-19 09:23 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-11-12 21:55 . 2014-09-19 09:23 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-11-12 21:55 . 2014-09-19 09:23 248832 ----a-w- c:\windows\system32\schannel.dll
2014-11-12 21:55 . 2014-09-19 09:23 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-11-12 21:55 . 2014-09-19 09:23 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-12 21:55 . 2014-09-19 09:23 221184 ----a-w- c:\windows\system32\ncrypt.dll
2014-11-12 21:55 . 2014-09-19 09:23 17408 ----a-w- c:\windows\system32\credssp.dll
2014-11-12 21:55 . 2014-10-10 00:45 2379264 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 21:55 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 21:53 . 2014-10-20 02:37 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D98E1B7-EEF9-49D9-B653-24153310C74E}\mpengine.dll
2014-11-12 21:53 . 2014-11-05 17:50 203776 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 21:53 . 2014-11-05 17:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 21:53 . 2014-11-05 17:50 254464 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 14:08 . 2014-11-12 14:09 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 14:08 . 2014-10-01 10:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-12 14:08 . 2014-10-01 10:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-12 14:08 . 2014-10-01 10:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-12 14:08 . 2014-11-12 14:08 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-12 14:08 . 2014-11-12 14:08 -------- d-----w- c:\programdata\Malwarebytes
2014-11-12 10:53 . 2014-11-12 11:05 -------- d-----w- C:\FRST
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2014-10-24 06:44 . 2014-10-24 06:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-23 09:46 . 2014-10-23 11:02 -------- d-----w- c:\users\Boris Odenthal\AppData\Local\Apple Inc
2014-10-22 09:45 . 2014-10-22 09:45 -------- d-----w- c:\users\Boris Odenthal\AppData\Roaming\Oracle
2014-10-22 09:42 . 2014-10-22 09:42 -------- d-----w- c:\program files\Common Files\Java
2014-10-22 09:41 . 2014-10-22 09:40 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-17 07:23 . 2014-10-17 07:23 -------- d-----w- c:\program files\iPod
2014-10-17 07:23 . 2014-10-17 07:25 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-10-17 07:23 . 2014-10-17 07:25 -------- d-----w- c:\program files\iTunes
2014-10-16 09:29 . 2014-10-17 06:48 -------- d-----w- c:\users\Boris Odenthal\AppData\Roaming\Mp3tag
2014-10-16 09:29 . 2014-10-16 09:29 -------- d-----w- c:\program files\Mp3tag
2014-10-15 06:50 . 2014-09-04 05:04 372736 ----a-w- c:\windows\system32\rastls.dll
2014-10-15 06:49 . 2014-06-18 22:23 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 06:49 . 2014-06-18 22:23 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 06:49 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 06:49 . 2014-08-29 01:44 2744320 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-15 06:49 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\system32\mstscax.dll
2014-10-15 06:49 . 2014-07-17 01:40 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-15 06:49 . 2014-07-17 01:39 130048 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-15 06:49 . 2014-07-17 01:39 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-10-15 06:49 . 2014-07-17 01:03 184320 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-15 06:49 . 2014-07-17 01:02 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-15 06:47 . 2014-07-07 01:40 744960 ----a-w- c:\windows\system32\blackbox.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-12 14:57 . 2012-04-27 06:07 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-12 14:57 . 2011-06-07 06:15 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-04 13:30 . 2009-10-05 08:10 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-07 08:33 . 2014-07-10 07:33 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-07 08:33 . 2014-07-10 07:33 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-07 08:33 . 2014-07-10 07:33 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-02 12:23 . 2014-10-02 12:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 12:23 . 2014-10-02 12:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-09-26 11:13 . 2014-03-19 15:02 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-25 01:40 . 2014-10-01 10:40 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-24 08:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:46 . 2014-08-28 06:28 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-15 21:35 . 2014-08-15 21:35 6112072 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-08-15 21:35 . 2014-08-15 21:35 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-11-07 21:02 . 2012-07-25 12:52 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-04-05 18:29 280224 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-09 06:33 239272 ----a-w- c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-09 06:33 239272 ----a-w- c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-09 06:33 239272 ----a-w- c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Boris Odenthal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Boris Odenthal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Boris Odenthal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Boris Odenthal\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 16:52 577864 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2006-05-14 344064]
"Spotify Web Helper"="c:\users\Boris Odenthal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-15 1514040]
"phonostar-PlayerTimer"="c:\program files\phonostar-Player\phonostarTimer.exe" [2014-01-11 42496]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"SkyDrive"="c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-10-09 277672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-07-25 468112]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 567864]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"HPCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-02-05 1048152]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-11-06 703736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Boris Odenthal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
An OneNote senden.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-7-21 195240]
Dropbox.lnk - c:\users\Boris Odenthal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
RocketDock.exe - Verknüpfung.lnk - c:\program files\RocketDock\RocketDock.exe [2012-11-6 344064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico /auto [2011-12-25 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall C:\Users
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall c:\users\Boris Odenthal\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_2]
rmdir [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{54D7E9FD-34FC-20EA-2E30-6A380EABEFDD}
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2006-10-22 21:24 620152 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2011-05-03 12:22 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-03-21 08:21 91432 ----a-w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2012-11-05 12:59 3389080 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-18 06:47 138096 ----atw- c:\users\Boris Odenthal\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-12-09 22:19 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 06:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 12:21 2213160 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ----a-w- c:\programme\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostar-PlayerTimer]
2014-01-11 14:01 42496 ----a-w- c:\program files\phonostar-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2014-01-11 14:01 42496 ----a-w- c:\program files\phonostar-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ----a-w- c:\programme\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RestartNeroSetup]
2007-12-07 15:29 2553128 ----a-w- c:\program files\Common Files\Nero\Nero Web\SetupX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-10-15 09:03 1514040 ----a-w- c:\users\Boris Odenthal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-02-25 13:40 218408 ------w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 16:11 210216 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-13 16:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 16:11 210216 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-09-26 08:15 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-06-04 08:22 2024800 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
2;2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [x]
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-28 697328]
R1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 gupdate1c9b5ee4ceabb26;Google Update Service (gupdate1c9b5ee4ceabb26);c:\program files\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [x]
R3 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 100184]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-08-06 18944]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2014-07-02 37352]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programme\CyberLink\PowerDVD8\PowerDVD8\000.fcl [2008-02-01 41456]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-11-06 806704]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-11-06 432888]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-11-06 995064]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-10-07 37384]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-09-25 1669296]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-02-05 1593632]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-02-05 15904544]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-09-23 365904]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 17184]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-29 54784]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2011-09-02 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2011-09-02 12184]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 07:40 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 14:57]
.
2014-11-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3084854908-1294390735-1367305432-1000Core.job
- c:\users\Boris Odenthal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 06:47]
.
2014-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3084854908-1294390735-1367305432-1000UA.job
- c:\users\Boris Odenthal\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-07 06:47]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 06:33]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 06:33]
.
2014-11-13 c:\windows\Tasks\WebContent AutoUpdate 2013.job
- c:\program files\Nemetschek\Allplan_2013\prg\NemDownloadHandler.exe [2013-06-17 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Boris Odenthal\AppData\Roaming\Mozilla\Firefox\Profiles\vmnxqhjt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb201?a=6R8QTOlyvB&i=26
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb201/?loc=IB_DS&a=6R8QTOlyvB&&i=26&search=
FF - ExtSQL: !HIDDEN! 2013-04-18 16:05; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8QTOlyvB&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 2b7c904300000000000000235a36304e
FF - user.js: extensions.incredibar_i.instlDay - 15715
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1412:32
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8QTOlyvB
FF - user.js: extensions.incredibar_i.upn2n - 92825722533940935
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-CLMLServer for HP TouchSmart - c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
MSConfigStartUp-TSMAgent - c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
AddRemove-DVS Video Downloader Addon for Google Chrome_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe/SILENT
AddRemove-NAVIGON Fresh - c:\program files\NAVIGON\NAVIGON Fresh\uninst.exe
AddRemove-ShoreLoosers Gameplay Booster - c:\program files\EA Sports\FIFA 09\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programme\CyberLink\PowerDVD8\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,
04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,
c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,df,71,
68,82,e9,79,3d,9d,e9,17,af,ad,b0,e5,ab
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:57,4f,83,31,d4,a2,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,17,c9,3e,0f,a4,a9,4e,87,db,ab,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,17,c9,3e,0f,a4,a9,4e,87,db,ab,\
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3084854908-1294390735-1367305432-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3084854908-1294390735-1367305432-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3084854908-1294390735-1367305432-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3084854908-1294390735-1367305432-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3084854908-1294390735-1367305432-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3084854908-1294390735-1367305432-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3084854908-1294390735-1367305432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3084854908-1294390735-1367305432-1000)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7c,de,0b,66,6f,ba,8a,c0,25,2e,5f,fc,b4,34,cf,b2,3c,df,61,0a,35,
6a,14,14,63,d7,ee,52,65,e3,f8,39,97,9d,31,46,76,66,3b,d2,95,40,1b,ee,06,f2,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-11-13 08:55:25
ComboFix-quarantined-files.txt 2014-11-13 07:55
.
Vor Suchlauf: 21 Verzeichnis(se), 112.929.656.832 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 112.769.449.984 Bytes frei
.
- - End Of File - - 761235F28D4118941FA6735B641AD1D4
A36C5E4F47E84449FF07ED3517B43A31 |