Trojaner-Board - msiexec.exe infiziert mit win32 :Malware-gen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - msiexec.exe infiziert mit win32 :Malware-gen (https://www.trojaner-board.de/160111-msiexec-exe-infiziert-win32-malware-gen.html)

Das kannst du mit Windows Mitteln machen, einen Systemwiederherstellungspunkt zb. Der wird aber normal sowieso angelegt bei Installation eines Treibers.

ich würde keine Tools verwenden, sondern manuell die Treiber beim Hersteller laden, wie schon die LAN und WLAN Treiber. Fehlt ja eigentlich nur noch Chipsatz und Board.

hallo Schrauber,
der Rechner war wieder langsam und AVAST was ich derzeit noch aktiviert habe, hat Virusmeldung gegeben. wieder win32: Malware-gen
es wurden einige Dateien in container verschoben. bei anschließendem Booscan von avast wurden ebenfalls mehrere infizierte Dateien mit trojanern in container verschoben.

soll ich nocheinmal das gleiche Programm mit combofix durchführen???

momentan ist eine trial Vollversion von AVAST aktiviert.
Firewall und Virensschutz ist aktiviert.
ausserdem ist auch Firewall von Windows aktiviert.
anbei im Anhang die Scanlog dateien von AVAST

Anhang 71127

farbar log file nach dem Scan und Repair mit AVAST

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Code:

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Sonntag, 26. Oktober 2014 01:06:49

*
 

26.10.2014 01:10:09        C:\Users\GC395~1.***\AppData\ROAMING\Ehafas\doqeso.exe [L] Win32:Malware-gen (0)

Datei erfolgreich in Container verschoben...

26.10.2014 01:12:40        C:\Users\GC395~1.***\AppData\ROAMING\2EB42334\bin.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

26.10.2014 01:12:41        C:\Users\GC395~1.***\AppData\ROAMING\MICROSOFT\WINDOWS\IEUpdate\mtstocom.exe [L] Win64:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

26.10.2014 01:13:38        C:\Users\GC395~1.***\AppData\ROAMING\MICROSOFT\WINDOWS\IEUpdate\taskkill.exe [L] Win64:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Montag, 27. Oktober 2014 19:09:38

*
 
 

*

* Schutz beendet: Dienstag, 28. Oktober 2014 16:11:31

* Laufzeit war 21 Stunde(n), 1 Minute(n), 1 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Dienstag, 28. Oktober 2014 16:14:02

*
 

28.10.2014 22:56:16        C:\WINDOWS\Installer\MSI516.tmp [L] Win32:Malware-gen (0)

Datei erfolgreich in Container verschoben...

28.10.2014 22:56:47        C:\WINDOWS\Installer\MSIC308.tmp [L] Win32:Malware-gen (0)

Datei erfolgreich in Container verschoben...
 

*

* Schutz beendet: Mittwoch, 29. Oktober 2014 01:58:29

* Laufzeit war 9 Stunde(n), 44 Minute(n), 44 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Mittwoch, 29. Oktober 2014 12:30:03

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Mittwoch, 29. Oktober 2014 15:41:48

*
 
 

*

* Schutz beendet: Mittwoch, 29. Oktober 2014 16:09:18

* Laufzeit war 27 Minute(n), 27 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Mittwoch, 29. Oktober 2014 16:10:26

*
 
 

*

* Schutz beendet: Mittwoch, 29. Oktober 2014 23:11:36

* Laufzeit war 7 Stunde(n), 1 Minute(n), 1 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Mittwoch, 29. Oktober 2014 23:33:20

*
 
 

*

* Schutz beendet: Donnerstag, 30. Oktober 2014 03:26:34

* Laufzeit war 3 Stunde(n), 53 Minute(n), 53 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Donnerstag, 30. Oktober 2014 16:10:27

*
 
 

*

* Schutz beendet: Freitag, 31. Oktober 2014 02:15:03

* Laufzeit war 10 Stunde(n), 4 Minute(n), 4 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Samstag, 1. November 2014 23:57:10

*
 

02.11.2014 03:40:51        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**-003\bedien\a**.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:41:24        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**015\a**015-108.bin-1\bedien\a**015.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:41:37        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**015\a**015-108.bin-1\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:41:51        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD1\i-v**\a**017\a**017-110.bin\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:42:04        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD2\i-v**\a**-003\bedien\a**.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:42:17        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD2\i-v**\a**017\a**017-110.bin\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:43:54        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**-003\bedien\a**.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:44:07        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**015\a**015-108.bin-1\bedien\a**015.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:44:08        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**015\a**015-108.bin-1\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...

02.11.2014 03:44:22        F:\backup_****_b*****laptop_02112014\D\B*****\p***********\a********\40_s********\SD3\i-v**\a**017\a**017-110.bin\ivs\Ivs.exe [L] Win32:Evo-gen [Susp] (0)

Datei erfolgreich in Container verschoben...
 

*

* Schutz beendet: Montag, 3. November 2014 01:12:39

* Laufzeit war 1 Tag(e), 1 Stunde(n), 15 Minute(n), 15 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Freitag, 7. November 2014 14:24:20

*
 
 

*

* Schutz beendet: Freitag, 7. November 2014 22:05:25

* Laufzeit war 7 Stunde(n), 41 Minute(n), 41 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Sonntag, 9. November 2014 18:57:42

*
 
 

*

* Schutz beendet: Sonntag, 9. November 2014 19:05:17

* Laufzeit war 7 Minute(n), 7 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Sonntag, 9. November 2014 19:13:48

*
 
 

*

* Schutz beendet: Sonntag, 9. November 2014 19:49:15

* Laufzeit war 35 Minute(n), 35 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Sonntag, 9. November 2014 20:50:32

*
 
 

*

* Schutz beendet: Sonntag, 9. November 2014 20:59:43

* Laufzeit war 9 Minute(n), 9 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Montag, 10. November 2014 03:06:36

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Mittwoch, 12. November 2014 18:48:39

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Freitag, 14. November 2014 12:55:29

*
 
 

*

* Schutz beendet: Samstag, 15. November 2014 01:59:17

* Laufzeit war 13 Stunde(n), 3 Minute(n), 3 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Samstag, 15. November 2014 02:03:05

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Samstag, 15. November 2014 14:32:48

*
 
 

*

* Schutz beendet: Samstag, 15. November 2014 21:13:36

* Laufzeit war 6 Stunde(n), 40 Minute(n), 40 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Sonntag, 16. November 2014 15:01:43

*
 
 

*

* Schutz beendet: Sonntag, 16. November 2014 18:28:24

* Laufzeit war 3 Stunde(n), 26 Minute(n), 26 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Sonntag, 16. November 2014 19:28:44

*
 
 

*

* Schutz beendet: Sonntag, 16. November 2014 19:56:34

* Laufzeit war 27 Minute(n), 27 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Dienstag, 18. November 2014 20:12:11

*
 
 

*

* Schutz beendet: Dienstag, 18. November 2014 23:14:21

* Laufzeit war 3 Stunde(n), 2 Minute(n), 2 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Dienstag, 18. November 2014 23:16:16

*
 
 

*

* Schutz beendet: Freitag, 21. November 2014 19:50:20

* Laufzeit war 2 Tag(e), 20 Stunde(n), 34 Minute(n), 34 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Freitag, 21. November 2014 19:52:08

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Samstag, 22. November 2014 03:03:02

*
 
 

*

* Schutz beendet: Samstag, 22. November 2014 06:42:31

* Laufzeit war 3 Stunde(n), 39 Minute(n), 39 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Samstag, 22. November 2014 16:13:52

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Sonntag, 23. November 2014 09:24:17

*
 
 

*

* Schutz beendet: Montag, 24. November 2014 08:47:41

* Laufzeit war 1 Tag(e), 23 Minute(n), 23 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Montag, 24. November 2014 10:33:24

*
 
 

*

* Schutz beendet: Montag, 24. November 2014 09:48:10

* Laufzeit war 14 Minute(n), 14 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Montag, 24. November 2014 23:40:42

*
 
 

*

* Schutz beendet: Dienstag, 25. November 2014 01:27:36

* Laufzeit war 2 Stunde(n), 46 Minute(n), 46 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Dienstag, 25. November 2014 14:24:12

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Dienstag, 25. November 2014 19:12:19

*
 
 

*

* Schutz beendet: Mittwoch, 26. November 2014 06:07:25

* Laufzeit war 11 Stunde(n), 55 Minute(n), 55 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Mittwoch, 26. November 2014 14:15:40

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Donnerstag, 27. November 2014 10:48:54

*
 
 

*

* Schutz beendet: Donnerstag, 27. November 2014 18:29:57

* Laufzeit war 8 Stunde(n), 41 Minute(n), 41 Sekunde(n)

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Donnerstag, 27. November 2014 19:33:27

*
 

*

* Avast Echtzeit-Schutz-Bericht

* Diese Berichtdatei wurde automatisch erstellt

*

* Start: Freitag, 28. November 2014 05:14:27

*

Code:

10/26/2014 01:25

Prüfung aller lokalen Laufwerke
 

Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\tt[2].txt ist infiziert von JS:ScriptPE-inf [Trj], In Container verschoben

Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\tt[6].txt ist infiziert von JS:ScriptPE-inf [Trj], In Container verschoben

Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\ab[1].txt ist infiziert von JS:ScriptPE-inf [Trj], In Container verschoben

Datei C:\Users\g.****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0V8Y2OQV\actors[1].txt ist infiziert von HTML:Script-inf, In Container verschoben

Datei C:\Users\g.****\AppData\Local\Temp\IiXcg2EvVS2fh6K8DiO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWDGIVUP\abcmedicine_net[1].htm ist infiziert von HTML:Framer-inf [Trj], In Container verschoben

Datei C:\Users\g.****\AppData\Local\Temp\Kh8JPHg2CFOlN2s8LbG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C3QYTYUE\abcmedicine_net[1].htm ist infiziert von HTML:Framer-inf [Trj], In Container verschoben

Datei C:\Users\g.****\AppData\Local\Temp\PC9CHJsk7cNPJMyykva\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SDW9H3M\abcmedicine_net[1].htm ist infiziert von HTML:Framer-inf [Trj], In Container verschoben

Datei C:\Users\g.****\AppData\Local\Temp\wcrash.exe ist infiziert von Win32:Malware-gen, In Container verschoben

Datei C:\Users\g.****\Downloads\WindowsXPMode_de-de.exe.part|>sources\xpm Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei C:\Windows\Installer\{3B984C67-079D-4B0A-8ABC-721E33062D63}\msiexec.exe ist infiziert von Win32:Malware-gen

Prüfung abgebrochen
 

Anzahl durchsuchter Ordner: 202524

Anzahl der geprüften Dateien: 4019786

Anzahl infizierter Dateien: 9
 

----------------------------------------

11/27/2014 21:48

Prüfung aller lokalen Laufwerke
 

Datei C:\Users\g.****\Downloads\WindowsXPMode_de-de.exe.part|>sources\xpm Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].031 ist infiziert von Win32:Malware-gen, In Container verschoben

Datei D:\B*****\P**********\A********\10_0_S***_Front\05_Sicherheit\Softwareversionen und -updates\2010-05-26_Softwareänderung\Rn.zip|>rechner\Release\Ves.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\C_LR_001.GHS ist infiziert von Win32:Hupigon-ONX [Trj], Gelöscht

Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool_1\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P\Alt\Pool_1\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Alt\C_LR_001.GHS ist infiziert von Win32:Hupigon-ONX [Trj], Gelöscht

Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Alt\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Alt\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\d****_P_alt\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\d****_P\C_LR_001.GHS ist infiziert von Win32:Hupigon-ONX [Trj], Gelöscht

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\d****_P\Pool\temp\setup.exe|>netfxsd1.cab|>FL_cpref0_hxs_137046_ENU____.3643236F_FC70_11D3_A536_0090278A1BB8 Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\d****_P\Pool\temp\setup.exe|>netfxsd1.cab Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\Ellipsometer\C_Elli.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\OEM1\C_DR_OEM1.GHO ist infiziert von Win32:Trojano-DAX [Trj], Gelöscht

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\OEM3\C_OEM3.GHO ist infiziert von Win32:SpyBot-GEC [Trj], Gelöscht

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\RTC1-3\C_RTC1.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\RTC1-3\C_RTC2.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\RTC1-3\C_RTC3.GHO|>drvspace.bin Fehler 42127 {CAB-Archiv ist beschädigt.}

Datei D:\B*****\P**********\A********\40_S*********\Ghost S*********en\WHQ\C_Graphi.GHO ist infiziert von Win32:Radmin-AJ [PUP], Gelöscht

Datei D:\B*****\P**********\P**********splanung\P**********smeeting\DC79369A.tmp|>xl\media\image1.jpeg Fehler 42125 {ZIP-Archiv ist beschädigt.}

Datei D:\B*****\P**********\Qualitätsdaten\11_Metallization\Archiv\Qualitätsdaten alt\RS-Al\Premium156+Multi156\A1895140|>Workbook Fehler 42144 {OLE-Archiv ist beschädigt.}

Datei D:\B*****\Projekte_kopie_21082012\S***\Versuche\S***\DatenS*********\Software\Original-Softwareversionen und -updates\2010-05-26_Softwareänderung\RWE_Heilbronn.zip|>rechner\Release\Ves.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}

Datei D:\privat\01_netbook_*******_2\*******_****\markt\****_Planung__.docx|>word\media\image135.png Fehler 42125 {ZIP-Archiv ist beschädigt.}

Anzahl durchsuchter Ordner: 40554

Anzahl der geprüften Dateien: 1664432

Anzahl infizierter Dateien: 7

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01

Ran by g.**** (administrator) on B-**** on 28-11-2014 21:09:47

Running from C:\Users\g.****\Desktop

Loaded Profile: g.**** (Available profiles: Admin & g.****)

Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Windows\AsScrPro.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Dropbox, Inc.) C:\Users\GC395~1.WEI\AppData\Roaming\Dropbox\bin\Dropbox.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)

HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-10-10] (Avira GmbH)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [Run] "C:\Users\g.****\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\g.****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-347766451-462584187-1723808825-1336\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> DefaultScope {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {1786F5B0-C834-422C-8C92-083E850EAF86} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File

BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} ->  No File

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: No Name -> {EF7BD87A-8024-11E2-F316-F3E56188709B} ->  No File

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: [NameServer] 193.189.244.206 193.189.244.225

Tcpip\..\Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: [NameServer] 141.30.93.226,141.30.93.135

Tcpip\..\Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: [NameServer] 193.189.244.206 193.189.244.225

Tcpip\..\Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: [NameServer] 193.189.244.225 193.189.244.206
 

FireFox:

========

FF ProfilePath: C:\Users\g.****\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-06-11]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-26]

FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\g.****\AppData\Roaming\Mozilla\Firefox\Profiles\s8x6rwk3.default-1399060898605\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File

CHR Plugin: (Skype Toolbars) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Profile: C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]

CHR Extension: (Boston MarketOne) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-10-28]

CHR Extension: (DealPly Brazil) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2014-10-28]

CHR Extension: (InfoBird Pro) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-10-28]

CHR Extension: (Skype Click to Call) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-09]

CHR Extension: (Google Wallet) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]

CHR Extension: (Fast Discountz) - C:\Users\g.****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd [2014-10-28]

CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]

CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]

CHR HKLM\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]

CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]

CHR HKLM-x32\...\Chrome\Extension: [fmfnfnpmhcllokmkepffndflpnadjmma] - C:\Program Files (x86)\DealPly\DealPly.crx [2013-07-29]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM-x32\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]

R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [1131777 2012-12-25] (Avira Operations GmbH & Co. KG) [File not signed]

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [340136 2011-10-10] (Avira GmbH)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-10-10] (Avira GmbH)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-10] (Avira GmbH)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-10-10] (Avira GmbH)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8551272 2009-12-08] (DisplayLink Corp.)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)

R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-10] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-10] (Avira GmbH)

S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [17408 2011-09-16] (hxxp://libusb-win32.sourceforge.net)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)

S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-08] (--)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-28 21:07 - 2014-11-28 21:07 - 00000000 ____D () C:\Users\g.****\Desktop\FRST-OlderVersion

2014-11-23 18:23 - 2014-11-23 18:25 - 45120049 _____ () C:\Users\g.****\Downloads\8 - 10 - (10) Preference Isolation (14_36)(1).mp4

2014-11-23 16:38 - 2014-11-23 16:39 - 45120049 _____ () C:\Users\g.****\Downloads\8 - 10 - (10) Preference Isolation (14_36).mp4

2014-11-23 16:35 - 2014-11-23 16:37 - 59224456 _____ () C:\Users\g.****\Downloads\8 - 9 - (9) How Internet Retailing Startups Grow (12_23).mp4

2014-11-23 16:34 - 2014-11-23 16:34 - 28969171 _____ () C:\Users\g.****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55)(1).mp4

2014-11-23 15:42 - 2014-11-23 15:43 - 28969171 _____ () C:\Users\g.****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55).mp4

2014-11-23 14:55 - 2014-11-23 14:56 - 31337810 _____ () C:\Users\g.****\Downloads\8 - 7 - (7) The Long Tail Part 1 (10_58).mp4

2014-11-23 14:51 - 2014-11-23 14:52 - 25362312 _____ () C:\Users\g.****\Downloads\8 - 6 - (6) Online_Offline Competition (4_51).mp4

2014-11-23 14:50 - 2014-11-23 14:51 - 12934856 _____ () C:\Users\g.****\Downloads\8 - 5 - (5) Academic Research (3_28).mp4

2014-11-23 14:45 - 2014-11-23 14:46 - 10136029 _____ () C:\Users\g.****\Downloads\8 - 4 - (4) Goods and Information (2_39)(1).mp4

2014-11-23 14:28 - 2014-11-23 14:28 - 10136029 _____ () C:\Users\g.****\Downloads\8 - 4 - (4) Goods and Information (2_39).mp4

2014-11-23 14:23 - 2014-11-23 14:24 - 21561557 _____ () C:\Users\g.****\Downloads\8 - 3 - (3) Friction (4_39).mp4

2014-11-23 14:20 - 2014-11-23 14:22 - 39023006 _____ () C:\Users\g.****\Downloads\8 - 2 - (2) Go To Market Strategies_ Introduction (14_07) .mp4

2014-11-23 14:19 - 2014-11-23 14:19 - 14528058 _____ () C:\Users\g.****\Downloads\8 - 1 - (1) Introduction and Execution (2_09).mp4

2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-11-22 20:35 - 2014-11-22 20:35 - 00001972 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2014-11-22 20:32 - 2014-11-22 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-11-22 20:32 - 2014-11-22 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-11-22 20:32 - 2014-11-22 20:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2014-11-22 20:31 - 2014-11-22 20:31 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys

2014-11-22 02:55 - 2014-11-24 23:56 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\vlc

2014-11-22 02:54 - 2014-11-22 02:54 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2014-11-22 02:54 - 2014-11-22 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-11-22 02:53 - 2014-11-22 02:53 - 00000000 ____D () C:\Program Files (x86)\VideoLAN

2014-11-22 02:50 - 2014-11-22 02:50 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Cliqz

2014-11-22 02:50 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll

2014-11-22 02:50 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll

2014-11-22 02:47 - 2014-11-22 02:47 - 01125200 _____ () C:\Users\g.****\Downloads\VLC media player 32 Bit - CHIP-Installer.exe

2014-11-22 02:41 - 2014-11-22 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

2014-11-22 02:31 - 2014-11-22 02:32 - 38232486 _____ () C:\Users\g.****\Downloads\2 - 1 - (1-a) Marketing 101_ Building Strong Brands Part I (15_10).mp4

2014-11-22 02:20 - 2014-11-22 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-11-22 01:21 - 2014-11-22 01:21 - 00244392 _____ () C:\Users\g.****\Downloads\Firefox Setup Stub 33.1.1.exe

2014-11-21 23:34 - 2014-11-21 23:34 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

2014-11-18 22:12 - 2014-11-18 22:12 - 00000000 ____D () C:\Users\g.****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL_LANtreiber

2014-11-18 22:03 - 2014-11-18 22:03 - 01120817 _____ () C:\Users\g.****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL.zip

2014-11-18 22:02 - 2014-11-18 22:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-18 22:02 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-18 21:14 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-18 21:00 - 2014-11-18 21:00 - 00000000 ____D () C:\Users\g.****\Desktop\win7-10.0.0.297-whql_wlantreiber

2014-11-18 20:56 - 2014-11-18 20:47 - 02584189 _____ () C:\Users\g.****\Desktop\win7-10.0.0.297-whql.zip

2014-11-14 13:03 - 2014-11-14 13:21 - 00044064 _____ () C:\Users\g.****\Desktop\Result.txt

2014-11-14 13:01 - 2014-11-14 12:48 - 00401920 _____ (Farbar) C:\Users\g.****\Desktop\MiniToolBox.exe

2014-11-10 02:12 - 2014-11-10 02:12 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-B-****-Microsoft-Windows-7-Professional-(64-bit).dat

2014-11-10 02:12 - 2014-11-10 02:12 - 00000000 ____D () C:\RegBackup

2014-11-09 20:49 - 2014-11-09 20:49 - 00003288 ____N () C:\bootsqm.dat

2014-11-09 18:56 - 2014-11-09 18:56 - 00000000 ____D () C:\windows repair_tweakingcom

2014-11-07 22:14 - 2014-11-09 19:02 - 00002161 _____ () C:\Users\g.****\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-11-07 22:07 - 2014-11-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-11-07 22:06 - 2014-11-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-11-07 22:02 - 2014-11-07 22:02 - 00000000 ____D () C:\tweaking.com

2014-10-30 17:10 - 2014-10-30 17:10 - 00000000 ____D () C:\Users\g.****\Downloads\Frst64

2014-10-30 17:08 - 2014-10-30 17:08 - 00038743 _____ () C:\Users\g.****\Desktop\FRST_30102014.txt

2014-10-30 17:05 - 2014-10-30 17:05 - 00039193 _____ () C:\Users\g.****\Desktop\Addition_30102014.txt

2014-10-30 17:01 - 2014-10-30 17:03 - 00039193 _____ () C:\Users\g.****\Desktop\Addition.txt

2014-10-30 16:59 - 2014-11-28 21:09 - 00026965 _____ () C:\Users\g.****\Desktop\FRST.txt

2014-10-29 13:12 - 2014-10-29 13:12 - 00031633 _____ () C:\ComboFix.txt

2014-10-29 02:10 - 2014-10-29 13:49 - 00000000 ____D () C:\Qoobox

2014-10-29 02:10 - 2014-10-29 13:49 - 00000000 ____D () C:\ComboFix

2014-10-29 02:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-10-29 02:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-10-29 02:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-10-29 02:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-10-29 02:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-10-29 02:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2014-10-29 02:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2014-10-29 02:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2014-10-29 02:08 - 2014-10-29 13:02 - 00000000 ____D () C:\Windows\erdnt

2014-10-29 01:08 - 2014-10-29 01:09 - 05591695 ____R (Swearware) C:\Users\g.****\Desktop\ComboFix.exe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-28 21:09 - 2014-10-27 19:30 - 00000000 ____D () C:\FRST

2014-11-28 21:08 - 2011-10-10 11:20 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Skype

2014-11-28 21:07 - 2014-10-27 19:29 - 02117632 _____ (Farbar) C:\Users\g.****\Desktop\FRST64.exe

2014-11-28 20:48 - 2013-07-02 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-28 20:30 - 2011-03-08 05:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-28 19:26 - 2011-03-08 05:28 - 02096996 _____ () C:\Windows\WindowsUpdate.log

2014-11-28 19:17 - 2014-10-27 23:51 - 00000000 ___RD () C:\Users\g.****\Dropbox

2014-11-28 19:17 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Dropbox

2014-11-28 19:17 - 2014-10-26 00:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-11-28 19:14 - 2011-09-16 15:58 - 00000000 ____D () C:\Program Files\DisplayLink Core Software

2014-11-28 19:14 - 2011-03-08 05:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-28 16:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

2014-11-28 05:19 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-28 05:19 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-28 05:14 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-28 05:13 - 2011-03-08 06:05 - 06718140 _____ () C:\Windows\PFRO.log

2014-11-28 05:13 - 2009-07-14 05:51 - 00100797 _____ () C:\Windows\setupact.log

2014-11-27 20:55 - 2009-08-04 12:10 - 00657254 _____ () C:\Windows\system32\perfh007.dat

2014-11-27 20:55 - 2009-08-04 12:10 - 00131386 _____ () C:\Windows\system32\perfc007.dat

2014-11-27 20:55 - 2009-07-14 06:13 - 01537930 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-27 19:41 - 2011-09-16 15:54 - 00045056 _____ () C:\Windows\system32\acovcnt.exe

2014-11-26 20:53 - 2013-11-20 18:37 - 00000000 ____D () C:\Users\g.****\Desktop\Alte Firefox-Daten

2014-11-26 01:48 - 2013-07-02 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-26 01:48 - 2012-04-23 12:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-26 01:48 - 2012-01-18 02:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-25 18:57 - 2013-04-24 23:02 - 00000000 ____D () C:\Users\g.****\AppData\Local\CUSTPDF Writer

2014-11-25 17:01 - 2014-08-19 14:48 - 00000000 ____D () C:\privat_2

2014-11-23 09:49 - 2011-03-08 05:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office

2014-11-23 09:45 - 2011-09-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-23 09:36 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini

2014-11-23 09:20 - 2011-03-08 06:21 - 00001473 _____ () C:\Windows\system32\ServiceFilter.ini

2014-11-22 20:33 - 2014-10-26 00:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-11-22 03:17 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Nico Mak Computing

2014-11-22 03:02 - 2009-07-14 05:45 - 00440480 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-22 03:01 - 2014-06-11 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-22 03:01 - 2013-04-23 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-22 02:48 - 2011-09-16 09:26 - 00118032 _____ () C:\Users\g.****\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-22 02:32 - 2011-09-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works

2014-11-22 01:24 - 2011-10-10 09:59 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-11-22 01:24 - 2011-10-10 09:59 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-18 22:12 - 2011-08-04 11:19 - 00144912 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\JME.sys

2014-11-18 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-18 21:25 - 2011-03-08 05:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-18 21:25 - 2011-03-08 05:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-18 21:19 - 2014-10-27 23:51 - 00000984 _____ () C:\Users\g.****\Desktop\Dropbox.lnk

2014-11-18 21:19 - 2014-10-27 23:49 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-15 02:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-11-10 03:06 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-11-10 03:04 - 2011-09-17 00:51 - 00000000 ____D () C:\Windows\CSC

2014-11-10 02:54 - 2012-06-20 14:24 - 00327680 _____ () C:\Windows\system32\Ikeext.etl

2014-11-09 20:50 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-04 14:30 - 2013-11-13 03:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-29 12:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-10-29 12:31 - 2009-07-14 03:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_302

2014-10-29 00:59 - 2013-04-23 15:32 - 00000000 ____D () C:\Users\g.****\AppData\Roaming\DSite
 

Some content of TEMP:

====================

C:\Users\g.****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpa4sggp.dll

C:\Users\g.****\AppData\Local\Temp\SkypeSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-11-02 07:53
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

jede Tastatureingabe ist wieder extrem langsam verzögert. auch noch nach dem clean mit AVAST.
keine Ahnung woher u. wieso so kurz nach dem combofix schon wieder so viele Trojaner kamen.

Fehlt noch die Addition.txt von FRST. :)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01

Ran by g.***** (administrator) on B-***** on 30-11-2014 14:25:13

Running from C:\Users\g.*****\Desktop

Loaded Profile: g.***** (Available profiles: Admin & g.*****)

Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe

() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

(ASUS) C:\Windows\AsScrPro.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Dropbox, Inc.) C:\Users\g.*****\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)

HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-10-10] (Avira GmbH)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [TaskbarNoNotification] 0

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [Run] "C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-347766451-462584187-1723808825-1336\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> DefaultScope {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {1786F5B0-C834-422C-8C92-083E850EAF86} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} ->  No File

BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} ->  No File

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO-x32: No Name -> {B922D405-6D13-4A2B-AE89-08A030DA4402} ->  No File

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: No Name -> {EF7BD87A-8024-11E2-F316-F3E56188709B} ->  No File

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -  No File

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: [NameServer] 193.189.244.206 193.189.244.225

Tcpip\..\Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: [NameServer] 141.30.93.226,141.30.93.135

Tcpip\..\Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: [NameServer] 193.189.244.206 193.189.244.225

Tcpip\..\Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: [NameServer] 193.189.244.225 193.189.244.206
 

FireFox:

========

FF ProfilePath: C:\Users\g.*****\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-06-11]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-26]

FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\g.*****\AppData\Roaming\Mozilla\Firefox\Profiles\s8x6rwk3.default-1399060898605\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File

CHR Plugin: (Skype Toolbars) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Profile: C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]

CHR Extension: (Boston MarketOne) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2014-10-28]

CHR Extension: (DealPly Brazil) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2014-10-28]

CHR Extension: (InfoBird Pro) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2014-10-28]

CHR Extension: (Skype Click to Call) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-10-09]

CHR Extension: (Google Wallet) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]

CHR Extension: (Fast Discountz) - C:\Users\g.*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd [2014-10-28]

CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]

CHR HKLM\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]

CHR HKLM\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]

CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\GC395~1.WEI\AppData\Local\BostonMarketOne.crx [2013-07-29]

CHR HKLM-x32\...\Chrome\Extension: [fmfnfnpmhcllokmkepffndflpnadjmma] - C:\Program Files (x86)\DealPly\DealPly.crx [2013-07-29]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]

CHR HKLM-x32\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\GC395~1.WEI\AppData\Local\InfoBirdPro.crx [2013-08-19]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]

CHR HKLM-x32\...\Chrome\Extension: [oldchfemoapgakfjnmbngnljnkoapbhd] - C:\Users\GC395~1.WEI\AppData\Local\FastDiscountz.crx [2013-09-04]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]

R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [1131777 2012-12-25] (Avira Operations GmbH & Co. KG) [File not signed]

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [340136 2011-10-10] (Avira GmbH)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-10-10] (Avira GmbH)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-10] (Avira GmbH)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-10-10] (Avira GmbH)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8551272 2009-12-08] (DisplayLink Corp.)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)

R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-10] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-10] (Avira GmbH)

S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [17408 2011-09-16] (hxxp://libusb-win32.sourceforge.net)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)

S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-08] (--)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-29 23:29 - 2014-11-29 23:29 - 00000000 ____D () C:\Users\g.*****\AppData\Local\Foxit Reader

2014-11-28 21:07 - 2014-11-28 21:07 - 00000000 ____D () C:\Users\g.*****\Desktop\FRST-OlderVersion

2014-11-23 18:23 - 2014-11-23 18:25 - 45120049 _____ () C:\Users\g.*****\Downloads\8 - 10 - (10) Preference Isolation (14_36)(1).mp4

2014-11-23 16:38 - 2014-11-23 16:39 - 45120049 _____ () C:\Users\g.*****\Downloads\8 - 10 - (10) Preference Isolation (14_36).mp4

2014-11-23 16:35 - 2014-11-23 16:37 - 59224456 _____ () C:\Users\g.*****\Downloads\8 - 9 - (9) How Internet Retailing Startups Grow (12_23).mp4

2014-11-23 16:34 - 2014-11-23 16:34 - 28969171 _____ () C:\Users\g.*****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55)(1).mp4

2014-11-23 15:42 - 2014-11-23 15:43 - 28969171 _____ () C:\Users\g.*****\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55).mp4

2014-11-23 14:55 - 2014-11-23 14:56 - 31337810 _____ () C:\Users\g.*****\Downloads\8 - 7 - (7) The Long Tail Part 1 (10_58).mp4

2014-11-23 14:51 - 2014-11-23 14:52 - 25362312 _____ () C:\Users\g.*****\Downloads\8 - 6 - (6) Online_Offline Competition (4_51).mp4

2014-11-23 14:50 - 2014-11-23 14:51 - 12934856 _____ () C:\Users\g.*****\Downloads\8 - 5 - (5) Academic Research (3_28).mp4

2014-11-23 14:45 - 2014-11-23 14:46 - 10136029 _____ () C:\Users\g.*****\Downloads\8 - 4 - (4) Goods and Information (2_39)(1).mp4

2014-11-23 14:28 - 2014-11-23 14:28 - 10136029 _____ () C:\Users\g.*****\Downloads\8 - 4 - (4) Goods and Information (2_39).mp4

2014-11-23 14:23 - 2014-11-23 14:24 - 21561557 _____ () C:\Users\g.*****\Downloads\8 - 3 - (3) Friction (4_39).mp4

2014-11-23 14:20 - 2014-11-23 14:22 - 39023006 _____ () C:\Users\g.*****\Downloads\8 - 2 - (2) Go To Market Strategies_ Introduction (14_07) .mp4

2014-11-23 14:19 - 2014-11-23 14:19 - 14528058 _____ () C:\Users\g.*****\Downloads\8 - 1 - (1) Introduction and Execution (2_09).mp4

2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-11-22 20:35 - 2014-11-22 20:35 - 00001972 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2014-11-22 20:32 - 2014-11-22 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-11-22 20:32 - 2014-11-22 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-11-22 20:32 - 2014-11-22 20:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2014-11-22 20:31 - 2014-11-22 20:31 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys

2014-11-22 02:55 - 2014-11-24 23:56 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\vlc

2014-11-22 02:54 - 2014-11-22 02:54 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2014-11-22 02:54 - 2014-11-22 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-11-22 02:53 - 2014-11-22 02:53 - 00000000 ____D () C:\Program Files (x86)\VideoLAN

2014-11-22 02:50 - 2014-11-22 02:50 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Cliqz

2014-11-22 02:50 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll

2014-11-22 02:50 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll

2014-11-22 02:47 - 2014-11-22 02:47 - 01125200 _____ () C:\Users\g.*****\Downloads\VLC media player 32 Bit - CHIP-Installer.exe

2014-11-22 02:41 - 2014-11-22 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

2014-11-22 02:31 - 2014-11-22 02:32 - 38232486 _____ () C:\Users\g.*****\Downloads\2 - 1 - (1-a) Marketing 101_ Building Strong Brands Part I (15_10).mp4

2014-11-22 02:20 - 2014-11-22 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-11-22 01:21 - 2014-11-22 01:21 - 00244392 _____ () C:\Users\g.*****\Downloads\Firefox Setup Stub 33.1.1.exe

2014-11-21 23:34 - 2014-11-21 23:34 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

2014-11-18 22:12 - 2014-11-18 22:12 - 00000000 ____D () C:\Users\g.*****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL_LANtreiber

2014-11-18 22:03 - 2014-11-18 22:03 - 01120817 _____ () C:\Users\g.*****\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL.zip

2014-11-18 22:02 - 2014-11-18 23:06 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-18 22:02 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-18 21:14 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-18 21:00 - 2014-11-18 21:00 - 00000000 ____D () C:\Users\g.*****\Desktop\win7-10.0.0.297-whql_wlantreiber

2014-11-18 20:56 - 2014-11-18 20:47 - 02584189 _____ () C:\Users\g.*****\Desktop\win7-10.0.0.297-whql.zip

2014-11-14 13:03 - 2014-11-14 13:21 - 00044064 _____ () C:\Users\g.*****\Desktop\Result.txt

2014-11-14 13:01 - 2014-11-14 12:48 - 00401920 _____ (Farbar) C:\Users\g.*****\Desktop\MiniToolBox.exe

2014-11-10 02:12 - 2014-11-10 02:12 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-B-*****-Microsoft-Windows-7-Professional-(64-bit).dat

2014-11-10 02:12 - 2014-11-10 02:12 - 00000000 ____D () C:\RegBackup

2014-11-09 20:49 - 2014-11-09 20:49 - 00003288 ____N () C:\bootsqm.dat

2014-11-09 18:56 - 2014-11-09 18:56 - 00000000 ____D () C:\windows repair_tweakingcom

2014-11-07 22:14 - 2014-11-09 19:02 - 00002161 _____ () C:\Users\g.*****\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-11-07 22:07 - 2014-11-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-11-07 22:06 - 2014-11-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-11-07 22:02 - 2014-11-07 22:02 - 00000000 ____D () C:\tweaking.com
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-11-30 14:25 - 2014-10-30 16:59 - 00026888 _____ () C:\Users\g.*****\Desktop\FRST.txt

2014-11-30 14:25 - 2014-10-27 19:30 - 00000000 ____D () C:\FRST

2014-11-30 13:58 - 2011-03-08 05:28 - 01101548 _____ () C:\Windows\WindowsUpdate.log

2014-11-30 13:56 - 2011-10-10 11:20 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Skype

2014-11-30 13:53 - 2014-10-27 23:51 - 00000000 ___RD () C:\Users\g.*****\Dropbox

2014-11-30 13:53 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Dropbox

2014-11-30 13:53 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-30 13:53 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-30 13:50 - 2011-09-16 15:58 - 00000000 ____D () C:\Program Files\DisplayLink Core Software

2014-11-30 13:50 - 2011-09-16 15:54 - 00045056 _____ () C:\Windows\system32\acovcnt.exe

2014-11-30 13:50 - 2011-03-08 05:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-30 13:48 - 2013-07-02 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-30 13:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

2014-11-30 13:47 - 2011-03-08 06:05 - 06728646 _____ () C:\Windows\PFRO.log

2014-11-30 13:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-30 13:47 - 2009-07-14 05:51 - 00100909 _____ () C:\Windows\setupact.log

2014-11-30 02:30 - 2011-03-08 05:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-30 00:04 - 2009-08-04 12:10 - 00657254 _____ () C:\Windows\system32\perfh007.dat

2014-11-30 00:04 - 2009-08-04 12:10 - 00131386 _____ () C:\Windows\system32\perfc007.dat

2014-11-30 00:04 - 2009-07-14 06:13 - 01537930 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-28 21:07 - 2014-10-27 19:29 - 02117632 _____ (Farbar) C:\Users\g.*****\Desktop\FRST64.exe

2014-11-28 19:17 - 2014-10-26 00:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-11-26 20:53 - 2013-11-20 18:37 - 00000000 ____D () C:\Users\g.*****\Desktop\Alte Firefox-Daten

2014-11-26 01:48 - 2013-07-02 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-26 01:48 - 2012-04-23 12:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-26 01:48 - 2012-01-18 02:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-25 19:01 - 2013-04-24 23:02 - 00000000 ____D () C:\Users\g.*****\AppData\Local\CUSTPDF Writer

2014-11-25 17:01 - 2014-08-19 14:48 - 00000000 ____D () C:\privat_2

2014-11-23 09:49 - 2011-03-08 05:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office

2014-11-23 09:45 - 2011-09-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-23 09:36 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini

2014-11-23 09:20 - 2011-03-08 06:21 - 00001473 _____ () C:\Windows\system32\ServiceFilter.ini

2014-11-22 20:33 - 2014-10-26 00:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-11-22 03:17 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Nico Mak Computing

2014-11-22 03:02 - 2009-07-14 05:45 - 00440480 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-22 03:01 - 2014-06-11 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-22 03:01 - 2013-04-23 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-22 02:48 - 2011-09-16 09:26 - 00118032 _____ () C:\Users\g.*****\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-22 02:32 - 2011-09-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works

2014-11-22 01:24 - 2011-10-10 09:59 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-11-22 01:24 - 2011-10-10 09:59 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-18 22:12 - 2011-08-04 11:19 - 00144912 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\JME.sys

2014-11-18 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-18 21:25 - 2011-03-08 05:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-18 21:25 - 2011-03-08 05:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-18 21:19 - 2014-10-27 23:51 - 00000984 _____ () C:\Users\g.*****\Desktop\Dropbox.lnk

2014-11-18 21:19 - 2014-10-27 23:49 - 00000000 ____D () C:\Users\g.*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-15 02:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-11-10 03:06 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-11-10 03:04 - 2011-09-17 00:51 - 00000000 ____D () C:\Windows\CSC

2014-11-10 02:54 - 2012-06-20 14:24 - 00327680 _____ () C:\Windows\system32\Ikeext.etl

2014-11-09 20:50 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-04 14:30 - 2013-11-13 03:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

Some content of TEMP:

====================

C:\Users\g.*****\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc7xtm0.dll

C:\Users\g.*****\AppData\Local\Temp\SkypeSetup.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-11-02 07:53
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01

Ran by g.***** at 2014-11-30 14:27:13

Running from C:\Users\g.*****\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AntiVir Desktop (Disabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)

AFORS-HET 2.4.1 (HKLM-x32\...\AFORS-HET_is1) (Version:  - Helmholtz-Zentrum Berlin)

ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)

ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)

ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)

ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)

ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.41 - ASUS)

ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)

ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)

ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)

ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)

Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Avira AntiVir Professional (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.2.0.1064 - Avira GmbH)

Avira Security Management Center Agent (HKLM-x32\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version:  - Avira GmbH)

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - Oberon Media Inc.)

Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden

Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)

Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.127.0.61 - Conexant)

Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)

ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)

CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)

CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)

CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DisplayLink Core Software (HKLM\...\{34000989-17D6-4271-9800-D78CF94B3BED}) (Version: 5.2.22617.0 - DisplayLink Corp.)

DisplayLink Graphics (HKLM\...\{DB6D5CB2-92FF-4B41-98AA-54C62C926E83}) (Version: 5.2.22826.0 - DisplayLink Corp.)

Dropbox (HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)

ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)

Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)

FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)

Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)

Free DWG Viewer 7.0 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.0.1 - IGC)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - Oberon Media Inc.)

Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version:  - Oberon Media Inc.)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)

JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)

Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.1 - Minitab, Inc.)

Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)

Minitab16 (x32 Version: 16.2.1.0 - Minitab Inc) Hidden

Minitab16 (x32 Version: 16.2.1.0 - Minitab, Inc.) Hidden

Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)

Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.705 - Huawei Technologies Co.,Ltd)

Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)

OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)

PDF Creator (HKLM\...\PDF Creator) (Version:  - )

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)

Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version:  - Oberon Media Inc.)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)

SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden

STP Viewer 2.3 (HKLM-x32\...\{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1) (Version:  - IdeaMK)

syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)

Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.1 - Tweaking.com)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )

USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version:  - )

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)

Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)

ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)

適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g.*****\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

23-11-2014 08:25:14 Windows Update

23-11-2014 08:48:32 Windows Update

24-11-2014 02:00:23 Windows Update

26-11-2014 02:00:48 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-11-10 02:59 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0DD8E9FA-5221-4425-B642-47E2B50D6A0B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)

Task: {199F694F-1F73-4C29-8460-D1D17CF0473A} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-10-15] (ASUS)

Task: {1DC43702-0414-4A71-886A-DBDB51BE4792} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control

Task: {48A2D53D-A977-4528-AB9D-9F7CCCD0C2D9} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)

Task: {5A254883-3B20-45DB-B4AD-2C65E1E8242C} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()

Task: {5ADEBF77-533D-419F-A0D3-1D680F36060F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {612C6DC8-F1AB-41D7-B320-7316C739DA0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)

Task: {6663CCD4-A2B1-482F-8109-C1F3987A5249} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)

Task: {66900E75-FE77-4146-84F8-3B50C35EA902} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()

Task: {960F4542-7743-4E93-87E2-880A9DB261C7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)

Task: {A5D55876-4AD7-4E9F-8C78-627EFCB29E6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

Task: {AFD0E19F-FDCB-4086-9400-D6C0FACE4A8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

Task: {B9F1E749-5232-43D7-A81B-CB8920AAD0CA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-10-01] (asus)

Task: {D5B2A4FE-307E-43AC-8999-358EA080D05D} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-04-23 15:33 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll

2011-10-24 11:39 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll

2013-07-09 15:01 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll

2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll

2010-05-12 02:35 - 2010-05-12 02:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe

2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

2011-03-08 06:22 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

2010-03-16 02:48 - 2010-03-16 02:48 - 00148816 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\EcaremeDLL.dll

2011-03-08 05:55 - 2011-03-08 05:55 - 00030032 _____ () C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll

2011-03-08 05:55 - 2011-03-08 05:55 - 00931840 _____ () C:\Windows\assembly\GAC_64\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

2010-03-12 05:14 - 2010-03-12 05:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2010-09-24 01:53 - 2010-09-24 01:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

2014-11-29 20:12 - 2014-11-29 20:12 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14112901\algo.dll

2014-11-30 13:48 - 2014-11-30 13:48 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14113000\algo.dll

2011-10-10 10:03 - 2011-10-10 10:03 - 00355688 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2011-10-10 10:01 - 2011-12-01 11:36 - 00126721 _____ () C:\Program Files (x86)\Avira\Avira Security Management Center Agent\SCEWXMLW.dll

2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2014-11-22 20:32 - 2014-11-22 20:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-11-30 13:52 - 2014-11-30 13:52 - 00043008 _____ () c:\users\gc395~1.wei\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpc7xtm0.dll

2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\g.*****\AppData\Roaming\Dropbox\bin\libcef.dll

2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2010-10-01 00:13 - 2010-10-01 00:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll

2010-10-01 00:13 - 2010-10-01 00:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll

2010-10-01 00:14 - 2010-10-01 00:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll

2010-10-01 00:13 - 2010-10-01 00:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll

2014-11-22 01:24 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-11-26 01:48 - 2014-11-26 01:48 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
 

========================= Accounts: ==========================
 

Admin (S-1-5-21-1122509215-102311790-3122138105-1000 - Administrator - Enabled) => C:\Users\Admin

Administrator (S-1-5-21-1122509215-102311790-3122138105-500 - Administrator - Disabled)

Gast (S-1-5-21-1122509215-102311790-3122138105-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (11/26/2014 08:45:58 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm firefox.exe, Version 33.1.1.5430 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1d28
 

Startzeit: 01d009b16bacfe18
 

Endzeit: 47
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: d5b314cc-75a4-11e4-a71f-74f06dd08b0f
 

Error: (11/26/2014 08:44:37 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm firefox.exe, Version 33.1.1.5430 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 808
 

Startzeit: 01d009b126c707de
 

Endzeit: 31
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: a4b2db21-75a4-11e4-a71f-74f06dd08b0f
 

Error: (11/26/2014 08:42:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm firefox.exe, Version 33.1.1.5430 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 16a8
 

Startzeit: 01d0097cd83f377f
 

Endzeit: 213
 

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID: 5a92400b-75a4-11e4-a71f-74f06dd08b0f
 

Error: (11/24/2014 03:28:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: splwow64.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd3ca

Name des fehlerhaften Moduls: GDI32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdf01

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000015673

ID des fehlerhaften Prozesses: 0x2f08

Startzeit der fehlerhaften Anwendung: 0xsplwow64.exe0

Pfad der fehlerhaften Anwendung: splwow64.exe1

Pfad des fehlerhaften Moduls: splwow64.exe2

Berichtskennung: splwow64.exe3
 

Error: (11/24/2014 00:50:35 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: splwow64.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bd3ca

Name des fehlerhaften Moduls: GDI32.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdf01

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000015673

ID des fehlerhaften Prozesses: 0xe4c

Startzeit der fehlerhaften Anwendung: 0xsplwow64.exe0

Pfad der fehlerhaften Anwendung: splwow64.exe1

Pfad des fehlerhaften Moduls: splwow64.exe2

Berichtskennung: splwow64.exe3
 

Error: (11/21/2014 08:06:56 PM) (Source: Avira AntiVir) (EventID: 4129) (User: NT-AUTORITÄT)

Description: Das Update von B-***** (192.168.1.190) ist fehlgeschlagen.

Keine gültige Lizenz gefunden. .

Es wurden keine neuen Dateien geladen.
 

Error: (11/21/2014 07:48:58 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoID={2026BB5C-6A34-4503-99F9-0F820D9D3D39}: Der Benutzer "*****\g.*****" hat eine Verbindung mit dem Namen "o2 Internet" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 797.
 

Error: (11/18/2014 10:25:12 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoID={29C40B17-1752-4FBC-AF62-6BE8BC7C472D}: Der Benutzer "*****\g.*****" hat eine Verbindung mit dem Namen "b*****" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 807.
 

Error: (11/18/2014 10:17:28 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoID={9637FD70-7D9C-4009-A10D-90BBD9D39A34}: Der Benutzer "*****\g.*****" hat eine Verbindung mit dem Namen "b*****" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 1168.
 

Error: (11/15/2014 04:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16667, Zeitstempel: 0x4c7dc5a1

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x056400c4

ID des fehlerhaften Prozesses: 0xf64

Startzeit der fehlerhaften Anwendung: 0xwmplayer.exe0

Pfad der fehlerhaften Anwendung: wmplayer.exe1

Pfad des fehlerhaften Moduls: wmplayer.exe2

Berichtskennung: wmplayer.exe3
 
 

System errors:

=============

Error: (11/30/2014 01:51:41 PM) (Source: TermService) (EventID: 1067) (User: )

Description: Der Terminalserver kann den Dienstprinzipalnamen "TERMSRV", der für die Serverauthentifizierung verwendet werden soll, nicht registrieren. Der folgende Fehler ist aufgetreten: Die angegebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.

.
 

Error: (11/30/2014 01:50:42 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: *****)

Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 

Error: (11/30/2014 01:50:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet: 

%%1792
 

Error: (11/30/2014 01:50:42 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT-AUTORITÄT)

Description: Der Zeitdienst wurde heruntergefahren, da ein Fehler aufgetreten ist. Fehler: 0x80070700: Es wurde versucht, sich anzumelden, aber der Netzwerkanmeldedienst war nicht gestartet.
 

Error: (11/30/2014 01:48:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet: 

%%1792
 

Error: (11/30/2014 01:48:30 PM) (Source: Microsoft-Windows-Time-Service) (EventID: 46) (User: NT-AUTORITÄT)

Description: Der Zeitdienst wurde heruntergefahren, da ein Fehler aufgetreten ist. Fehler: 0x80070700: Es wurde versucht, sich anzumelden, aber der Netzwerkanmeldedienst war nicht gestartet.
 

Error: (11/30/2014 01:48:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Avira AntiVir WebGuard" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
 

Error: (11/30/2014 01:48:22 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
 

Error: (11/30/2014 01:47:41 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT-AUTORITÄT)

Description: Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Computername konnte nicht aufgelöst werden. Dies kann mindestens eine der folgenden Ursachen haben: 

a) Fehler bei der Namensauflösung mit dem aktuellen Domänencontroller. 

b) Active Directory-Replikationswartezeit (ein auf einem anderen Domänencontroller erstelltes Konto hat nicht auf dem aktuellen Domänencontroller repliziert).
 

Error: (11/30/2014 03:13:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "DisplayLinkManager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Microsoft Office Sessions:

=========================

Error: (06/09/2014 04:51:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4138 seconds with 2580 seconds of active time.  This session ended with a crash.
 

Error: (06/09/2014 03:41:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7957 seconds with 1740 seconds of active time.  This session ended with a crash.
 

Error: (06/07/2014 02:10:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32854 seconds with 8880 seconds of active time.  This session ended with a crash.
 

Error: (06/06/2014 05:02:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20089 seconds with 6960 seconds of active time.  This session ended with a crash.
 

Error: (06/05/2014 09:23:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 199097 seconds with 14520 seconds of active time.  This session ended with a crash.
 

Error: (06/04/2014 00:43:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61835 seconds with 2100 seconds of active time.  This session ended with a crash.
 

Error: (06/03/2014 07:33:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1626 seconds with 540 seconds of active time.  This session ended with a crash.
 

Error: (06/03/2014 00:02:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1446 seconds with 1320 seconds of active time.  This session ended with a crash.
 

Error: (06/02/2014 11:37:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1772 seconds with 1500 seconds of active time.  This session ended with a crash.
 

Error: (05/31/2014 11:26:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25741 seconds with 4080 seconds of active time.  This session ended with a crash.
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-10-29 11:53:29.029

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-29 11:53:28.888

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz

Percentage of memory in use: 86%

Total physical RAM: 1900.3 MB

Available physical RAM: 250.98 MB

Total Pagefile: 3800.59 MB

Available Pagefile: 1409.77 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:16.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:202.08 GB) (Free:8.88 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)

Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)

Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

wie ist es mit WLAN? soll ich Drahtlosnetzwerkverbindung trennen? damit kein internetverbindung während combofix und deaktiviertem Virenscanner ist?

vorher wiederherstellungspunkt in windows machen?

firewall aktiviert lassen während combofix?

combofix ist durchgelaufen. hat aber 12 h gedauert. log.txt am Bildschirm erschienen (habe ich auch noch zusätzlich abgespeichert).
aber jetzt steht seit einer Stunde der Bildschirm mit blauem Windowshintergrund ohne irgendwelche desktopicons und ohne menütaskleiste. ist das normal? läuft combofix noch oder muss man Rechner über taskmanager neu starten?
ich schreibe dies hier über einen anderen Rechner.

im windows task manager ist CPU Auslastung fast ständig 0%, manchmal kurzzeitig 1,2 oder 9%. es sind einige Prozesse und Dienste im Status 'wird ausgeführt', jedoch finde ich nichts über combofix. ansonsten blauer Bildschirm, blank nur mit windowsfarbensymbol im Zentrum, keine Icons, keine Menü-Taskleiste. es ändert sich nichts mehr.

das heißt combofix ist abgeschlossen??? Neustart über Taskmanager machen???

combofix log.txt habe ich per USBstick hierher auf den anderen Rechner übertragen. der Bildschirm am infizierten Rechner ist immer noch im gleichen regungslosen Zustand ohne taskleiste oder icons

Code:

ComboFix 14-11-25.01 - g****** 01.12.2014   4:42.2.4 - x64

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.1900.678 [GMT 1:00]

ausgeführt von:: c:\users\g******\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\~.inf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-11-01 bis 2014-12-01  ))))))))))))))))))))))))))))))

.

.

2014-12-01 13:53 . 2014-12-01 13:53        --------        d-----w-        c:\users\Public\AppData\Local\temp

2014-12-01 13:53 . 2014-12-01 13:53        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-12-01 13:53 . 2014-12-01 13:53        --------        d-----w-        c:\users\p********\AppData\Local\temp

2014-12-01 13:53 . 2014-12-01 13:53        --------        d-----w-        c:\users\d********\AppData\Local\temp

2014-12-01 13:53 . 2014-12-01 13:53        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2014-12-01 13:53 . 2014-12-01 13:53        --------        d-----w-        c:\users\Admin\AppData\Local\temp

2014-12-01 00:56 . 2014-12-01 00:56        1928228        ----a-w-        c:\windows\SysWow64\~.tmp

2014-11-29 22:29 . 2014-11-29 22:29        --------        d-----w-        c:\users\g******\AppData\Local\Foxit Reader

2014-11-28 18:26 . 2014-11-17 01:08        11632448        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7F068AE-A38C-438B-87E5-9F3893A06D87}\mpengine.dll

2014-11-23 08:32 . 2014-11-23 08:32        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2014-11-22 19:32 . 2014-11-22 19:31        28184        ----a-w-        c:\windows\system32\drivers\aswKbd.sys

2014-11-22 19:32 . 2014-11-22 19:32        364512        ----a-w-        c:\windows\system32\aswBoot.exe

2014-11-22 19:32 . 2014-11-22 19:32        43152        ----a-w-        c:\windows\avastSS.scr

2014-11-22 19:31 . 2014-11-22 19:31        449936        ----a-w-        c:\windows\system32\drivers\aswNdisFlt.sys

2014-11-22 01:55 . 2014-11-24 22:56        --------        d-----w-        c:\users\g******\AppData\Roaming\vlc

2014-11-22 01:53 . 2014-11-22 01:53        --------        d-----w-        c:\program files (x86)\VideoLAN

2014-11-22 01:50 . 2011-05-13 10:16        493056        ----a-w-        c:\windows\SysWow64\dhRichClient3.dll

2014-11-22 01:50 . 2011-03-25 18:42        338432        ----a-w-        c:\windows\SysWow64\sqlite36_engine.dll

2014-11-22 01:50 . 2014-11-22 01:50        --------        d-----w-        c:\users\g******\AppData\Roaming\Cliqz

2014-11-22 01:17 . 2014-11-22 01:17        --------        d-----w-        c:\program files\Microsoft Silverlight

2014-11-22 01:17 . 2014-11-22 01:17        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2014-11-21 20:24 . 2014-11-21 20:24        220784        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\sandboxbroker.dll

2014-11-18 21:02 . 2014-11-18 22:06        --------        d-----w-        c:\windows\system32\MRT

2014-11-18 20:14 . 2014-09-15 00:44        3195392        ----a-w-        c:\windows\system32\win32k.sys

2014-11-10 02:05 . 2014-11-18 22:07        --------        d-----w-        c:\windows\system32\catroot2

2014-11-10 01:47 . 2014-11-10 01:47        --------        d-----w-        c:\windows\SysWow64\wbem\Performance

2014-11-10 01:12 . 2014-11-10 01:12        --------        d-----w-        C:\RegBackup

2014-11-09 17:56 . 2014-11-09 17:56        --------        d-----w-        C:\windows repair_tweakingcom

2014-11-07 21:06 . 2014-11-07 21:06        --------        d-----w-        c:\program files (x86)\Tweaking*com

2014-11-07 21:02 . 2014-11-07 21:02        --------        d-----w-        C:\tweaking*com

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-11-30 12:50 . 2011-09-16 14:54        45056        ----a-w-        c:\windows\system32\acovcnt.exe

2014-11-26 00:48 . 2012-04-23 11:41        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-11-26 00:48 . 2012-01-18 01:54        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-11-22 19:33 . 2014-10-25 23:02        1050432        ----a-w-        c:\windows\system32\drivers\aswsnx.sys

2014-11-22 19:32 . 2014-10-25 23:02        116728        ----a-w-        c:\windows\system32\drivers\aswStm.sys

2014-11-22 19:32 . 2014-10-25 23:02        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2014-11-22 19:32 . 2014-10-25 23:02        83280        ----a-w-        c:\windows\system32\drivers\aswmonflt.sys

2014-11-22 19:32 . 2014-10-25 23:02        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys

2014-11-22 19:32 . 2014-10-25 23:02        436624        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2014-11-22 19:32 . 2014-10-25 23:02        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys

2014-11-22 19:32 . 2014-10-25 23:02        267632        ----a-w-        c:\windows\system32\drivers\aswVmm.sys

2014-11-18 21:12 . 2011-08-04 10:19        144912        ----a-w-        c:\windows\system32\drivers\JME.sys

2014-11-04 13:30 . 2013-11-13 02:18        275080        ------w-        c:\windows\system32\MpSigStub.exe

2014-10-28 14:24 . 2014-10-28 14:38        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-10-28 14:24 . 2014-10-28 14:37        895912        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2014-10-28 14:24 . 2014-10-28 14:37        816552        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2014-10-16 12:07 . 2010-06-24 19:33        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2009-04-08 18:31 . 2009-04-08 18:31        106496        ----a-w-        c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 05:45 . 2008-08-12 05:45        155648        ----a-w-        c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:09        131480        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg*exe" [2008-11-03 328992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-10 281768]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-22 5226600]

.

c:\users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-3-8 548528]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1083680]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-3-8 12862]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

"HideSCAHealth"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 0 (0x0)

"Run"= "c:\users\g******\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-347766451-462584187-1723808825-1279\Scripts\Logon\0\0]

"Script"=user_logon.cmd

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-347766451-462584187-1723808825-1334\Scripts\Logon\0\0]

"Script"=user_logon.cmd

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-347766451-462584187-1723808825-1336\Scripts\Logon\0\0]

"Script"=user_logon.cmd

.

R2 AntiVir Security Management Center Agent;Avira Security Management Center Agent;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe [x]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]

R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]

R3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\DRIVERS\USBMAC64.SYS;c:\windows\SYSNATIVE\DRIVERS\USBMAC64.SYS [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 assd;assd; [x]

S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]

S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]

S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]

S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]

S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2014-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 00:48]

.

2014-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 10:29]

.

2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-08 10:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2014-08-17 04:10        164760        ----a-w-        c:\users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-11-22 19:32        860984        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49        70656        ----a-w-        c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]

"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: NameServer = 193.189.244.206 193.189.244.225

TCP: Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: NameServer = 141.30.93.226,141.30.93.135

TCP: Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: NameServer = 193.189.244.206 193.189.244.225

TCP: Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: NameServer = 193.189.244.225 193.189.244.206

FF - ProfilePath - c:\users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - (no file)

Toolbar-Locked - (no file)

Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Zeit der Fertigstellung: 2014-12-01  14:59:19

ComboFix-quarantined-files.txt  2014-12-01 13:59

ComboFix2.txt  2014-10-29 12:12

.

Vor Suchlauf: 19 Verzeichnis(se), 19.297.333.248 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 20.318.126.080 Bytes frei

.

- - End Of File - - 4E6FBAD55EA1A187742D093A03DD7F36

am bildschirm ist immer noch keine änderung. soll ich den combofix Rechner über den windows taskmanager herunterfahren? ansonsten gäbe es nur noch Ausschalttaste Kaltstart. Am windows bildschirm sind keinerlei icons

will nur sichergehen dass ich nicht in combofix eingreife

Rechner neu starten. Dann:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

malwarebytes:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 03.12.2014

Suchlauf-Zeit: 11:13:43

Logdatei: mbam_03122014.txt

Administrator: Ja
 

Version: 2.00.3.1025

Malware Datenbank: v2014.12.03.04

Rootkit Datenbank: v2014.12.02.02

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7

CPU: x64

Dateisystem: NTFS

Benutzer: g*****
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 505961

Verstrichene Zeit: 50 Min, 52 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 17

PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [d69a263806769a9c0bcb7e81748e966a], 

PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [d69a263806769a9c0bcb7e81748e966a], 

PUP.Optional.Wajam.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [3937eb736319181e6df707c540c224dc], 

PUP.Optional.Wajam.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [3937eb736319181e6df707c540c224dc], 

PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], 

PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], 

PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], 

PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], 

PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1, In Quarantäne, [d799441aa6d60a2cdb91788a6a99e31d], 

PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [442cf06e1f5d0036511813550ff4c040], 

PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, In Quarantäne, [81efdd81423ad5617347361aff04d828], 

PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1279-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [68085fff354765d1a2e77f3a798b16ea], 

PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1334-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [c0b03529c5b77db94e3ba8118084ad53], 

PUP.Optional.DealPly.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPly, In Quarantäne, [fc74332b265692a4ae524700c43f8f71], 

PUP.Optional.DigitalSites.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, In Quarantäne, [2b452e30ec902c0a6c10d7eb996b8779], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [f37dfd611a620234d0cc198064a02bd5], 

PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS, In Quarantäne, [c3add08e0b712610fdba74dcf80ba759], 
 

Registrierungswerte: 8

PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, In Quarantäne, [97d9e777502cc96dff540995da27d62a]

PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|installDir, C:\Program Files (x86)\Common Files\Spigot\Search Settings\, In Quarantäne, [81efdd81423ad5617347361aff04d828]

PUP.Optional.InstallCore.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1S1H1K2U, In Quarantäne, [f37dfd611a620234d0cc198064a02bd5]

Trojan.Agent, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\g*****\AppData\Roaming\Microsoft\Windows\IEUpdate\taskkill.exe", In Quarantäne, [4f21f9655527bb7b371d7bd2dd2652ae]

PUP.Optional.Spigot.A, HKU\S-1-5-21-347766451-462584187-1723808825-1336-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS|GCProtected, 0, In Quarantäne, [c3add08e0b712610fdba74dcf80ba759]

PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0]

PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{4D6A6C8E-1EB2-46E1-8CAA-40DAFDE3ED93}.XPI, 1, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0]

PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{62DD0A97-FDD4-421B-94A5-D1A9434450C7}.XPI, 1, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0]
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 17

PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], 

PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], 

PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], 

PUP.Optional.Spigot.A, C:\Users\d.*******\AppData\LocalLow\Search Settings, In Quarantäne, [5f1169f594e8fa3ceba775b561a2867a], 

PUP.Optional.Spigot.A, C:\Users\d.*******\AppData\LocalLow\Search Settings\res, In Quarantäne, [5f1169f594e8fa3ceba775b561a2867a], 

PUP.Optional.Spigot.A, C:\Users\d.*******\AppData\LocalLow\Search Settings\temp, In Quarantäne, [5f1169f594e8fa3ceba775b561a2867a], 

PUP.Optional.Spigot.A, C:\Users\g*****\AppData\LocalLow\Search Settings, In Quarantäne, [155b75e9a0dce551078ba28813f0d12f], 

PUP.Optional.Spigot.A, C:\Users\g*****\AppData\LocalLow\Search Settings\res, In Quarantäne, [155b75e9a0dce551078ba28813f0d12f], 

PUP.Optional.Spigot.A, C:\Users\g*****\AppData\LocalLow\Search Settings\temp, In Quarantäne, [155b75e9a0dce551078ba28813f0d12f], 

PUP.Optional.Spigot.A, C:\Users\p.*******\AppData\LocalLow\Search Settings, In Quarantäne, [244c1f3f88f4ca6ca7ebe4467291a35d], 

PUP.Optional.Spigot.A, C:\Users\p.*******\AppData\LocalLow\Search Settings\res, In Quarantäne, [244c1f3f88f4ca6ca7ebe4467291a35d], 

PUP.Optional.Spigot.A, C:\Users\p.*******\AppData\LocalLow\Search Settings\temp, In Quarantäne, [244c1f3f88f4ca6ca7ebe4467291a35d], 

PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 
 

Dateien: 36

PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe, In Quarantäne, [97d9e777502cc96dff540995da27d62a], 

PUP.Optional.Spigot.A, C:\Windows\Installer\75dbd.msi, In Quarantäne, [224e203ed6a658dec2be5a6d5fa2cb35], 

Trojan.MalPack, C:\Windows\Installer\{3866EC09-2C7E-4FD0-ACDD-35C5764D967C}\api-ms-win-system-apds-l1-1-0.dll, In Quarantäne, [6d03ef6feb9194a29a5f2cb2b64b6b95], 

PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyUpdate, In Quarantäne, [234d1c426b11290d90804b168a790af6], 

PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], 

PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], 

PUP.OPtional.Dealply.A, C:\Users\g*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [7000431b3c400f27c72a1b7d4db70ef2], 

PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc\config*****dat, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], 

PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc\info.dat, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], 

PUP.Optional.DealPly.A, C:\Users\g*****\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe, In Quarantäne, [df9185d9dd9f4beb98ed070b4cb728d8], 

PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\config*****dat, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], 

PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], 

PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], 

PUP.Optional.Updater.A, C:\Users\g*****\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [84ec72ec18643ff7c85260d0d330639d], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config*****ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth190.dll, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx190.dll, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}.xpi, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}.xpi, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 

PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, In Quarantäne, [7cf49cc21765d363cdb069cffa0930d0], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

adwcleaner:

Code:

# AdwCleaner v4.103 - Bericht erstellt am 03/12/2014 um 13:04:55

# Aktualisiert 01/12/2014 von Xplode

# Database : 2014-12-02.2 [Live]

# Betriebssystem : Windows 7 Professional  (64 bits)

# Benutzername : g****** - B*****

# Gestartet von : C:\Users\g******\Desktop\AdwCleaner_4.103.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\apn

Ordner Gelöscht : C:\ProgramData\Ask

Ordner Gelöscht : C:\ProgramData\Partnersolar

Ordner Gelöscht : C:\Program Files (x86)\Application Updater

Ordner Gelöscht : C:\Users\d.*******\AppData\LocalLow\pdfforge

Ordner Gelöscht : C:\Users\g******\Qtrax

Ordner Gelöscht : C:\Users\g******\AppData\Local\apn

Ordner Gelöscht : C:\Users\g******\AppData\LocalLow\pdfforge

Ordner Gelöscht : C:\Users\g******\AppData\Roaming\DigitalSites

Ordner Gelöscht : C:\Users\g******\AppData\Roaming\DSite

Ordner Gelöscht : C:\Users\g******\AppData\Roaming\pdfforge

[!] Ordner Gelöscht : C:\Users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\jmz6nko4.default\Extensions\pdfforge@mybrowserbar.com

Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma

Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl

Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd

Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd

Ordner Gelöscht : C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Datei Gelöscht : C:\END

Datei Gelöscht : C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe

Datei Gelöscht : C:\Users\g******\AppData\Local\FastDiscountz.crx

Datei Gelöscht : C:\Users\g******\AppData\Local\BostonMarketOne.crx
 

***** [ Tasks ] *****
 

Task Gelöscht : DealPlyUpdate
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\icanoneicgaahjbilcgdmnhoocddknbl

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dleekdifoepfadaikncodjgnkkffkccd

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1786F5B0-C834-422C-8C92-083E850EAF86}

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\pdfforge

Schlüssel Gelöscht : HKCU\Software\qtrax

Schlüssel Gelöscht : HKLM\SOFTWARE\pdfforge

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 

***** [ Browser ] *****
 

-\\ Internet Explorer v8.0.7600.17267
 
 

-\\ Mozilla Firefox v33.1.1 (x86 de)
 
 

-\\ Google Chrome v
 

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_ptnrs=U3&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7&apn_dtid=OSJ000YYDE&q={searchTerms}

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=23425EC2-0913-4994-A6D7-1BD0FDBEA40C&apn_ptnrs=U3&apn_sauid=02A4D7D1-273D-4297-AE29-174AF6CD12F7&apn_dtid=OSJ000YYDE&q={searchTerms}

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : fmfnfnpmhcllokmkepffndflpnadjmma

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : icanoneicgaahjbilcgdmnhoocddknbl

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : oldchfemoapgakfjnmbngnljnkoapbhd

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : dleekdifoepfadaikncodjgnkkffkccd

[C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
 

*************************
 

AdwCleaner[R0].txt - [8982 octets] - [03/12/2014 12:58:00]

AdwCleaner[S0].txt - [8580 octets] - [03/12/2014 13:04:55]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8640 octets] ##########

Malwarebytes hatte unter den vielen Dateien auch 2 trojaner gemeldet -->in quarantäne -->gelöscht

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Professional x64

Ran by g****** on 03.12.2014 at 13:55:36,80

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Users\g******\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 03.12.2014 at 14:08:29,70

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-12-2014

Ran by g****** (administrator) on B-***** on 03-12-2014 14:16:32

Running from C:\Users\g******\Desktop

Loaded Profile: g****** (Available profiles: Admin & g******)

Platform: Windows 7 Professional (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 8

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(ASUS) C:\Windows\AsScrPro.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

(Telefónica I+D) C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(ASUS) C:\Program Files\P4G\BatteryLife.exe

() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe

(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPg*exe

() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Dropbox, Inc.) C:\Users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Avira GmbH) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)

HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd

HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)

HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg*exe [328992 2008-11-03] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768 2011-10-10] (Avira GmbH)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-22] (AVAST Software)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0

HKLM\...\Policies\Explorer: [HideSCAHealth] 0

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Policies\Explorer: [TaskbarNoNotification] 0

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk

ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-347766451-462584187-1723808825-1336\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-347766451-462584187-1723808825-1336\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing*com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> DefaultScope {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

SearchScopes: HKU\S-1-5-21-347766451-462584187-1723808825-1336 -> {B1339902-CA3D-4754-804E-9ADA9F8C0B60} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg*dll (Google Inc.)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)

Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{37AD93E9-DA1F-42F5-B753-DF45F69A9B77}: [NameServer] 193.189.244.206 193.189.244.225

Tcpip\..\Interfaces\{82967B91-DF95-410D-B46F-471B9D5EB0E9}: [NameServer] 141.30.93.226,141.30.93.135

Tcpip\..\Interfaces\{95EB8C15-CF4D-4ABD-B403-83F82E2B4627}: [NameServer] 193.189.244.206 193.189.244.225

Tcpip\..\Interfaces\{B4155EBF-E4A0-424F-98CC-A39EA1453FB3}: [NameServer] 193.189.244.225 193.189.244.206
 

FireFox:

========

FF ProfilePath: C:\Users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\7xk1u4y1.default-1417031580608

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPg*dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-06-11]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-26]

FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

FF HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\g******\AppData\Roaming\Mozilla\Firefox\Profiles\s8x6rwk3.default-1399060898605\extensions\cliqz@cliqz.com
 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File

CHR Plugin: (Skype Toolbars) - C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java(TM) Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File

CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPg*dll (Microsoft Corporation)

CHR Profile: C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]

CHR Extension: (Google Wallet) - C:\Users\g******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-28]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-22]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AFBAgent; C:\Windows\system32\FBAgent.exe [377264 2010-09-30] (ASUSTeK Computer Inc.) [File not signed]

R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [1131777 2012-12-25] (Avira Operations GmbH & Co. KG) [File not signed]

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [340136 2011-10-10] (Avira GmbH)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-10-10] (Avira GmbH)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-10-10] (Avira GmbH)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200 2011-10-10] (Avira GmbH)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-22] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-22] (AVAST Software)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8551272 2009-12-08] (DisplayLink Corp.)

R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)

R2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)

R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)

R2 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [199600 2010-11-11] (Telefónica I+D)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-22] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-22] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-22] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-22] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-22] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-22] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-22] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-22] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-22] ()

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-10-10] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-10-10] (Avira GmbH)

S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys [17408 2011-09-16] (hxxp://libusb-win32.sourceforge.net)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-05-11] (Huawei Technologies Co., Ltd.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-05-11] (Huawei Technologies Co., Ltd.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-03] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

S3 MOSUMAC; C:\Windows\System32\DRIVERS\USBMAC64.SYS [55296 2009-12-08] (--)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806400 2009-06-05] ()

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

========================== Drivers MD5 =======================
 

C:\Windows\system32\DRIVERS\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aksdf.sys 94C0972B06C75456ED574DD46417B1D8

C:\Windows\system32\drivers\aksfridge.sys 7B0BC062CA6ABAB23F88EA483B5A538E

C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961

C:\Windows\System32\Drivers\assd.sys A7E7AE771A2FCDBD5F28910A38D9A82C

C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC

C:\Windows\system32\drivers\aswKbd.sys EAFC6970073525E98D4D0E2B56741227

C:\Windows\system32\drivers\aswMonFlt.sys 2DA1C1AEDF454F8E32A863A1AEACDD8C

C:\Windows\System32\DRIVERS\aswNdisFlt.sys 8025E7521EB601207627E8B4722ACE19

C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095

C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D

C:\Windows\system32\drivers\aswSnx.sys E74FD717476B30E23F45354B8F3ACB30

C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6

C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782

C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\athrx.sys DEA40050BBD55F6F5FF895B50D15646B

C:\Windows\System32\DRIVERS\avgntflt.sys B1224E6B086CD6548315B04AB575A23E

C:\Windows\System32\DRIVERS\avipbb.sys ED45F12CFA62B83765C9C1496758CC87

C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315

C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF

C:\Windows\System32\Drivers\BTHport.sys D59773C7FDD3D795D6FE402EEEA8D71E

C:\Windows\System32\Drivers\BTHUSB.sys 8504842634DD144C075B6B0C982CCEC4

C:\Windows\System32\drivers\btusbflt.sys D3466F77C2C49C6E393BA5FBA963A33E

C:\Windows\System32\drivers\btwaudio.sys A72A9101F9730DB7332714E566614E4D

C:\Windows\System32\drivers\btwavdt.sys 5CEEC634B617525F2B6AD29F871033F7

C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975

C:\Windows\System32\DRIVERS\btwrchid.sys 2AF5604D28BEF77B7CF4B9D232FE7CD3

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng*sys CA7720B73446FDDEC5C69519C1174C98

C:\Windows\System32\drivers\CHDRT64.sys 1D6C3F92AF23E352875438085F6AEDEE

C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.22617.0.sys 15D38BFEC1C6DB925A9427052AC2BD77

C:\Windows\system32\drivers\dlkmd.sys F7B3C3E03D957D73D41947402D9CD406

C:\Windows\System32\drivers\dlkmdldr.sys 389FB1D69A1B0E2403327590BF50084B

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys EBCE0B0924835F635F620D19F0529DCE

C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ETD.sys 05B0DCDA418E297A1B4CD8D7B8ADE403

C:\Windows\System32\DRIVERS\ewusbnet.sys 8ADACFFAD67394C711698EA074CE3BAB

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE

C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064

C:\Windows\System32\DRIVERS\fvevol.sys 1F44F8559E61A8306ECC67BB1E168B7C

C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hardlock.sys 78FAD9117E4527F2CA82259DA10F40BD

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF

C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidbth.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ewusbdev.sys B45B3647BA32749B94FA689175EC8C26

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\iaStor.sys 2064090C9FAAD92C090D77E50E735B2E

C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\igdkmd64.sys B744E1375CD1DB3EB7B89781B8C93D9F

C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9

C:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295

C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\jmcr.sys DB917B998CBC15A153C00DD6EFC34C13

C:\Windows\System32\DRIVERS\JME.sys 8B330C984B74DE670B2FDC4147C77FF2

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4

C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5

C:\Windows\System32\Drivers\ksecpkg*sys 6F40465A44ECDC1731BEFAFEC5BDD03C

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lullaby.sys 085435AE1A124361304044029B5CC644

C:\Windows\System32\drivers\massfilter.sys 1B4DBCAA0321BBB76255983148051F09

C:\Windows\System32\drivers\massfilter_hs.sys 7AD627CDB12F5F451F24C8A97CA6E175

C:\Windows\system32\drivers\mbam.sys 5C3669B71657F22E67A1D4BD49D2CBE7

C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3

C:\Windows\system32\drivers\mwac.sys 95EF63A7827D4E3A229CBBCB42619E93

C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBMAC64.SYS 1CC353D6B0EFBC411BC34AE70E5F5B38

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB

C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\msahci.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\MTConfig*sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit

C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8

C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1

C:\Windows\System32\drivers\rdyboost.sys E5DC9BA9E439D6DBDD79F8CAACB5BF01

C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6

C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\sdbus.sys 2C8D162EFAF73ABD36D8BCBB6340CAE7

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933

C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\snp2uvc.sys 1D8474722CDFFBB8FCA5FA12C50A05A2

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895

C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\drivers\tcpipreg*sys ==> MD5 is legit

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1

C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbehci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit

C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit

C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit

C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1

C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C

C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1

C:\Windows\System32\DRIVERS\vpchbus.sys ABD9B4A7E2D0AE51A3B8DF1AF3152D61

C:\Windows\System32\DRIVERS\vpcnfltr.sys 8ACDA395841538CE9713A67FE8B2A3EB

C:\Windows\System32\DRIVERS\vpcusb.sys 31924E31BC315773E6D149B157DB46D5

C:\Windows\System32\drivers\vpcvmm.sys A5D16559D80CFA1DCB98F46410BE5551

C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit

C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys AD6558FBC66691959BA4AC55A57C3921

C:\Windows\System32\DRIVERS\ZTEusbnmea.sys AD6558FBC66691959BA4AC55A57C3921

C:\Windows\System32\DRIVERS\ZTEusbser6k.sys AD6558FBC66691959BA4AC55A57C3921
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-03 14:12 - 2014-12-03 14:12 - 00001935 _____ () C:\Users\g******\Desktop\JRT_03122014.txt

2014-12-03 14:08 - 2014-12-03 14:08 - 00001933 _____ () C:\Users\g******\Desktop\JRT.txt

2014-12-03 13:55 - 2014-12-03 13:55 - 00000000 ____D () C:\Windows\ERUNT

2014-12-03 13:52 - 2014-12-03 13:52 - 01707646 _____ (Thisisu) C:\Users\g******\Desktop\JRT.exe

2014-12-03 13:32 - 2014-12-03 13:32 - 00013577 _____ () C:\Users\g******\Desktop\mbam_03122014_.txt

2014-12-03 12:57 - 2014-12-03 13:15 - 00000000 ____D () C:\AdwCleaner

2014-12-03 12:55 - 2014-12-03 12:55 - 02154496 _____ () C:\Users\g******\Desktop\AdwCleaner_4.103.exe

2014-12-03 12:16 - 2014-12-03 12:16 - 00013559 _____ () C:\Users\g******\Desktop\mbam_03122014.txt

2014-12-03 11:08 - 2014-12-03 13:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-03 11:08 - 2014-12-03 11:08 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-03 11:08 - 2014-12-03 11:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-03 11:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-03 11:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-03 11:08 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-03 11:04 - 2014-12-03 11:05 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\g******\Downloads\mbam-setup-2.0.3.1025.exe

2014-12-03 10:55 - 2014-12-03 10:55 - 00001353 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk

2014-12-03 10:55 - 2014-12-03 10:55 - 00000000 ____D () C:\Users\Public\Foxit Software

2014-12-03 10:55 - 2014-12-03 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

2014-12-01 17:22 - 2014-12-01 17:22 - 00007598 _____ () C:\Users\g******\AppData\Local\Resmon.ResmonCfg

2014-12-01 14:59 - 2014-12-01 14:59 - 00028363 _____ () C:\ComboFix.txt

2014-12-01 04:18 - 2014-12-01 04:18 - 05599228 _____ (Swearware) C:\Users\g******\Downloads\ComboFix.exe

2014-12-01 01:56 - 2014-12-01 01:56 - 01928228 _____ () C:\Windows\SysWOW64\~.tmp

2014-11-29 23:29 - 2014-11-29 23:29 - 00000000 ____D () C:\Users\g******\AppData\Local\Foxit Reader

2014-11-28 21:07 - 2014-12-03 14:15 - 00000000 ____D () C:\Users\g******\Desktop\FRST-OlderVersion

2014-11-23 18:23 - 2014-11-23 18:25 - 45120049 _____ () C:\Users\g******\Downloads\8 - 10 - (10) Preference Isolation (14_36)(1).mp4

2014-11-23 16:38 - 2014-11-23 16:39 - 45120049 _____ () C:\Users\g******\Downloads\8 - 10 - (10) Preference Isolation (14_36).mp4

2014-11-23 16:35 - 2014-11-23 16:37 - 59224456 _____ () C:\Users\g******\Downloads\8 - 9 - (9) How Internet Retailing Startups Grow (12_23).mp4

2014-11-23 16:34 - 2014-11-23 16:34 - 28969171 _____ () C:\Users\g******\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55)(1).mp4

2014-11-23 15:42 - 2014-11-23 15:43 - 28969171 _____ () C:\Users\g******\Downloads\8 - 8 - (8) The Long Tail Part 2 (9_55).mp4

2014-11-23 14:55 - 2014-11-23 14:56 - 31337810 _____ () C:\Users\g******\Downloads\8 - 7 - (7) The Long Tail Part 1 (10_58).mp4

2014-11-23 14:51 - 2014-11-23 14:52 - 25362312 _____ () C:\Users\g******\Downloads\8 - 6 - (6) Online_Offline Competition (4_51).mp4

2014-11-23 14:50 - 2014-11-23 14:51 - 12934856 _____ () C:\Users\g******\Downloads\8 - 5 - (5) Academic Research (3_28).mp4

2014-11-23 14:45 - 2014-11-23 14:46 - 10136029 _____ () C:\Users\g******\Downloads\8 - 4 - (4) Goods and Information (2_39)(1).mp4

2014-11-23 14:28 - 2014-11-23 14:28 - 10136029 _____ () C:\Users\g******\Downloads\8 - 4 - (4) Goods and Information (2_39).mp4

2014-11-23 14:23 - 2014-11-23 14:24 - 21561557 _____ () C:\Users\g******\Downloads\8 - 3 - (3) Friction (4_39).mp4

2014-11-23 14:20 - 2014-11-23 14:22 - 39023006 _____ () C:\Users\g******\Downloads\8 - 2 - (2) Go To Market Strategies_ Introduction (14_07) .mp4

2014-11-23 14:19 - 2014-11-23 14:19 - 14528058 _____ () C:\Users\g******\Downloads\8 - 1 - (1) Introduction and Execution (2_09).mp4

2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help

2014-11-23 09:32 - 2014-11-23 09:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help

2014-11-22 20:35 - 2014-11-22 20:35 - 00001972 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2014-11-22 20:32 - 2014-11-22 20:32 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2014-11-22 20:32 - 2014-11-22 20:32 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

2014-11-22 20:32 - 2014-11-22 20:31 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys

2014-11-22 20:31 - 2014-11-22 20:31 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys

2014-11-22 02:55 - 2014-11-24 23:56 - 00000000 ____D () C:\Users\g******\AppData\Roaming\vlc

2014-11-22 02:54 - 2014-11-22 02:54 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk

2014-11-22 02:54 - 2014-11-22 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-11-22 02:53 - 2014-11-22 02:53 - 00000000 ____D () C:\Program Files (x86)\VideoLAN

2014-11-22 02:50 - 2014-11-22 02:50 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Cliqz

2014-11-22 02:50 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll

2014-11-22 02:50 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll

2014-11-22 02:47 - 2014-11-22 02:47 - 01125200 _____ () C:\Users\g******\Downloads\VLC media player 32 Bit - CHIP-Installer.exe

2014-11-22 02:41 - 2014-11-22 02:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

2014-11-22 02:31 - 2014-11-22 02:32 - 38232486 _____ () C:\Users\g******\Downloads\2 - 1 - (1-a) Marketing 101_ Building Strong Brands Part I (15_10).mp4

2014-11-22 02:20 - 2014-11-22 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-11-22 02:17 - 2014-11-22 02:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-11-22 01:21 - 2014-11-22 01:21 - 00244392 _____ () C:\Users\g******\Downloads\Firefox Setup Stub 33.1.1.exe

2014-11-21 23:34 - 2014-11-21 23:34 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

2014-11-18 22:12 - 2014-11-18 22:12 - 00000000 ____D () C:\Users\g******\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL_LANtreiber

2014-11-18 22:03 - 2014-11-18 22:03 - 01120817 _____ () C:\Users\g******\Desktop\JMC2xx_WinDrv_R0.0.31.6_WHQL.zip

2014-11-18 22:02 - 2014-11-18 23:06 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-18 22:02 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-18 21:14 - 2014-09-15 01:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-18 21:00 - 2014-11-18 21:00 - 00000000 ____D () C:\Users\g******\Desktop\win7-10.0.0.297-whql_wlantreiber

2014-11-18 20:56 - 2014-11-18 20:47 - 02584189 _____ () C:\Users\g******\Desktop\win7-10.0.0.297-whql.zip

2014-11-14 13:03 - 2014-11-14 13:21 - 00044064 _____ () C:\Users\g******\Desktop\Result.txt

2014-11-14 13:01 - 2014-11-14 12:48 - 00401920 _____ (Farbar) C:\Users\g******\Desktop\MiniToolBox.exe

2014-11-10 02:12 - 2014-11-10 02:12 - 00000207 _____ () C:\Windows\tweaking*com-regbackup-B-*****-Microsoft-Windows-7-Professional-(64-bit).dat

2014-11-10 02:12 - 2014-11-10 02:12 - 00000000 ____D () C:\RegBackup

2014-11-09 20:49 - 2014-11-09 20:49 - 00003288 ____N () C:\bootsqm.dat

2014-11-09 18:56 - 2014-11-09 18:56 - 00000000 ____D () C:\windows repair_tweakingcom

2014-11-07 22:14 - 2014-11-09 19:02 - 00002161 _____ () C:\Users\g******\Desktop\Tweaking*com - Windows Repair (All in One).lnk

2014-11-07 22:07 - 2014-11-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking*com

2014-11-07 22:06 - 2014-11-07 22:06 - 00000000 ____D () C:\Program Files (x86)\Tweaking*com

2014-11-07 22:02 - 2014-11-07 22:02 - 00000000 ____D () C:\tweaking*com
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-12-03 14:17 - 2014-10-30 16:59 - 00044260 _____ () C:\Users\g******\Desktop\FRST.txt

2014-12-03 14:16 - 2014-10-27 19:30 - 00000000 ____D () C:\FRST

2014-12-03 14:15 - 2014-10-27 19:29 - 02117120 _____ (Farbar) C:\Users\g******\Desktop\FRST64.exe

2014-12-03 13:48 - 2013-07-02 16:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-03 13:30 - 2011-03-08 05:42 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-03 13:18 - 2011-03-08 05:28 - 01207596 _____ () C:\Windows\WindowsUpdate.log

2014-12-03 13:17 - 2011-10-10 11:20 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Skype

2014-12-03 13:13 - 2014-10-26 00:04 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-12-03 13:13 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-03 13:13 - 2009-07-14 05:45 - 00010032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-03 13:12 - 2014-10-27 23:51 - 00000000 ___RD () C:\Users\g******\Dropbox

2014-12-03 13:12 - 2014-10-27 23:48 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Dropbox

2014-12-03 13:09 - 2011-09-16 15:58 - 00000000 ____D () C:\Program Files\DisplayLink Core Software

2014-12-03 13:09 - 2011-03-08 05:42 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-03 13:07 - 2011-03-08 06:05 - 06761746 _____ () C:\Windows\PFRO.log

2014-12-03 13:07 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-03 13:07 - 2009-07-14 05:51 - 00101133 _____ () C:\Windows\setupact.log

2014-12-03 13:04 - 2011-09-16 09:26 - 00000000 ____D () C:\Users\g******

2014-12-03 12:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

2014-12-03 12:27 - 2011-03-08 06:21 - 00001499 _____ () C:\Windows\system32\ServiceFilter.ini

2014-12-03 12:26 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins

2014-12-01 14:59 - 2014-10-29 02:10 - 00000000 ____D () C:\Qoobox

2014-12-01 14:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2014-12-01 04:18 - 2014-10-29 01:08 - 05599228 ____R (Swearware) C:\Users\g******\Desktop\ComboFix.exe

2014-11-30 14:28 - 2014-10-30 17:01 - 00041074 _____ () C:\Users\g******\Desktop\Addition.txt

2014-11-30 13:50 - 2011-09-16 15:54 - 00045056 _____ () C:\Windows\system32\acovcnt.exe

2014-11-30 00:04 - 2009-08-04 12:10 - 00657254 _____ () C:\Windows\system32\perfh007.dat

2014-11-30 00:04 - 2009-08-04 12:10 - 00131386 _____ () C:\Windows\system32\perfc007.dat

2014-11-30 00:04 - 2009-07-14 06:13 - 01537930 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-26 20:53 - 2013-11-20 18:37 - 00000000 ____D () C:\Users\g******\Desktop\Alte Firefox-Daten

2014-11-26 01:48 - 2013-07-02 16:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-26 01:48 - 2012-04-23 12:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-26 01:48 - 2012-01-18 02:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-25 19:01 - 2013-04-24 23:02 - 00000000 ____D () C:\Users\g******\AppData\Local\CUSTPDF Writer

2014-11-25 17:01 - 2014-08-19 14:48 - 00000000 ____D () C:\privat_2

2014-11-23 09:49 - 2011-03-08 05:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office

2014-11-23 09:45 - 2011-09-16 09:31 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-23 09:36 - 2009-07-14 03:34 - 00000514 _____ () C:\Windows\win.ini

2014-11-22 20:33 - 2014-10-26 00:02 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2014-11-22 20:32 - 2014-10-26 00:02 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2014-11-22 03:17 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Nico Mak Computing

2014-11-22 03:02 - 2009-07-14 05:45 - 00440480 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-22 03:01 - 2014-06-11 11:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-22 03:01 - 2013-04-23 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-22 02:48 - 2011-09-16 09:26 - 00118032 _____ () C:\Users\g******\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-22 02:32 - 2011-09-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works

2014-11-22 01:24 - 2011-10-10 09:59 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-11-22 01:24 - 2011-10-10 09:59 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-18 22:12 - 2011-08-04 11:19 - 00144912 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\JME.sys

2014-11-18 21:40 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-18 21:25 - 2011-03-08 05:42 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-18 21:25 - 2011-03-08 05:42 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-18 21:19 - 2014-10-27 23:51 - 00000984 _____ () C:\Users\g******\Desktop\Dropbox.lnk

2014-11-18 21:19 - 2014-10-27 23:49 - 00000000 ____D () C:\Users\g******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-15 02:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports

2014-11-10 03:06 - 2009-07-14 08:45 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-11-10 03:04 - 2011-09-17 00:51 - 00000000 ____D () C:\Windows\CSC

2014-11-10 02:54 - 2012-06-20 14:24 - 00327680 _____ () C:\Windows\system32\Ikeext.etl

2014-11-09 20:50 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-04 14:30 - 2013-11-13 03:18 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

Some content of TEMP:

====================

C:\Users\g******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvcyzel.dll

C:\Users\g******\AppData\Local\Temp\FoxitUpdater.exe

C:\Users\g******\AppData\Local\Temp\Quarantine.exe

C:\Users\g******\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 

==================== BCD ================================
 

Windows-Start-Manager

---------------------

Bezeichner              {bootmgr}

device                  boot

description             Windows Boot Manager

locale                  de-DE

inherit                 {globalsettings}

default                 {current}

resumeobject            {4bd6ad46-7c0c-11de-baef-deb9d273c9fa}

displayorder            {current}

toolsdisplayorder       {memdiag}

timeout                 30
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {current}

device                  boot

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  de-DE

inherit                 {bootloadersettings}

recoverysequence        {4bd6ad4a-7c0c-11de-baef-deb9d273c9fa}

recoveryenabled         Yes

osdevice                boot

systemroot              \Windows

resumeobject            {4bd6ad46-7c0c-11de-baef-deb9d273c9fa}

nx                      OptIn
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {4bd6ad4a-7c0c-11de-baef-deb9d273c9fa}

device                  ramdisk=[C:]\Recovery\4bd6ad4a-7c0c-11de-baef-deb9d273c9fa\Winre.wim,{4bd6ad4b-7c0c-11de-baef-deb9d273c9fa}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\4bd6ad4a-7c0c-11de-baef-deb9d273c9fa\Winre.wim,{4bd6ad4b-7c0c-11de-baef-deb9d273c9fa}

systemroot              \windows

nx                      OptIn

winpe                   Yes
 

Windows-Startladeprogramm

-------------------------

Bezeichner              {572bcd56-ffa7-11d9-aae0-0007e994107d}

device                  ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

path                    \windows\system32\boot\winload.exe

description             Windows Recovery Environment

osdevice                ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

systemroot              \windows

nx                      OptIn

detecthal               Yes

winpe                   Yes
 

Wiederaufnahme aus dem Ruhezustand

----------------------------------

Bezeichner              {4bd6ad46-7c0c-11de-baef-deb9d273c9fa}

device                  boot

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  de-DE

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

debugoptionenabled      No
 

Windows-Speichertestprogramm

----------------------------

Bezeichner              {memdiag}

device                  unknown

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  de-DE

inherit                 {globalsettings}

badmemoryaccess         Yes
 

EMS-Einstellungen

-----------------

Bezeichner              {emssettings}

bootems                 Yes
 

Debuggereinstellungen

---------------------

Bezeichner              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200
 

RAM-Defekte

-----------

Bezeichner              {badmemory}
 

Globale Einstellungen

---------------------

Bezeichner              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}
 

Startladeprogramm-Einstellungen

-------------------------------

Bezeichner              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}
 

Hypervisoreinstellungen

-------------------

Bezeichner              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200
 

Einstellungen zur Ladeprogrammfortsetzung

-----------------------------------------

Bezeichner              {resumeloadersettings}

inherit                 {globalsettings}
 

Ger„teoptionen

--------------

Bezeichner              {4bd6ad4b-7c0c-11de-baef-deb9d273c9fa}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\4bd6ad4a-7c0c-11de-baef-deb9d273c9fa\boot.sdi
 

Ger„teoptionen

--------------

Bezeichner              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

description             Ramdisk Device Options

ramdisksdidevice        partition=\Device\HarddiskVolume1

ramdisksdipath          \boot.sdi
 
 
 

LastRegBack: 2014-11-02 07:53
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-12-2014

Ran by g****** at 2014-12-03 14:18:42

Running from C:\Users\g******\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AntiVir Desktop (Disabled - Out of date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)

AFORS-HET 2.4.1 (HKLM-x32\...\AFORS-HET_is1) (Version:  - Helmholtz-Zentrum Berlin)

ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.10 - ASUS)

ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)

ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)

ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)

ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)

ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0021 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.41 - ASUS)

ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0006 - ASUS)

ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)

ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)

ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)

ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 2.0.46.1429 - eCareme Technologies, Inc.)

Asus_PSeries_Screensaver (HKLM-x32\...\Asus_PSeries_Screensaver) (Version: 1.0.0001 - ASUS)

AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.3.585 - ASUSTEK)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0007 - ASUS)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Avira AntiVir Professional (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.2.0.1064 - Avira GmbH)

Avira Security Management Center Agent (HKLM-x32\...\{F3493E2F-B147-4EDD-9AE2-5DEDB8776232}) (Version:  - Avira GmbH)

Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

Bookworm Deluxe (HKLM-x32\...\Bookworm Deluxe) (Version:  - Oberon Media Inc.)

Bootstrapper (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden

Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com)

Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.127.0.61 - Conexant)

Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)

ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.9 - ASUS)

Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)

Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)

CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)

CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.6.1622 - CyberLink Corp.)

CyberLink PowerRecover (Version: 5.6.1622 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DisplayLink Core Software (HKLM\...\{34000989-17D6-4271-9800-D78CF94B3BED}) (Version: 5.2.22617.0 - DisplayLink Corp.)

DisplayLink Graphics (HKLM\...\{DB6D5CB2-92FF-4B41-98AA-54C62C926E83}) (Version: 5.2.22826.0 - DisplayLink Corp.)

Dropbox (HKU\S-1-5-21-347766451-462584187-1723808825-1336\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)

ETDWare PS/2-x64 7.0.5.16_WHQL (HKLM\...\Elantech) (Version: 7.0.5.16 - ELAN Microelectronics Corp.)

Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.7 - ASUS)

FLV-Media-Player (HKLM-x32\...\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}) (Version: 2.0.3.2532 - HYBRIDWEB.de)

Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)

Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)

Free DWG Viewer 7.0 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.0.1 - IGC)

Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Game Park Console (HKLM-x32\...\{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1) (Version: 6.2.1.1 - Oberon Media, Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Governor of Poker (HKLM-x32\...\Governor of Poker) (Version:  - Oberon Media Inc.)

Hotel Dash Suite Success (HKLM-x32\...\Hotel Dash Suite Success) (Version:  - Oberon Media Inc.)

Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.23.4 - JMicron Technology Corp.)

JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.33.2 - JMicron Technology Corp.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Luxor 3 (HKLM-x32\...\Luxor 3) (Version:  - Oberon Media Inc.)

Mahjongg dimensions (HKLM-x32\...\Mahjongg dimensions) (Version:  - Oberon Media Inc.)

Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.1 - Minitab, Inc.)

Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)

Minitab16 (x32 Version: 16.2.1.0 - Minitab Inc) Hidden

Minitab16 (x32 Version: 16.2.1.0 - Minitab, Inc.) Hidden

Mobile Connection Manager (HKLM-x32\...\o2DE) (Version:  - Mobile Connection Manager)

Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.002.03.02.705 - Huawei Technologies Co.,Ltd)

Mozilla Firefox 33.1.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)

OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)

OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)

PDF Creator (HKLM\...\PDF Creator) (Version:  - )

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)

Plants vs Zombies (HKLM-x32\...\Plants vs Zombies) (Version:  - Oberon Media Inc.)

Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)

SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)

Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

SoftwareManager (x32 Version: 1.1.0.0 - Minitab, Inc.) Hidden

STP Viewer 2.3 (HKLM-x32\...\{CECCF8B1-F595-4845-9AA6-1EC57B9BECBA}_is1) (Version:  - IdeaMK)

syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)

Tweaking*com - Windows Repair (All in One) (HKLM-x32\...\Tweaking*com - Windows Repair (All in One)) (Version: 2.10.1 - Tweaking*com)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

USB 2.0 VGA UVC WebCam (HKLM\...\USB 2.0 VGA UVC WebCam) (Version:  - )

USB-Ethernet Adapter Device (HKLM\...\USB-Ethernet Adapter Device) (Version:  - )

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation)

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.30.3 - ASUS)

Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

World of Goo (HKLM-x32\...\World of Goo) (Version:  - Oberon Media Inc.)

ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.25_TME - ZTE Corporation)

Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)

Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)

適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-347766451-462584187-1723808825-1336_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\g******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

01-12-2014 03:07:31 vor combofix

02-12-2014 10:39:57 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2014-12-01 14:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {0DD8E9FA-5221-4425-B642-47E2B50D6A0B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-22] (AVAST Software)

Task: {199F694F-1F73-4C29-8460-D1D17CF0473A} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-10-15] (ASUS)

Task: {1DC43702-0414-4A71-886A-DBDB51BE4792} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control

Task: {48A2D53D-A977-4528-AB9D-9F7CCCD0C2D9} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg*exe [2009-06-29] (ASUS)

Task: {5A254883-3B20-45DB-B4AD-2C65E1E8242C} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2010-05-12] ()

Task: {5ADEBF77-533D-419F-A0D3-1D680F36060F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {612C6DC8-F1AB-41D7-B320-7316C739DA0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)

Task: {6663CCD4-A2B1-482F-8109-C1F3987A5249} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)

Task: {66900E75-FE77-4146-84F8-3B50C35EA902} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()

Task: {960F4542-7743-4E93-87E2-880A9DB261C7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)

Task: {A5D55876-4AD7-4E9F-8C78-627EFCB29E6E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

Task: {AFD0E19F-FDCB-4086-9400-D6C0FACE4A8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)

Task: {B9F1E749-5232-43D7-A81B-CB8920AAD0CA} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-10-01] (asus)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-04-23 15:33 - 2011-10-04 21:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll

2011-10-24 11:39 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll

2013-07-09 15:01 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll

2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng*dll

2010-05-12 02:35 - 2010-05-12 02:35 - 00489392 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe

2011-03-08 06:22 - 2007-11-30 20:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll

2010-03-16 02:48 - 2010-03-16 02:48 - 01754448 _____ () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

2010-03-12 05:14 - 2010-03-12 05:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2010-09-24 01:53 - 2010-09-24 01:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

2014-12-03 10:36 - 2014-12-03 10:36 - 02904576 _____ () C:\Program Files\AVAST Software\Avast\defs\14120300\algo.dll

2011-10-10 10:03 - 2011-10-10 10:03 - 00355688 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2011-10-10 10:01 - 2011-12-01 11:36 - 00126721 _____ () C:\Program Files (x86)\Avira\Avira Security Management Center Agent\SCEWXMLW.dll

2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

2014-12-03 13:11 - 2014-12-03 13:11 - 00043008 _____ () c:\users\gc395~1.wei\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvcyzel.dll

2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\g******\AppData\Roaming\Dropbox\bin\libcef.dll

2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2010-10-01 00:13 - 2010-10-01 00:13 - 00041472 _____ () C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll

2010-10-01 00:13 - 2010-10-01 00:13 - 00071680 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll

2010-10-01 00:14 - 2010-10-01 00:14 - 00076288 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll

2010-10-01 00:13 - 2010-10-01 00:13 - 00186880 _____ () C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll

2014-11-22 20:32 - 2014-11-22 20:32 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-11-22 01:24 - 2014-11-14 03:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
 

========================= Accounts: ==========================
 

Admin (S-1-5-21-1122509215-102311790-3122138105-1000 - Administrator - Enabled) => C:\Users\Admin

Administrator (S-1-5-21-1122509215-102311790-3122138105-500 - Administrator - Disabled)

Gast (S-1-5-21-1122509215-102311790-3122138105-501 - Limited - Disabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================

Error: (06/09/2014 04:51:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4138 seconds with 2580 seconds of active time.  This session ended with a crash.
 

Error: (06/09/2014 03:41:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7957 seconds with 1740 seconds of active time.  This session ended with a crash.
 

Error: (06/07/2014 02:10:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32854 seconds with 8880 seconds of active time.  This session ended with a crash.
 

Error: (06/06/2014 05:02:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20089 seconds with 6960 seconds of active time.  This session ended with a crash.
 

Error: (06/05/2014 09:23:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 199097 seconds with 14520 seconds of active time.  This session ended with a crash.
 

Error: (06/04/2014 00:43:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 61835 seconds with 2100 seconds of active time.  This session ended with a crash.
 

Error: (06/03/2014 07:33:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1626 seconds with 540 seconds of active time.  This session ended with a crash.
 

Error: (06/03/2014 00:02:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1446 seconds with 1320 seconds of active time.  This session ended with a crash.
 

Error: (06/02/2014 11:37:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1772 seconds with 1500 seconds of active time.  This session ended with a crash.
 

Error: (05/31/2014 11:26:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25741 seconds with 4080 seconds of active time.  This session ended with a crash.
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-12-01 14:52:13.157

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-12-01 14:52:13.016

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-12-01 14:52:12.876

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-12-01 14:52:12.735

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-29 11:53:29.029

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-10-29 11:53:28.888

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz

Percentage of memory in use: 74%

Total physical RAM: 1900.3 MB

Available physical RAM: 477.69 MB

Total Pagefile: 3800.59 MB

Available Pagefile: 1451.94 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:18.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (Data) (Fixed) (Total:202.08 GB) (Free:8.82 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0C5913D)

Partition 1: (Not Active) - (Size=21.5 GB) - (Type=1C)

Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=202.1 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

Code:

Users shortcut scan result (x64) Version: 02-12-2014

Ran by g******* at 2014-12-03 14:24:48

Running from C:\Users\g*******\Desktop

Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)
 
 
 

Shortcut: C:\Users\Admin\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()

Shortcut: C:\Users\Admin\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()

Shortcut: C:\Users\Admin\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Online-Hilfe.lnk -> C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe (No File)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Readme.lnk -> C:\Program Files\Trend Micro\Titanium\Shortcut\DE-DE\readme.htm (No File)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Trend Micro Diagnose-Toolkit.lnk -> C:\Program Files\Trend Micro\Titanium\SupportTool.exe (No File)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Trend Micro Konto.lnk -> C:\Program Files\Trend Micro\Titanium\ShorcutLauncher.exe (No File)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security\Trend Micro Titanium Internet Security.lnk -> C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (No File)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()

Shortcut: C:\Users\Administrator\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()

Shortcut: C:\Users\Administrator\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk -> C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Virtual Machines.lnk -> C:\Windows\System32\VMWindow.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}\fssicon.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking**com\Windows Repair (All in One)\Tweaking**com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking**com)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking**com\Windows Repair (All in One)\Tweaking**com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking**com)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STPViewer\STP Viewer.lnk -> C:\Program Files (x86)\STPViewer\STPViewer.exe (IdeaMk)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slib\SLIB Manual.lnk -> C:\Program Files (x86)\slib\slib.html (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slib\Uninstall.lnk -> C:\Program Files (x86)\slib\uninst.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slib\Website.lnk -> C:\Program Files (x86)\slib\SLIB.url (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\Hobbit Manual.lnk -> C:\Program Files (x86)\scm\hobbit.html (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\SCM Manual.lnk -> C:\Program Files (x86)\scm\scm.html (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\SCM.lnk -> C:\Program Files (x86)\scm\scm.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\Uninstall.lnk -> C:\Program Files (x86)\scm\uninst.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scm\Website.lnk -> C:\Program Files (x86)\scm\SCM.url (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk -> C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe (Samsung Electronics Co., Ltd.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Historie.lnk -> C:\Program Files (x86)\PDFCreator\History.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator Hilfe.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator_german.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator im Internet.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Translation Tool.lnk -> C:\Program Files (x86)\PDFCreator\languages\TransTool.exe (pdfforge  hxxp://www.pdfforge.org/)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Unterstütze PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\Unterstütze PDFCreator.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\AFPL License.lnk -> C:\Program Files (x86)\PDFCreator\AFPL License.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\FairPlay License.lnk -> C:\Program Files (x86)\PDFCreator\FairPlay License.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Licenses\GPL License.lnk -> C:\Program Files (x86)\PDFCreator\GNU License.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF.lnk -> C:\Program Files (x86)\PDFCreator\Images2PDF\Images2PDF.exe (pdfforge GbR)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator\Preferences.lnk -> C:\Program Files\PDFCreator\Actual\Preferences.exe (Acro Software Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator\Readme.lnk -> C:\Program Files\PDFCreator\Actual\README.HTM ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenProj\OpenProj.lnk -> C:\Program Files (x86)\Serena Software Inc\OpenProj\OpenProj1.4.0.exe (Serena Software Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Base.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sbase.exe (OpenOffice.org)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Calc.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\scalc.exe (OpenOffice.org)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Draw.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\sdraw.exe (OpenOffice.org)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Impress.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\simpress.exe (OpenOffice.org)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Math.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\smath.exe (OpenOffice.org)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org Writer.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1\OpenOffice.org**lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2\Mobile Connection Manager\Deinstallieren.lnk -> C:\Program Files (x86)\o2\Mobile Connection Manager\Uninstall.exe (Telefónica)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\o2\Mobile Connection Manager\Mobile Connection Manager.lnk -> C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe (Telefónica I+D)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance\Nuance PDF Reader.lnk -> C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe (Nuance Communications, Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\Mobile Partner.lnk -> C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\Uninstall.lnk -> C:\Program Files (x86)\Mobile Partner\uninst.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner\User Manual.lnk -> C:\Program Files (x86)\Mobile Partner\usermanual\usermanual_de-de.pdf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minitab\Minitab 16 Statistical Software.lnk -> C:\Program Files (x86)\Minitab\Minitab 16\Mtb.exe (Minitab Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digitales Zertifikat für VBA-Projekte.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Spracheinstellungen.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office-Diagnose.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 4.30.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView deinstallieren.lnk -> C:\Program Files (x86)\IrfanView\iv_uninstall.exe (Irfan Skiljan, IrfanView)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Hilfe.lnk -> C:\Program Files (x86)\IrfanView\Help\i_view32d.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Kommandozeilen-Optionen.lnk -> C:\Program Files (x86)\IrfanView\i_options.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare PlugIns.lnk -> C:\Program Files (x86)\IrfanView\i_plugins.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare Sprachen.lnk -> C:\Program Files (x86)\IrfanView\i_languages.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Was ist neu.lnk -> C:\Program Files (x86)\IrfanView\i_changes.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Über IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_about.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\3.0.195.27\Installer\setup.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\FreeSnell.lnk -> C:\Program Files (x86)\scm\scm.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\Manual.lnk -> C:\Program Files (x86)\FreeSnell\FreeSnell.html (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\nk.lnk -> C:\Program Files (x86)\scm\scm.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\Uninstall.lnk -> C:\Program Files (x86)\FreeSnell\uninst.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeSnell\Website.lnk -> C:\Program Files (x86)\FreeSnell\FreeSnell.url (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer Help.lnk -> C:\Program Files (x86)\IGC\Free DWG Viewer\BravaActiveX.DWG_ENU.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free DWG Viewer\Free DWG Viewer.lnk -> C:\Program Files (x86)\IGC\Free DWG Viewer\BravaFreeDWg**exe (Informative Graphics Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hotline.lnk -> C:\Program Files (x86)\ElsterFormular\bin\hotlineTool.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Uninstall.lnk -> C:\ProgramData\elsterformular\setup\uninstall.exe (Landesfinanzdirektion Thüringen)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover\PowerRecover.lnk -> C:\Program Files\CyberLink\PowerRecover\PowerRecover.exe (CyberLink)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\AntiVir im Internet.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\AntiVir starten.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\Hilfe.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avwin.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\AntiVir Desktop\Readme anzeigen.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\readme.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\AI Recovery Burner.lnk -> C:\Windows\Installer\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}\_E86B6F2A0F3248EFC4E576.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Secure Delete.lnk -> C:\Program Files\ASUS\ASUS Secure Delete\ADST.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Virtual Camera.lnk -> C:\Windows\Installer\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}\_8FB55EF1FE5AD5E60FD10E.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ControlDeck.lnk -> C:\Windows\Installer\{5B65EF64-1DFA-414A-8C94-7BB726158E21}\_AC69E89FCC0CAC610D021A.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\e-Driver.lnk -> C:\eSupport\eDriver\InstAll.exe (ASUSTek COMPUTER INC.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\eManual.Lnk -> C:\eSupport\Manual\eManual.exe (ASUSTek Computer Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FancyStart.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_06A25776E43957E4BCFF7B.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FastBoot.lnk -> C:\Windows\Installer\{13F4A7F3-EABC-4261-AF6B-1317777F0755}\_DDCB0ED3AF5E9139FFB652.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\LifeFrame.lnk -> C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe (ASUS)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\MultiFrame.lnk -> C:\Program Files (x86)\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Power4Gear Hybrid.lnk -> C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_888B0A46DB54615BEF92A8.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Scene Switch.lnk -> C:\Windows\Installer\{5172E572-C175-4F80-A6D5-5CB45826AD61}\_0151CC6272690AAAF598C6.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Wireless Console 3.lnk -> C:\Windows\Installer\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}\_C9BEC68FDCE220A882D6B5.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\General disclaimer.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\disclaimer.rtf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\SmartLogon Console.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\facemgr.exe (ASUS)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\SmartLogon Manager.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\logonmgr.exe (ASUS)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Splendid Utility\Splendid Compatibility Tool.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backache.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Splendid Utility\Splendid Utility.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backbone.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Live Update\ASUS Live Update.lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS CopyProtect\ASUS CopyProtect.lnk -> C:\Windows\Installer\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}\_1CDF4E2D13EDD4BCF236FB.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\AsusVibe\ASUS  Vibe Fun Center.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\Uninstall.lnk -> C:\Program Files (x86)\ASUS\ASUS WebStorage\uninst.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\AFORS-HET 2.4.1.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\aforshet.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Afors-Het online help.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\AFORS.HLP ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Afors-Het project page.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\AFORS-Het.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Helmholtz-Zentrum Berlin.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\Helmholtz-Zentrum Berlin.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AFORS-HET 2.4.1\Uninstall AFORS-HET.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig**exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig**exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files (x86)\7-Zip\7zFM.exe (Igor Pavlov)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files (x86)\7-Zip\7-zip.chm ()

Shortcut: C:\Users\d.******\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()

Shortcut: C:\Users\d.******\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Online Help.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Enu\Power2Go.chm ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Readme.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Enu\Readme.htm ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Online Help.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Enu\LabelPrint.chm ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Enu\Readme.htm ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()

Shortcut: C:\Users\g*******\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()

Shortcut: C:\Users\g*******\Links\Dropbox.lnk -> C:\Users\g*******\Dropbox ()

Shortcut: C:\Users\g*******\Desktop\FLV-Media-Player.lnk -> C:\Users\g*******\AppData\Roaming\Microsoft\Installer\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}\DesktopIcon.exe (HYBRIDWEB.de                        )

Shortcut: C:\Users\g*******\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan)

Shortcut: C:\Users\g*******\Desktop\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()

Shortcut: C:\Users\g*******\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)

Shortcut: C:\Users\g*******\Desktop\Scanner_Allgemein - Verknüpfung**lnk -> S:\Scanner_Allgemein (No File)

Shortcut: C:\Users\g*******\Desktop\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\Desktop\Tweaking**com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking**com)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV-Media-Player\FLV-Media-Player.lnk -> C:\Users\g*******\AppData\Roaming\Microsoft\Installer\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}\StartMenuIcon.exe (HYBRIDWEB.de                        )

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\g*******\Dropbox ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AFORS-HET 2.4.1.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\aforshet.exe ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\STP Viewer.lnk -> C:\Program Files (x86)\STPViewer\STPViewer.exe (IdeaMk)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe ()

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\Links\Desktop.lnk -> C:\Users\g*******\Desktop ()

Shortcut: C:\Users\p.******\Links\Downloads.lnk -> C:\Users\g*******\Downloads ()

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Infodatei.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Readme.htm ()

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Express.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go Hilfe.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Language\Deu\Power2Go.chm ()

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Power2Go.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe (CyberLink Corp.)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint Hilfe.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\LabelPrint.chm ()

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\LabelPrint.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Readme.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\Language\Deu\Readme.htm ()

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung**LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (No File)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\AFORS-HET 2.4.1.lnk -> C:\Program Files (x86)\AFORS-HET 2.4.1\aforshet.exe ()

Shortcut: C:\Users\Public\Desktop\Avast Internet Security.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

Shortcut: C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

Shortcut: C:\Users\Public\Desktop\ElsterFormular.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe ()

Shortcut: C:\Users\Public\Desktop\Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe (Foxit Software Inc.)

Shortcut: C:\Users\Public\Desktop\Free DWG Viewer.lnk -> C:\Program Files (x86)\IGC\Free DWG Viewer\BravaFreeDWg**exe (Informative Graphics Corp.)

Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)

Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\Users\Public\Desktop\Minitab 16.lnk -> C:\Program Files (x86)\Minitab\Minitab 16\Mtb.exe (Minitab Inc.)

Shortcut: C:\Users\Public\Desktop\Mobile Connection Manager.lnk -> C:\Program Files (x86)\o2\Mobile Connection Manager\EMMSN.exe (Telefónica I+D)

Shortcut: C:\Users\Public\Desktop\Mobile Partner.lnk -> C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe ()

Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

Shortcut: C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

Shortcut: C:\Users\Public\Desktop\OpenProj.lnk -> C:\Program Files (x86)\Serena Software Inc\OpenProj\OpenProj1.4.0.exe (Serena Software Inc.)

Shortcut: C:\Users\Public\Desktop\PDFCreator.lnk -> C:\Program Files (x86)\PDFCreator\PDFCreator.exe (pdfforge  hxxp://www.pdfforge.org/)

Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()

Shortcut: C:\Users\Public\Desktop\STP Viewer.lnk -> C:\Program Files (x86)\STPViewer\STPViewer.exe (IdeaMk)

Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
 
 
 
 

ShortcutWithArgument: C:\Users\Admin\Desktop\IrfanView Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\Administrator\Desktop\IrfanView Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Virtual Windows XP.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchDefaultVM

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking**com\Windows Repair (All in One)\Uninstall Tweaking**com - Windows Repair (All in One).lnk -> C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking**com\Windows Repair (All in One)\Uninstall\uninstall.xml"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe () -> /start

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () -> -d

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs\SRS Premium Sound Control Panel.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut3_9BAB6724F19F41B8905F825C6004D10E.exe (Acresso Software Inc.) -> /f=srs_premium_sound_nopreset.zip

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk -> C:\Windows\TotalUninstaller.exe () -> /REMOVE_ALL

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator\Images2PDF\Images2PDF Console Application.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\PDFCreator\Images2PDF\Images2PDFC.exe"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Deinstallieren.lnk -> C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee, Inc.) -> C:\Program Files\McAfee Security Scan\3.8.150\McAfee.ico

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab update

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab about

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView - Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im DirectX-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im OpenGL-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Hilfe.lnk -> C:\Program Files (x86)\ElsterFormular\bin\hilfepica.exe () -> -collectionFile "C:\Program Files (x86)\ElsterFormular/hilfe/elfo.bedienung**qhc" -showUrl "qthelp://elfo.bedienung/hilfe/bed_kap01/910000.html"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Installationsverwaltung**lnk -> C:\Program Files (x86)\ElsterFormular\bin\installationsverwaltung**exe () -> --zeigeDlg

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Integritätsprüfer.lnk -> C:\Program Files (x86)\ElsterFormular\bin\integritaetspruefer.exe () -> -path "C:\Program Files (x86)\ElsterFormular"

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular - Screenreadermodus.lnk -> C:\Program Files (x86)\ElsterFormular\bin\pica.exe () -> --sehbehindertenmodus

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS WebStorage\ASUS WebStorage.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) ->  /n, ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{D6044399-0B9E-4084-A9AC-C4B7C7800FCF}

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff

ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\d.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\OnLine Registration.lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:ENU

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\OnLine Registration.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:ENU

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\g*******\Desktop\Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home

ShortcutWithArgument: C:\Users\g*******\Desktop\IrfanView Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Benutzerverwaltung Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
 

5256927f" "Benutzerverwaltung Logistik" 

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Didaktische Pfade Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
 

3c5a8f69" "Didaktische Pfade Logistik" 

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Hilfe Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
 

c032a23" "Hilfe Logistik" 

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Lernumgebung Logistik (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
 

5690914f" "Lernumgebung Logistik" 

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC\Windows XP Mode-Anwendungen\BWL Lernsoftware Interaktiv\Toolbox (Windows XP Mode).lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\VMCPropertyHandler.dll,LaunchVMSal "Windows XP Mode" "
 

d97757a8" "Toolbox" 

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV-Media-Player\Uninstall FLV-Media-Player.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\g*******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte\U8510.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTWUIExt.exe (Broadcom) ->  /deviceAddr=f4559c009940

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle

ShortcutWithArgument: C:\Users\g*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Power2Go\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\Power2Go\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LabelPrint\Online Registrierung**lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\OLRSubmission\OLRSubmission.exe () -> /LANG:DEU

ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff

ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\p.******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\Users\Public\Desktop\Browserwahl.lnk -> C:\Windows\System32\browserchoice.exe (Microsoft Corporation) -> /launch

ShortcutWithArgument: C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\McUICnt.exe (McAfee, Inc.) -> SecurityScanner.dll
 
 

InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742

InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700

InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681

InternetURL: C:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682

InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680

InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659

InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640

InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636

InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635

InternetURL: C:\Users\Admin\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630

InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186

InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520

InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813

InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629

InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406

InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893

InternetURL: C:\Users\Admin\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

InternetURL: C:\Users\Admin\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/

InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/

InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download

InternetURL: C:\Users\Admin\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support

InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742

InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700

InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681

InternetURL: C:\Users\Administrator\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682

InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680

InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659

InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640

InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636

InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635

InternetURL: C:\Users\Administrator\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630

InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186

InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520

InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813

InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629

InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406

InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893

InternetURL: C:\Users\Administrator\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

InternetURL: C:\Users\Administrator\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/

InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/

InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download

InternetURL: C:\Users\Administrator\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support

InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742

InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700

InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681

InternetURL: C:\Users\d.******\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682

InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680

InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659

InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640

InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636

InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635

InternetURL: C:\Users\d.******\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630

InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186

InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520

InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813

InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629

InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406

InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893

InternetURL: C:\Users\d.******\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

InternetURL: C:\Users\d.******\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice

InternetURL: C:\Users\d.******\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/

InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/

InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download

InternetURL: C:\Users\d.******\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support

InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742

InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700

InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681

InternetURL: C:\Users\g*******\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682

InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680

InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659

InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640

InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636

InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635

InternetURL: C:\Users\g*******\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630

InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186

InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520

InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813

InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629

InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406

InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893

InternetURL: C:\Users\g*******\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

InternetURL: C:\Users\g*******\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice

InternetURL: C:\Users\g*******\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/

InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/

InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download

InternetURL: C:\Users\g*******\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support

InternetURL: C:\Users\g*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com

InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742

InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700

InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681

InternetURL: C:\Users\p.******\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682

InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680

InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659

InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640

InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636

InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635

InternetURL: C:\Users\p.******\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630

InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186

InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520

InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813

InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629

InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406

InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893

InternetURL: C:\Users\p.******\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893

InternetURL: C:\Users\p.******\Favorites\Links\Web Slice-Katalog**url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Homepage.url -> hxxp://www.asus.com/

InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Member.url -> hxxp://member.asus.com/

InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Software Download.url -> hxxp://www.asus.com/support/download

InternetURL: C:\Users\p.******\Favorites\ASUS E-Service\ASUS Technical Support.url -> hxxp://www.asus.com/support
 

==================== End of log =============================

danke für weiteren support

die grafik und chip treiber habe ich mir nicht anzufassen getraut. da ein VLC media player ordnungsgemäß abspielt liegt es wohl doch nicht am grafiktreiber sondern am windows media player.? dieser ist aber im windows 7 inklusive, kann man nicht deinstallieren und separat neu herunterladen. müsste ich nur wissen wie man windowsMP disabled und VLC als default für livestream video online aktiviert,ansonnsten werden online videos immer mit windowsMP abgespielt-->bild funktioniert nicht

LAN funktioniert auch noch nicht .trotz treiber aktualisiert

Haben wir windows repair schon gemaccht?

http://www.deeprybka.trojaner-board....r/wraioneu.PNG

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

http://deeprybka.trojaner-board.de/b...srepair271.png