Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Virus in the home network

(In Progress)
(!)

sweety_pie's Avatar
sweety_pie sweety_pie is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Feb 2013
25-Feb-2013, 10:37 PM #31
Angry ComboFix
Now I disabled my security programs and I did everything as instructed. I was able to save ComboFix and to run it, but since it automatically shuts the system down and turns up again before it opens the log, I had to let it do that. But when I copied the log and wanted to paste it online, my internet explorer didn´t open. I had to shut down and turn up my whole system again to be able to open the Internet, but the copied log was gone. I even tried to save it on my desktop and call it "puppy_log.exe", but when I tried to open the file, it said there was an error with the server, so I don´t have any possibility to paste the log in my response. What should I do?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,491 posts.
 
Join Date: Aug 2003
25-Feb-2013, 11:05 PM #32
Quote:
Originally Posted by sweety_pie View Post
Now I disabled my security programs and I did everything as instructed. I was able to save ComboFix and to run it, but since it automatically shuts the system down and turns up again before it opens the log, I had to let it do that. But when I copied the log and wanted to paste it online, my internet explorer didn´t open. I had to shut down and turn up my whole system again to be able to open the Internet, but the copied log was gone. I even tried to save it on my desktop and call it "puppy_log.exe", but when I tried to open the file, it said there was an error with the server, so I don´t have any possibility to paste the log in my response. What should I do?
What does that mean (the bolded part)?

All you needed to do if you had no Internet Access was to reboot the machine. The log should still be there. It gets created automatically. You don't have to save it. It should be located at C:\Combofix.txt.

You can't name a log file with an .exe file extension. It should be a .txt file in Notepad.
__________________
Microsoft MVP - Consumer Security
sweety_pie's Avatar
sweety_pie sweety_pie is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Feb 2013
26-Feb-2013, 07:24 PM #33
Talking log
I´m sorry I meant I had to reboot it, but the file wasn´t there. It didn´t know it would save automatically.
Anyways, here´s the log:

ComboFix 13-02-24.01 - francisca 25.02.2013 20:06:30.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3685.1755 [GMT -5:00]
ausgeführt von:: c:\users\francisca\Desktop\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db79 53_da08cd01\PriceGrabber.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008ab 54_da08cd01\SimpleTapAppStoreAddon.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae48 52_da08cd01\InternetExplorer.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b5 4e_da08cd01\DefaultTheme.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8bd 67_da08cd01\Wikipedia.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\001777 a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8bd 67_da08cd01\Skype.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6f 59_da08cd01\Flickr.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db79 53_da08cd01\EvernoteLauncher.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5b 65_da08cd01\MessageCenterPlus.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\007034 5e_da08cd01\LenovoMusic.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f9 62_da08cd01\LenovoTV.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c9 42_da08cd01\CoreAudioApi.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a021 4b_da08cd01\ScreenRotate.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b595 5e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b595 5e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671b 6a_cde0cc01\NewsTile.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae48 52_da08cd01\Chrome.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d2 5b_da08cd01\Groupon.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\004303 5d_da08cd01\Kayak.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c7 61_da08cd01\LenovoSolutionCenter.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c9 42_da08cd01\DisplayBrightnessApi.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092fa 43_da08cd01\WirelessApi.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa83 4d_da08cd01\Biztree.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8c 66_da08cd01\MSOffice.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008ab 54_da08cd01\AccuWeatherTile.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe0 f8_d908cd01\KeyboardLightApi.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db7 953_da08cd01\PriceGrabber.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008a b54_da08cd01\SimpleTapAppStoreAddon.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae4 852_da08cd01\InternetExplorer.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b 54e_da08cd01\DefaultTheme.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8b d67_da08cd01\Wikipedia.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\00177 7a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8b d67_da08cd01\Skype.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6 f59_da08cd01\Flickr.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db7 953_da08cd01\EvernoteLauncher.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5 b65_da08cd01\MessageCenterPlus.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\00703 45e_da08cd01\LenovoMusic.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f 962_da08cd01\LenovoTV.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c 942_da08cd01\CoreAudioApi.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a02 14b_da08cd01\ScreenRotate.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b59 55e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b59 55e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671 b6a_cde0cc01\NewsTile.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae4 852_da08cd01\Chrome.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d 25b_da08cd01\Groupon.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\00430 35d_da08cd01\Kayak.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c 761_da08cd01\LenovoSolutionCenter.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c 942_da08cd01\DisplayBrightnessApi.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092f a43_da08cd01\WirelessApi.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa8 34d_da08cd01\Biztree.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8 c66_da08cd01\MSOffice.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008a b54_da08cd01\AccuWeatherTile.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe 0f8_d908cd01\KeyboardLightApi.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-26 bis 2013-02-26 ))))))))))))))))))))))))))))))
.
.
2013-02-26 01:51 . 2013-02-26 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-26 01:15 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DDD62EE-87E7-47C1-897F-59B56FD96318}\mpengine.dll
2013-02-24 20:27 . 2013-02-24 20:27 -------- d-----w- c:\programdata\UUdb
2013-02-24 20:25 . 2013-02-24 20:27 -------- d-----w- c:\program files (x86)\1und1Softwareaktualisierung
2013-02-24 18:39 . 2013-02-08 00:28 9162192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-24 18:30 . 2013-02-24 18:30 -------- d-----w- c:\windows\ERUNT
2013-02-24 18:29 . 2013-02-24 18:29 -------- d-----w- C:\JRT
2013-02-22 21:29 . 2013-02-22 21:29 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\users\francisca\AppData\Roaming\player
2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\program files (x86)\Tuguu SL
2013-02-22 05:14 . 2013-02-22 05:14 -------- d-----w- c:\program files (x86)\hdvidcodec.com
2013-02-18 03:22 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 03:22 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 03:20 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-18 03:20 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-16 22:44 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-16 22:44 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-16 22:44 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-16 22:44 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-16 22:44 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-16 22:44 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-16 22:35 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-16 22:35 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-16 22:34 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-16 22:34 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-16 22:34 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-16 22:31 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-09 22:08 . 2013-02-09 22:09 -------- d-----w- C:\rei
2013-02-09 22:07 . 2013-02-09 22:07 -------- d-----w- c:\program files\Reimage
2013-02-09 03:31 . 2013-02-09 03:31 221 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-09 03:29 . 2013-02-09 03:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4213D974-63E3-481A-9977-3775FB1C5B8F}\gapaengine.dll
2013-02-09 03:27 . 2013-02-09 03:27 -------- d-----w- c:\program files (x86)\ChicaLogic
2013-02-09 00:50 . 2013-02-09 00:50 -------- d-----w- c:\users\francisca\AppData\Local\CRE
2013-02-09 00:36 . 2013-02-09 00:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-02-09 00:36 . 2013-02-09 00:37 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-05 03:33 . 2013-02-05 05:02 -------- d-----w- C:\Remote Programs
2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\programdata\Free Ride Games
2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\program files (x86)\Free Ride Games
2013-02-05 03:33 . 2012-12-04 21:48 57824 ------w- c:\windows\ExentInfo.exe
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Amazon Browser Bar
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\programdata\Yahoo!
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\NanoService
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Yahoo!
2013-02-04 16:54 . 2013-02-04 16:54 -------- d--h--w- c:\windows\msdownld.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 03:26 . 2012-08-28 11:07 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-22 01:26 . 2012-07-15 09:48 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-22 01:26 . 2012-07-15 09:48 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 02:26 . 2013-01-09 02:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-09 02:26 . 2013-01-09 02:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-08 05:32 . 2013-02-09 00:19 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38C78DC1-A2F3-4A2B-98E1-8044F309A170}\mpengine.dll
2013-01-04 04:43 . 2013-02-16 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 22:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:39 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:39 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-10 23:01 . 2013-01-19 02:36 321384 ----a-w- c:\windows\SysWow64\Sendori.dll
2012-12-07 13:20 . 2013-01-10 23:27 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 23:27 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 23:27 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 23:27 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 23:27 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 23:27 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 23:27 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 23:27 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 23:27 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 23:27 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 23:27 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 23:27 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 23:27 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 23:27 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 23:27 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 23:27 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 23:27 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 23:27 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 23:27 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 23:27 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 23:27 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 23:27 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 23:27 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 23:27 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 23:27 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-10 23:27 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-10 23:26 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-10 23:26 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-10 23:26 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-10 23:26 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-10 23:26 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-10 23:26 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-10 23:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-10 23:26 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-10 23:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
c:\program files (x86)\Unfriend Checker\uc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{491BCA71-06F9-42e1-A72E-76D897607E2B}]
c:\program files (x86)\OApps\SelectionLinks.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A59D1D83-8A40-4FA5-9CC9-749D4D7BD472}]
c:\users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002. dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-01-13 13105848]
"GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
"ChicaPasswordManager"="c:\program files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" [2012-07-09 4299624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-09 295072]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-12-10 82792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
StrongVaultApp.exe [2012-9-7 359424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
R2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
R2 ZDManager Service;ZDManager Service;c:\program files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-27 176640]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-21 1304912]
R3 cpuz134;cpuz134;c:\users\FRANCI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sy s [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys [2012-01-17 70416]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-12-20 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-28 25416]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-30 33344]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-21 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-21 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-10 58192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-10 61264]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-10 175440]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-05-22 222368]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
S2 YNanoService;Yahoo! NanoClient Service;c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-07-25 157016]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-30 94720]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-30 747008]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 60928]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-12-20 25496]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-07 27432]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 01:59 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-26 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-19 17:51]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
.
2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
.
2013-02-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-02-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-24 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 283984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.17.1
FF - ProfilePath - c:\users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\
FF - ExtSQL: 2013-01-18 21:36; uc@uc.com; c:\program files (x86)\Unfriend Checker\FF
FF - ExtSQL: !HIDDEN! 2012-10-25 18:00; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-couponamazing - c:\users\francisca\AppData\Local\couponamazing\uninst.exe
AddRemove-DefaultTab - c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-InfoAtoms - c:\program files (x86)\InfoAtoms\Uninstall.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-sl-adk - c:\program files (x86)\OApps\sl-adk_uninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 - c:\program files (x86)\PCFixSpeed\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Lenovo\SimpleTap\SimpleTap.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\lenovo\lenovo solution center\lsc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-25 21:23:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-26 02:23
ComboFix2.txt 2013-02-26 00:58
ComboFix3.txt 2013-02-11 01:28
ComboFix4.txt 2013-02-10 18:34
.
Vor Suchlauf: 18 Verzeichnis(se), 406.706.741.248 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 406.562.701.312 Bytes frei
.
- - End Of File - - 1D8A240FAC6797443EDF0EB3EC64F7B2
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,491 posts.
 
Join Date: Aug 2003
27-Feb-2013, 01:18 PM #34
Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe

Folder::
c:\program files\DomaIQ Uninstaller
C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
C:\Program Files (x86)\hdvidcodec.com
c:\program files (x86)\Tuguu SL
c:\users\francisca\AppData\Local\CRE
c:\program files (x86)\Unfriend Checker
c:\users\francisca\AppData\Local\couponamazing

DirLook::
C:\Remote Programs

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{491BCA71-06F9-42e1-A72E-76D897607E2B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A59D1D83-8A40-4FA5-9CC9-749D4D7BD472}]

Firefox::
FF - ProfilePath - c:\users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\
FF - ExtSQL: 2013-01-18 21:36; uc@uc.com; c:\program files (x86)\Unfriend Checker\FF
FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
sweety_pie's Avatar
sweety_pie sweety_pie is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Feb 2013
02-Mar-2013, 09:52 PM #35
Wink ComboFix
Here´s the log:

ComboFix 13-02-24.01 - francisca 02.03.2013 19:19:44.6.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3685.1799 [GMT -5:00]
ausgeführt von:: c:\users\francisca\Desktop\puppy.exe
Benutzte Befehlsschalter :: c:\users\francisca\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\hdvidcodec.com
c:\program files (x86)\hdvidcodec.com\uninst.exe
c:\program files (x86)\Tuguu SL
c:\program files (x86)\Tuguu SL\FlashPlayer\AxInterop.WMPLib.dll
c:\program files (x86)\Tuguu SL\FlashPlayer\ComponentFactory.Krypton.Toolkit.dll
c:\program files (x86)\Tuguu SL\FlashPlayer\FileBrowser.dll
c:\program files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe
c:\program files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe.config
c:\program files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.InstallState
c:\program files (x86)\Tuguu SL\FlashPlayer\Interop.WMPLib.dll
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Arabic.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Arabic.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Bulgarian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Bulgarian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Catalan.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Catalan.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Simplified).gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Simplified).ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Traditional).gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Traditional).ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Czech.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Czech.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Danish.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Danish.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Dutch.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Dutch.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\English.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\English.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Estonian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Estonian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Finnish.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Finnish.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\French.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\French.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\German.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\German.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Greek.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Greek.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Haitian Creole.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Haitian Creole.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hebrew.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hebrew.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hindi.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hindi.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hungarian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hungarian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Indonesian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Indonesian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Italian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Italian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Japanese.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Japanese.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Korean.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Korean.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Latvian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Latvian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Lithuanian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Lithuanian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Norwegian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Norwegian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Polish.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Polish.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Portuguese.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Portuguese.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Romanian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Romanian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Russian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Russian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovak.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovak.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovenian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovenian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Spanish.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Spanish.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Swedish.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Swedish.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Thai.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Thai.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Turkish.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Turkish.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Ukrainian.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Ukrainian.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Vietnamese.gif
c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Vietnamese.ini
c:\program files (x86)\Tuguu SL\FlashPlayer\Newtonsoft.Json.dll
c:\program files (x86)\Tuguu SL\FlashPlayer\UltraID3Lib.dll
c:\program files (x86)\Tuguu SL\FlashPlayer\Uninstall.exe
c:\program files (x86)\Tuguu SL\FlashPlayer\VAFUpdate.exe
c:\program files (x86)\Tuguu SL\FlashPlayer\wmp.dll
c:\program files (x86)\Unfriend Checker
c:\program files (x86)\Unfriend Checker\chrome.crx
c:\program files (x86)\Unfriend Checker\FF\chrome.manifest
c:\program files (x86)\Unfriend Checker\FF\chrome\content\icon.png
c:\program files (x86)\Unfriend Checker\FF\chrome\content\main.js
c:\program files (x86)\Unfriend Checker\FF\chrome\content\overlay.xul
c:\program files (x86)\Unfriend Checker\FF\install.rdf
c:\program files (x86)\Unfriend Checker\r.log
c:\program files (x86)\Unfriend Checker\Uninstall.exe
c:\program files\DomaIQ Uninstaller
c:\program files\DomaIQ Uninstaller\DomaIQUninstall.exe
c:\program files\DomaIQ Uninstaller\Uninstall.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db79 53_da08cd01\PriceGrabber.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008ab 54_da08cd01\SimpleTapAppStoreAddon.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae48 52_da08cd01\InternetExplorer.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b5 4e_da08cd01\DefaultTheme.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8bd 67_da08cd01\Wikipedia.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\001777 a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8bd 67_da08cd01\Skype.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6f 59_da08cd01\Flickr.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db79 53_da08cd01\EvernoteLauncher.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5b 65_da08cd01\MessageCenterPlus.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\007034 5e_da08cd01\LenovoMusic.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f9 62_da08cd01\LenovoTV.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c9 42_da08cd01\CoreAudioApi.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a021 4b_da08cd01\ScreenRotate.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b595 5e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b595 5e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671b 6a_cde0cc01\NewsTile.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae48 52_da08cd01\Chrome.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d2 5b_da08cd01\Groupon.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\004303 5d_da08cd01\Kayak.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c7 61_da08cd01\LenovoSolutionCenter.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c9 42_da08cd01\DisplayBrightnessApi.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092fa 43_da08cd01\WirelessApi.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa83 4d_da08cd01\Biztree.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8c 66_da08cd01\MSOffice.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008ab 54_da08cd01\AccuWeatherTile.dll
c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe0 f8_d908cd01\KeyboardLightApi.dll
c:\users\francisca\AppData\Local\CRE
c:\users\francisca\AppData\Local\CRE\elnbpjcckofijioeebipepekepoceodh.crx
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db7 953_da08cd01\PriceGrabber.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008a b54_da08cd01\SimpleTapAppStoreAddon.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae4 852_da08cd01\InternetExplorer.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b 54e_da08cd01\DefaultTheme.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8b d67_da08cd01\Wikipedia.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\00177 7a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8b d67_da08cd01\Skype.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6 f59_da08cd01\Flickr.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db7 953_da08cd01\EvernoteLauncher.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5 b65_da08cd01\MessageCenterPlus.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\00703 45e_da08cd01\LenovoMusic.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f 962_da08cd01\LenovoTV.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c 942_da08cd01\CoreAudioApi.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a02 14b_da08cd01\ScreenRotate.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b59 55e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b59 55e_d6d9cc01\AccuWeatherTile.resources.DLL
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671 b6a_cde0cc01\NewsTile.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae4 852_da08cd01\Chrome.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d 25b_da08cd01\Groupon.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\00430 35d_da08cd01\Kayak.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c 761_da08cd01\LenovoSolutionCenter.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c 942_da08cd01\DisplayBrightnessApi.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092f a43_da08cd01\WirelessApi.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa8 34d_da08cd01\Biztree.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8 c66_da08cd01\MSOffice.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008a b54_da08cd01\AccuWeatherTile.dll
c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe 0f8_d908cd01\KeyboardLightApi.dll
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.ex e
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64. exe
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstal ler.exe
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.d ll
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
c:\users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk
c:\users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-03 bis 2013-03-03 ))))))))))))))))))))))))))))))
.
.
2013-03-03 01:24 . 2013-03-03 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-02 03:58 . 2013-03-02 03:58 -------- d-----w- c:\program files (x86)\DefaultTab
2013-03-02 03:58 . 2013-03-03 01:24 -------- d-----w- c:\users\francisca\AppData\Roaming\DefaultTab
2013-03-02 03:58 . 2013-03-02 03:58 -------- d-----w- c:\users\francisca\AppData\Roaming\Optimizer Pro
2013-03-02 03:58 . 2013-03-02 03:58 -------- d-----w- c:\program files (x86)\Optimizer Pro
2013-03-02 03:57 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB3F46A-61C5-4E28-8571-55C109E4EFE3}\mpengine.dll
2013-02-28 00:31 . 2013-02-08 00:28 9162192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-24 20:27 . 2013-02-24 20:27 -------- d-----w- c:\programdata\UUdb
2013-02-24 20:25 . 2013-02-24 20:27 -------- d-----w- c:\program files (x86)\1und1Softwareaktualisierung
2013-02-24 18:30 . 2013-02-24 18:30 -------- d-----w- c:\windows\ERUNT
2013-02-24 18:29 . 2013-02-24 18:29 -------- d-----w- C:\JRT
2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\users\francisca\AppData\Roaming\player
2013-02-18 03:22 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 03:22 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 03:20 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-18 03:20 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-16 22:44 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-16 22:44 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-16 22:44 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-16 22:44 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-16 22:44 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-16 22:44 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-16 22:35 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-16 22:35 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-16 22:34 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-16 22:34 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-16 22:34 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-16 22:31 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-09 22:08 . 2013-02-09 22:09 -------- d-----w- C:\rei
2013-02-09 22:07 . 2013-02-09 22:07 -------- d-----w- c:\program files\Reimage
2013-02-09 03:31 . 2013-02-09 03:31 221 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-09 03:29 . 2013-02-09 03:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4213D974-63E3-481A-9977-3775FB1C5B8F}\gapaengine.dll
2013-02-09 03:27 . 2013-02-09 03:27 -------- d-----w- c:\program files (x86)\ChicaLogic
2013-02-09 00:36 . 2013-02-27 22:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-02-09 00:36 . 2013-02-27 22:53 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-05 03:33 . 2013-02-05 05:02 -------- d-----w- C:\Remote Programs
2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\programdata\Free Ride Games
2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\program files (x86)\Free Ride Games
2013-02-05 03:33 . 2012-12-04 21:48 57824 ------w- c:\windows\ExentInfo.exe
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Amazon Browser Bar
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\programdata\Yahoo!
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\NanoService
2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Yahoo!
2013-02-04 16:54 . 2013-02-04 16:54 -------- d--h--w- c:\windows\msdownld.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 03:26 . 2012-08-28 11:07 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-22 01:26 . 2012-07-15 09:48 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-22 01:26 . 2012-07-15 09:48 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2012-08-31 03:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-09 02:26 . 2013-01-09 02:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-09 02:26 . 2013-01-09 02:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-08 05:32 . 2013-02-09 00:19 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38C78DC1-A2F3-4A2B-98E1-8044F309A170}\mpengine.dll
2013-01-04 04:43 . 2013-02-16 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 22:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 22:39 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:39 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 22:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-10 23:01 . 2013-01-19 02:36 321384 ----a-w- c:\windows\SysWow64\Sendori.dll
2012-12-07 13:20 . 2013-01-10 23:27 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 23:27 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 23:27 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 23:27 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 23:27 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 23:27 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 23:27 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 23:27 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 23:27 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 23:27 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 23:27 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 23:27 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 23:27 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 23:27 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 23:27 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 23:27 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 23:27 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 23:27 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 23:27 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 23:27 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 23:27 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 23:27 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 23:27 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 23:27 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 23:27 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-10 23:27 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Remote Programs ----
.
2013-02-05 05:05 . 2013-02-05 05:05 667 ----a-w- c:\remote programs\Cradle of Rome\Preload.dat
2013-02-05 05:05 . 2013-02-05 05:05 65574 ----a-w- c:\remote programs\Cradle of Rome\Content.wav
2013-02-05 05:05 . 2013-02-05 05:05 9116 ----a-w- c:\remote programs\Cradle of Rome\00000000.VIX
2013-02-05 05:05 . 2013-02-05 05:07 4096 ----a-w- c:\remote programs\Cradle of Rome\ch0_3.dat
2013-02-05 05:05 . 2013-02-05 05:07 171 ----a-w- c:\remote programs\Cradle of Rome\ch0_3.ix
2013-02-05 05:05 . 2013-02-05 05:07 4096 ----a-w- c:\remote programs\Cradle of Rome\ch0_2.dat
2013-02-05 05:05 . 2013-02-05 05:07 171 ----a-w- c:\remote programs\Cradle of Rome\ch0_2.ix
2013-02-05 05:05 . 2013-02-05 05:07 4096 ----a-w- c:\remote programs\Cradle of Rome\ch0_1.dat
2013-02-05 05:05 . 2013-02-05 05:07 171 ----a-w- c:\remote programs\Cradle of Rome\ch0_1.ix
2013-02-05 05:05 . 2013-02-05 05:07 50073600 ----a-w- c:\remote programs\Cradle of Rome\ch0.dat
2013-02-05 05:05 . 2013-02-05 05:07 67584 ----a-w- c:\remote programs\Cradle of Rome\ch0.ix
2013-02-05 05:05 . 2013-02-05 05:07 724992 ----a-w- c:\remote programs\Cradle of Rome\ch1.dat
2013-02-05 05:05 . 2013-02-05 05:07 1536 ----a-w- c:\remote programs\Cradle of Rome\ch1.ix
2013-02-05 05:05 . 2013-02-05 05:07 231 ----a-w- c:\remote programs\Cradle of Rome\CacheSettings.ini
2013-02-05 05:05 . 2013-02-05 05:07 231 ----a-w- c:\remote programs\Cradle of Rome\CacheSettings.tmp
2013-02-05 05:03 . 2013-02-05 05:03 1909 ----a-w- c:\remote programs\Time Riddles - The Mansion\Preload.dat
2013-02-05 05:03 . 2013-02-05 05:03 65574 ----a-w- c:\remote programs\Time Riddles - The Mansion\Content.wav
2013-02-05 05:03 . 2013-02-05 05:03 20264 ----a-w- c:\remote programs\Time Riddles - The Mansion\00000000.VIX
2013-02-05 05:03 . 2013-02-05 05:05 4096 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_3.dat
2013-02-05 05:03 . 2013-02-05 05:05 4096 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_2.dat
2013-02-05 05:03 . 2013-02-05 05:05 171 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_3.ix
2013-02-05 05:03 . 2013-02-05 05:05 171 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_2.ix
2013-02-05 05:03 . 2013-02-05 05:05 4096 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_1.dat
2013-02-05 05:03 . 2013-02-05 05:05 107548672 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0.dat
2013-02-05 05:03 . 2013-02-05 05:05 171 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_1.ix
2013-02-05 05:03 . 2013-02-05 05:05 145408 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0.ix
2013-02-05 05:03 . 2013-02-05 05:05 2789376 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch1.dat
2013-02-05 05:03 . 2013-02-05 05:05 4608 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch1.ix
2013-02-05 05:03 . 2013-02-05 05:05 231 ----a-w- c:\remote programs\Time Riddles - The Mansion\CacheSettings.ini
2013-02-05 05:03 . 2013-02-05 05:05 231 ----a-w- c:\remote programs\Time Riddles - The Mansion\CacheSettings.tmp
2013-02-05 05:02 . 2013-02-05 05:02 7082 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\GameIcon_icon.ico.dat
2013-02-05 05:02 . 2013-02-05 05:05 7672 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
2013-02-05 05:02 . 2013-02-05 05:02 9902 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\GameIcon_icon.ico.dat
2013-02-05 05:02 . 2013-02-05 05:02 7003 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
2013-02-05 05:02 . 2013-02-05 05:02 5182 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\GameIcon_icon.ico.dat
2013-02-05 05:02 . 2013-02-05 05:03 4588 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
2013-02-05 05:02 . 2013-02-05 05:02 29875 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
2013-02-05 05:02 . 2013-02-05 05:02 6102 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\GameImage_player_boxshot.jpg.dat
2013-02-05 05:02 . 2013-02-05 05:02 29875 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
2013-02-05 05:02 . 2013-02-05 05:02 1638 ----a-w- c:\remote programs\Heroes of Hellas\Preload.dat
2013-02-05 05:02 . 2013-02-05 05:02 4439 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\GameImage_player_boxshot.jpg.dat
2013-02-05 05:02 . 2013-02-05 05:02 612 ----a-w- c:\remote programs\Heroes of Hellas\Content.clog
2013-02-05 05:02 . 2013-02-05 05:02 29875 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
2013-02-05 05:02 . 2013-02-05 05:02 65574 ----a-w- c:\remote programs\Heroes of Hellas\Content.wav
2013-02-05 05:02 . 2013-02-05 05:02 7853 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\GameImage_player_boxshot.jpg.dat
2013-02-05 05:02 . 2013-02-05 05:02 12468 ----a-w- c:\remote programs\Heroes of Hellas\00000000.VIX
2013-02-05 05:02 . 2013-02-05 05:03 4096 ----a-w- c:\remote programs\Heroes of Hellas\ch0_3.dat
2013-02-05 05:02 . 2013-02-05 05:03 171 ----a-w- c:\remote programs\Heroes of Hellas\ch0_3.ix
2013-02-05 05:02 . 2013-02-05 05:03 4096 ----a-w- c:\remote programs\Heroes of Hellas\ch0_2.dat
2013-02-05 05:02 . 2013-02-05 05:03 171 ----a-w- c:\remote programs\Heroes of Hellas\ch0_2.ix
2013-02-05 05:02 . 2013-02-05 05:03 4096 ----a-w- c:\remote programs\Heroes of Hellas\ch0_1.dat
2013-02-05 05:02 . 2013-02-05 05:03 171 ----a-w- c:\remote programs\Heroes of Hellas\ch0_1.ix
2013-02-05 05:02 . 2013-02-05 05:03 57442304 ----a-w- c:\remote programs\Heroes of Hellas\ch0.dat
2013-02-05 05:02 . 2013-02-05 05:03 77824 ----a-w- c:\remote programs\Heroes of Hellas\ch0.ix
2013-02-05 05:02 . 2013-02-05 05:03 1445888 ----a-w- c:\remote programs\Heroes of Hellas\ch1.dat
2013-02-05 05:02 . 2013-02-05 05:03 2560 ----a-w- c:\remote programs\Heroes of Hellas\ch1.ix
2013-02-05 05:02 . 2013-02-05 05:03 231 ----a-w- c:\remote programs\Heroes of Hellas\CacheSettings.ini
2013-02-05 05:02 . 2013-02-05 05:03 231 ----a-w- c:\remote programs\Heroes of Hellas\CacheSettings.tmp
2013-02-05 05:02 . 2013-02-05 05:03 449 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\dmAssetsXmlFile_assets.xml
2013-02-05 05:02 . 2013-02-05 05:05 449 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\dmAssetsXmlFile_assets.xml
2013-02-05 05:02 . 2013-02-05 05:02 449 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\dmAssetsXmlFile_assets.xml
2013-02-05 05:02 . 2013-02-05 05:02 21220 ----a-w- c:\remote programs\Time Riddles - The Mansion\143-PU.rgmxold
2013-02-05 05:02 . 2013-02-05 05:02 20836 ----a-w- c:\remote programs\Cradle of Rome\143-PU.rgmxold
2013-02-05 05:02 . 2013-02-05 05:02 20864 ----a-w- c:\remote programs\Heroes of Hellas\143-PU.rgmxold
2013-02-05 05:02 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage .jpg
2013-02-05 05:02 . 2013-02-05 05:03 470 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\md.dat
2013-02-05 05:02 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\GameImage_DefaultGameImage.gif
2013-02-05 05:02 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jp g
2013-02-05 05:02 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\GameImage_DefaultGameImage.gif
2013-02-05 05:02 . 2013-02-05 05:05 470 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\md.dat
2013-02-05 05:02 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage. jpg
2013-02-05 05:02 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\GameImage_DefaultGameImage.gif
2013-02-05 05:02 . 2013-02-05 05:02 470 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\md.dat
2013-02-05 05:02 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GPlrLanc\GPlayer.ico
2013-02-05 05:02 . 2013-02-05 05:03 6115 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GPlrLanc\GPlrLanc.dat
2013-02-05 05:02 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\Time Riddles - The Mansion\GPlrLanc.exe
2013-02-05 05:02 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\Time Riddles - The Mansion\exs.dll
2013-02-05 05:02 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\Cradle of Rome\Default\GPlrLanc\GPlayer.ico
2013-02-05 05:02 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\Heroes of Hellas\Default\GPlrLanc\GPlayer.ico
2013-02-05 05:02 . 2013-02-05 05:02 6115 ----a-w- c:\remote programs\Heroes of Hellas\Default\GPlrLanc\GPlrLanc.dat
2013-02-05 05:02 . 2013-02-05 05:05 6115 ----a-w- c:\remote programs\Cradle of Rome\Default\GPlrLanc\GPlrLanc.dat
2013-02-05 05:02 . 2013-02-05 05:05 2550 ----a-w- c:\remote programs\Time Riddles - The Mansion\Content.md
2013-02-05 05:02 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\Heroes of Hellas\GPlrLanc.exe
2013-02-05 05:02 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\Cradle of Rome\GPlrLanc.exe
2013-02-05 05:02 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\Heroes of Hellas\exs.dll
2013-02-05 05:02 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\Cradle of Rome\exs.dll
2013-02-05 05:02 . 2013-02-05 05:03 2537 ----a-w- c:\remote programs\Heroes of Hellas\Content.md
2013-02-05 05:02 . 2013-02-05 05:07 2514 ----a-w- c:\remote programs\Cradle of Rome\Content.md
2013-02-05 03:34 . 2013-02-05 03:34 7358 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\GameIcon_icon.ico.dat
2013-02-05 03:34 . 2013-02-05 03:34 1510 ----a-w- c:\remote programs\7 Wonders 2\Preload.dat
2013-02-05 03:34 . 2013-02-05 03:34 306 ----a-w- c:\remote programs\7 Wonders 2\Content.clog
2013-02-05 03:34 . 2013-02-05 03:34 65574 ----a-w- c:\remote programs\7 Wonders 2\Content.wav
2013-02-05 03:34 . 2013-02-05 03:34 6456 ----a-w- c:\remote programs\7 Wonders 2\00000000.VIX
2013-02-05 03:34 . 2013-02-05 03:34 4096 ----a-w- c:\remote programs\7 Wonders 2\ch0_3.dat
2013-02-05 03:34 . 2013-02-05 03:34 171 ----a-w- c:\remote programs\7 Wonders 2\ch0_3.ix
2013-02-05 03:34 . 2013-02-05 03:34 4096 ----a-w- c:\remote programs\7 Wonders 2\ch0_2.dat
2013-02-05 03:34 . 2013-02-05 03:34 171 ----a-w- c:\remote programs\7 Wonders 2\ch0_2.ix
2013-02-05 03:34 . 2013-02-05 03:34 4096 ----a-w- c:\remote programs\7 Wonders 2\ch0_1.dat
2013-02-05 03:34 . 2013-02-05 03:34 171 ----a-w- c:\remote programs\7 Wonders 2\ch0_1.ix
2013-02-05 03:34 . 2013-02-05 03:34 24514560 ----a-w- c:\remote programs\7 Wonders 2\ch0.dat
2013-02-05 03:34 . 2013-02-05 03:34 33280 ----a-w- c:\remote programs\7 Wonders 2\ch0.ix
2013-02-05 03:34 . 2013-02-05 03:34 790528 ----a-w- c:\remote programs\7 Wonders 2\ch1.dat
2013-02-05 03:34 . 2013-02-05 03:34 1536 ----a-w- c:\remote programs\7 Wonders 2\ch1.ix
2013-02-05 03:34 . 2013-02-05 03:34 231 ----a-w- c:\remote programs\7 Wonders 2\CacheSettings.ini
2013-02-05 03:34 . 2013-02-05 03:34 231 ----a-w- c:\remote programs\7 Wonders 2\CacheSettings.tmp
2013-02-05 03:33 . 2013-02-05 03:33 6867 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
2013-02-05 03:33 . 2013-02-05 03:33 29875 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
2013-02-05 03:33 . 2013-02-05 03:33 28574 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\GameImage_player_boxshot.jpg.dat
2013-02-05 03:33 . 2013-02-05 03:33 449 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\dmAssetsXmlFile_assets.xml
2013-02-05 03:33 . 2013-02-05 03:33 21020 ----a-w- c:\remote programs\7 Wonders 2\143-PU.rgmxold
2013-02-05 03:33 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jpg
2013-02-05 03:33 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\GameImage_DefaultGameImage.gif
2013-02-05 03:33 . 2013-02-05 03:34 470 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\md.dat
2013-02-05 03:33 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\7 Wonders 2\Default\GPlrLanc\GPlayer.ico
2013-02-05 03:33 . 2013-02-05 03:33 6115 ----a-w- c:\remote programs\7 Wonders 2\Default\GPlrLanc\GPlrLanc.dat
2013-02-05 03:33 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\7 Wonders 2\GPlrLanc.exe
2013-02-05 03:33 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\7 Wonders 2\exs.dll
2013-02-05 03:33 . 2013-02-05 03:34 3294 ----a-w- c:\remote programs\7 Wonders 2\Content.md
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
c:\program files (x86)\Unfriend Checker\uc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{491BCA71-06F9-42e1-A72E-76D897607E2B}]
c:\program files (x86)\OApps\SelectionLinks.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A59D1D83-8A40-4FA5-9CC9-749D4D7BD472}]
c:\users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002. dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-01-13 13105848]
"GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
"ChicaPasswordManager"="c:\program files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" [2012-07-09 4299624]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-10-30 81952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-09 295072]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-12-10 82792]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2013-02-11 572928]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\francisca\AppData\Roaming\Defaul tTab\DefaultTab\DTUpdate.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
R2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-30 94720]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-30 747008]
R3 cpuz134;cpuz134;c:\users\FRANCI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sy s [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys [2012-01-17 70416]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 60928]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-12-20 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-28 25416]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-30 33344]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-21 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-21 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-10 58192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-10 61264]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-10 175440]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-05-22 222368]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
S2 YNanoService;Yahoo! NanoClient Service;c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-07-25 157016]
S2 ZDManager Service;ZDManager Service;c:\program files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-27 176640]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-21 1304912]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-12-20 25496]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-07 27432]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 01:59 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-03 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-19 17:51]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
.
2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
.
2013-03-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2013-02-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-24 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 283984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.17.1
FF - ProfilePath - c:\users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\
FF - ExtSQL: 2013-01-18 21:36; uc@uc.com; c:\program files (x86)\Unfriend Checker\FF
FF - ExtSQL: !HIDDEN! 2012-10-25 18:00; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; infoatoms@infoatoms.com; c:\program files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-1ClickDownload - c:\program files (x86)\hdvidcodec.com\uninst.exe
AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-couponamazing - c:\users\francisca\AppData\Local\couponamazing\uninst.exe
AddRemove-DefaultTab - c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-DomaIQ Uninstaller - c:\program files\DomaIQ Uninstaller\DomaIQUninstall.exe
AddRemove-InfoAtoms - c:\program files (x86)\InfoAtoms\Uninstall.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-sl-adk - c:\program files (x86)\OApps\sl-adk_uninstall.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-uc@uc.com - c:\program files (x86)\Unfriend Checker\uninstall.exe
AddRemove-{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 - c:\program files (x86)\PCFixSpeed\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Sendori\SendoriUp.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Lenovo\SimpleTap\SimpleTap.exe
c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe
c:\program files (x86)\Optimizer Pro\OptProReminder.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-02 20:32:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-03 01:32
ComboFix2.txt 2013-02-26 02:23
ComboFix3.txt 2013-02-26 00:58
ComboFix4.txt 2013-02-11 01:28
ComboFix5.txt 2013-02-28 02:48
.
Vor Suchlauf: 18 Verzeichnis(se), 404.491.898.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 405.018.042.368 Bytes frei
.
- - End Of File - - DBCC59C8CF83EEF16ACF23C9CA2DD436
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,491 posts.
 
Join Date: Aug 2003
03-Mar-2013, 10:47 AM #36
There is still an awful lot of junk on this computer. You really need to be more careful what you download.

Let's start by uninstalling these please:

DefaultTab
McAfee Security Scan Plus
Optimizer Pro v3.0
PC Fix Speed 1.2.0.24
PlayBryte
PricePeep

Then run AdwCleaner again:

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 51,584 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
04-Mar-2013, 05:34 PM #37
hi,
we have been informed that Cookiegal telephone line is now down and they say that it may take upto three days before Cookiegal will be back online - sorry for any inconvenience

Wayne
ETAF
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,491 posts.
 
Join Date: Aug 2003
05-Mar-2013, 10:05 AM #38
Fortunately, the service was restored sooner than anticipated.

Please carry out the last tasks and report back when you can.
sweety_pie's Avatar
sweety_pie sweety_pie is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Feb 2013
19-Apr-2013, 10:16 PM #39
Cool Virus in home network continued
Sorry I haven´t responded in an awfully long while, but I was really buisy over the last few weeks.
Here is the log of Adw Cleaner you asked for:

# AdwCleaner v2.200 - Datei am 19/04/2013 um 22:08:32 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : francisca - FRANCISCA-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\francisca\Desktop\AdwCleaner.exe
# Option [Suche]

**** [Dienste] ****
Gefunden : DefaultTabSearch
Gefunden : DefaultTabUpdate
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\extensions\addon@defaulttab.com.xpi
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\extensions\addon@defaulttab.com.xpi
Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\searchplugins\SweetIm.xml
Ordner Gefunden : C:\Program Files (x86)\DefaultTab
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\Program Files\DomaIQ Uninstaller
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gefunden : C:\Users\francisca\AppData\Roaming\DefaultTab
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gefunden : HKCU\Software\Default Tab
Schlüssel Gefunden : HKCU\Software\DefaultTab
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Default Tab
Schlüssel Gefunden : HKLM\Software\DefaultTab
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebk mbilgmlc
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmc nimhokcj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1Click Download
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Defaul tTab
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
-\\ Mozilla Firefox v19.0 (en-US)
Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\prefs.js
Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.13] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={371055F0-A95B-11E2-804D-685D434429FA}", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp" ]
Gefunden [l.37] : icon_url = "hxxp://www.snap.do/favicon.ico",
Gefunden [l.40] : keyword = "search.snap.do",
Gefunden [l.43] : search_url = "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}",
Gefunden [l.2208] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={371055F0-A95B-11E2-804D-685D434429FA}", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp" ]
*************************
AdwCleaner[R1].txt - [44418 octets] - [08/02/2013 20:26:50]
AdwCleaner[R2].txt - [11167 octets] - [19/04/2013 22:08:32]
AdwCleaner[S1].txt - [50802 octets] - [08/02/2013 23:29:39]
########## EOF - C:\AdwCleaner[R2].txt - [11289 octets] ##########
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,491 posts.
 
Join Date: Aug 2003
20-Apr-2013, 04:01 PM #40
I've moved your new post here to your existing thread. Please do not start a new one but rather send me a private message to reopen the thread in the future.

Please run AdwCleaner again and this time select the option to "delete" and post the result log.
sweety_pie's Avatar
sweety_pie sweety_pie is offline
Member with 20 posts.
THREAD STARTER
 
Join Date: Feb 2013
09-May-2013, 09:27 PM #41
Smile Adw Cleaner Log
Okay thanks I´m sorry.
Here´s the new log:

# AdwCleaner v2.200 - Datei am 09/05/2013 um 21:20:29 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : francisca - FRANCISCA-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\francisca\Desktop\AdwCleaner.exe
# Option [Löschen]

**** [Dienste] ****
Gestoppt & Gelöscht : DefaultTabSearch
Gestoppt & Gelöscht : DefaultTabUpdate
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\extensions\addon@defaulttab.com.xpi
Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files (x86)\DefaultTab
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\DefaultTab
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Default Tab
Schlüssel Gelöscht : HKCU\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Default Tab
Schlüssel Gelöscht : HKLM\Software\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebk mbilgmlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmc nimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1Click Download
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Defaul tTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0 (en-US)
Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.defaul t\prefs.js
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.13] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10[...]
Gelöscht [l.37] : icon_url = "hxxp://www.snap.do/favicon.ico",
Gelöscht [l.40] : keyword = "search.snap.do",
Gelöscht [l.43] : search_url = "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&useri[...]
Gelöscht [l.2208] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042[...]
*************************
AdwCleaner[R1].txt - [44418 octets] - [08/02/2013 20:26:50]
AdwCleaner[R2].txt - [11339 octets] - [19/04/2013 22:08:32]
AdwCleaner[S1].txt - [50802 octets] - [08/02/2013 23:29:39]
AdwCleaner[S2].txt - [10632 octets] - [09/05/2013 21:20:29]
########## EOF - C:\AdwCleaner[S2].txt - [10693 octets] ##########
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 96,491 posts.
 
Join Date: Aug 2003
10-May-2013, 01:30 PM #42
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑