1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus in the home network

Discussion in 'Virus & Other Malware Removal' started by sweety_pie, Feb 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Now I disabled my security programs and I did everything as instructed. I was able to save ComboFix and to run it, but since it automatically shuts the system down and turns up again before it opens the log, I had to let it do that. But when I copied the log and wanted to paste it online, my internet explorer didn´t open. I had to shut down and turn up my whole system again to be able to open the Internet, but the copied log was gone. I even tried to save it on my desktop and call it "puppy_log.exe", but when I tried to open the file, it said there was an error with the server, so I don´t have any possibility to paste the log in my response. What should I do? :confused:
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    What does that mean (the bolded part)?

    All you needed to do if you had no Internet Access was to reboot the machine. The log should still be there. It gets created automatically. You don't have to save it. It should be located at C:\Combofix.txt.

    You can't name a log file with an .exe file extension. It should be a .txt file in Notepad.
     
  3. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    I´m sorry I meant I had to reboot it, but the file wasn´t there. It didn´t know it would save automatically.:rolleyes:
    Anyways, here´s the log:

    ComboFix 13-02-24.01 - francisca 25.02.2013 20:06:30.4.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3685.1755 [GMT -5:00]
    ausgeführt von:: c:\users\francisca\Desktop\puppy.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db7953_da08cd01\PriceGrabber.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008ab54_da08cd01\SimpleTapAppStoreAddon.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae4852_da08cd01\InternetExplorer.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b54e_da08cd01\DefaultTheme.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8bd67_da08cd01\Wikipedia.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\001777a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8bd67_da08cd01\Skype.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6f59_da08cd01\Flickr.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db7953_da08cd01\EvernoteLauncher.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5b65_da08cd01\MessageCenterPlus.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\0070345e_da08cd01\LenovoMusic.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f962_da08cd01\LenovoTV.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c942_da08cd01\CoreAudioApi.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a0214b_da08cd01\ScreenRotate.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671b6a_cde0cc01\NewsTile.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae4852_da08cd01\Chrome.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d25b_da08cd01\Groupon.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\0043035d_da08cd01\Kayak.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c761_da08cd01\LenovoSolutionCenter.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c942_da08cd01\DisplayBrightnessApi.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092fa43_da08cd01\WirelessApi.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa834d_da08cd01\Biztree.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8c66_da08cd01\MSOffice.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008ab54_da08cd01\AccuWeatherTile.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe0f8_d908cd01\KeyboardLightApi.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db7953_da08cd01\PriceGrabber.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008ab54_da08cd01\SimpleTapAppStoreAddon.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae4852_da08cd01\InternetExplorer.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b54e_da08cd01\DefaultTheme.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8bd67_da08cd01\Wikipedia.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\001777a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8bd67_da08cd01\Skype.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6f59_da08cd01\Flickr.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db7953_da08cd01\EvernoteLauncher.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5b65_da08cd01\MessageCenterPlus.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\0070345e_da08cd01\LenovoMusic.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f962_da08cd01\LenovoTV.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c942_da08cd01\CoreAudioApi.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a0214b_da08cd01\ScreenRotate.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671b6a_cde0cc01\NewsTile.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae4852_da08cd01\Chrome.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d25b_da08cd01\Groupon.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\0043035d_da08cd01\Kayak.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c761_da08cd01\LenovoSolutionCenter.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c942_da08cd01\DisplayBrightnessApi.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092fa43_da08cd01\WirelessApi.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa834d_da08cd01\Biztree.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8c66_da08cd01\MSOffice.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008ab54_da08cd01\AccuWeatherTile.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe0f8_d908cd01\KeyboardLightApi.dll
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2013-01-26 bis 2013-02-26 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-26 01:51 . 2013-02-26 01:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-26 01:15 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DDD62EE-87E7-47C1-897F-59B56FD96318}\mpengine.dll
    2013-02-24 20:27 . 2013-02-24 20:27 -------- d-----w- c:\programdata\UUdb
    2013-02-24 20:25 . 2013-02-24 20:27 -------- d-----w- c:\program files (x86)\1und1Softwareaktualisierung
    2013-02-24 18:39 . 2013-02-08 00:28 9162192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-24 18:30 . 2013-02-24 18:30 -------- d-----w- c:\windows\ERUNT
    2013-02-24 18:29 . 2013-02-24 18:29 -------- d-----w- C:\JRT
    2013-02-22 21:29 . 2013-02-22 21:29 -------- d-----w- c:\program files\DomaIQ Uninstaller
    2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\users\francisca\AppData\Roaming\player
    2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\program files (x86)\Tuguu SL
    2013-02-22 05:14 . 2013-02-22 05:14 -------- d-----w- c:\program files (x86)\hdvidcodec.com
    2013-02-18 03:22 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-18 03:22 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-18 03:20 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
    2013-02-18 03:20 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2013-02-16 22:44 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-16 22:44 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-16 22:44 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-16 22:44 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-16 22:44 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-16 22:44 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-16 22:35 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-16 22:35 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-16 22:34 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-16 22:34 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-16 22:34 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-16 22:31 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-09 22:08 . 2013-02-09 22:09 -------- d-----w- C:\rei
    2013-02-09 22:07 . 2013-02-09 22:07 -------- d-----w- c:\program files\Reimage
    2013-02-09 03:31 . 2013-02-09 03:31 221 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-02-09 03:29 . 2013-02-09 03:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4213D974-63E3-481A-9977-3775FB1C5B8F}\gapaengine.dll
    2013-02-09 03:27 . 2013-02-09 03:27 -------- d-----w- c:\program files (x86)\ChicaLogic
    2013-02-09 00:50 . 2013-02-09 00:50 -------- d-----w- c:\users\francisca\AppData\Local\CRE
    2013-02-09 00:36 . 2013-02-09 00:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2013-02-09 00:36 . 2013-02-09 00:37 -------- d-----w- c:\program files\Microsoft Security Client
    2013-02-05 03:33 . 2013-02-05 05:02 -------- d-----w- C:\Remote Programs
    2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\programdata\Free Ride Games
    2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\program files (x86)\Free Ride Games
    2013-02-05 03:33 . 2012-12-04 21:48 57824 ------w- c:\windows\ExentInfo.exe
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Amazon Browser Bar
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\programdata\Yahoo!
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\NanoService
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Yahoo!
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d--h--w- c:\windows\msdownld.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-18 03:26 . 2012-08-28 11:07 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-22 01:26 . 2012-07-15 09:48 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-22 01:26 . 2012-07-15 09:48 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 02:26 . 2013-01-09 02:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-09 02:26 . 2013-01-09 02:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-08 05:32 . 2013-02-09 00:19 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38C78DC1-A2F3-4A2B-98E1-8044F309A170}\mpengine.dll
    2013-01-04 04:43 . 2013-02-16 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-21 22:39 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 22:39 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:39 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-10 23:01 . 2013-01-19 02:36 321384 ----a-w- c:\windows\SysWow64\Sendori.dll
    2012-12-07 13:20 . 2013-01-10 23:27 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-10 23:27 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-10 23:27 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-10 23:27 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-10 23:27 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-10 23:27 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-10 23:27 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-10 23:27 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-10 23:27 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-10 23:27 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-10 23:27 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-10 23:27 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-10 23:27 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-10 23:27 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-10 23:27 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-10 23:27 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-10 23:27 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-10 23:27 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-10 23:27 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-10 23:27 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-10 23:27 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-10 23:27 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-10 23:27 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-10 23:27 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-10 23:27 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-10 23:27 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    2012-11-30 05:45 . 2013-01-10 23:26 362496 ----a-w- c:\windows\system32\wow64win.dll
    2012-11-30 05:45 . 2013-01-10 23:26 243200 ----a-w- c:\windows\system32\wow64.dll
    2012-11-30 05:45 . 2013-01-10 23:26 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2012-11-30 05:43 . 2013-01-10 23:26 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2012-11-30 05:41 . 2013-01-10 23:26 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2012-11-30 05:41 . 2013-01-10 23:26 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2012-11-30 05:38 . 2013-01-10 23:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-11-30 05:38 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-11-30 04:53 . 2013-01-10 23:26 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2012-11-30 04:45 . 2013-01-10 23:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2012-11-30 04:45 . 2013-01-10 23:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
    c:\program files (x86)\Unfriend Checker\uc.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{491BCA71-06F9-42e1-A72E-76D897607E2B}]
    c:\program files (x86)\OApps\SelectionLinks.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A59D1D83-8A40-4FA5-9CC9-749D4D7BD472}]
    c:\users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-01-13 13105848]
    "GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
    "Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
    "ChicaPasswordManager"="c:\program files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" [2012-07-09 4299624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
    "Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
    "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
    "IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-09 295072]
    "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-12-10 82792]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
    StrongVaultApp.exe [2012-9-7 359424]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
    R2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
    R2 ZDManager Service;ZDManager Service;c:\program files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-27 176640]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-21 1304912]
    R3 cpuz134;cpuz134;c:\users\FRANCI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys [2012-01-17 70416]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-12-20 34200]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
    R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-28 25416]
    S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-30 33344]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-21 1014096]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-21 1104208]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
    S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
    S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
    S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-10 58192]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-10 61264]
    S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-10 175440]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
    S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
    S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
    S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
    S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-05-22 222368]
    S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
    S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
    S2 YNanoService;Yahoo! NanoClient Service;c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-07-25 157016]
    S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-30 94720]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-30 747008]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 60928]
    S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-12-20 25496]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
    S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-07 27432]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-01 01:59 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-02-26 c:\windows\Tasks\DriverScanner.job
    - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-19 17:51]
    .
    2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
    .
    2013-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
    .
    2013-02-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
    .
    2013-02-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
    "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
    "TpShocks"="TpShocks.exe" [2012-02-24 382528]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 283984]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.17.1
    FF - ProfilePath - c:\users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\
    FF - ExtSQL: 2013-01-18 21:36; [email protected]; c:\program files (x86)\Unfriend Checker\FF
    FF - ExtSQL: !HIDDEN! 2012-10-25 18:00; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; [email protected]; c:\program files (x86)\Mozilla FireFox\extensions\[email protected]
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
    AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
    AddRemove-couponamazing - c:\users\francisca\AppData\Local\couponamazing\uninst.exe
    AddRemove-DefaultTab - c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    AddRemove-InfoAtoms - c:\program files (x86)\InfoAtoms\Uninstall.exe
    AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
    AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
    AddRemove-sl-adk - c:\program files (x86)\OApps\sl-adk_uninstall.exe
    AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
    AddRemove-{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 - c:\program files (x86)\PCFixSpeed\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\SysWOW64\SAsrv.exe
    c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Sendori\SendoriUp.exe
    c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
    c:\program files\Lenovo\SimpleTap\SimpleTap.exe
    c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\lenovo\lenovo solution center\lsc.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2013-02-25 21:23:31 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2013-02-26 02:23
    ComboFix2.txt 2013-02-26 00:58
    ComboFix3.txt 2013-02-11 01:28
    ComboFix4.txt 2013-02-10 18:34
    .
    Vor Suchlauf: 18 Verzeichnis(se), 406.706.741.248 Bytes frei
    Nach Suchlauf: 20 Verzeichnis(se), 406.562.701.312 Bytes frei
    .
    - - End Of File - - 1D8A240FAC6797443EDF0EB3EC64F7B2
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
    
    Folder::
    c:\program files\DomaIQ Uninstaller
    C:\Users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
    C:\Program Files (x86)\hdvidcodec.com
    c:\program files (x86)\Tuguu SL
    c:\users\francisca\AppData\Local\CRE
    c:\program files (x86)\Unfriend Checker
    c:\users\francisca\AppData\Local\couponamazing
    
    DirLook::
    C:\Remote Programs
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{491BCA71-06F9-42e1-A72E-76D897607E2B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A59D1D83-8A40-4FA5-9CC9-749D4D7BD472}]
    
    Firefox::
    FF - ProfilePath - c:\users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\
    FF - ExtSQL: 2013-01-18 21:36; [email protected]; c:\program files (x86)\Unfriend Checker\FF
    FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; [email protected]; c:\program files (x86)\Mozilla FireFox\extensions\[email protected]
    
    Save the file to your desktop and name it CFScript.txt

    Referring to the picture below, drag CFScript.txt into ComboFix.exe

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

    Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
     
  5. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Here´s the log: :)

    ComboFix 13-02-24.01 - francisca 02.03.2013 19:19:44.6.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3685.1799 [GMT -5:00]
    ausgeführt von:: c:\users\francisca\Desktop\puppy.exe
    Benutzte Befehlsschalter :: c:\users\francisca\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    - REDUZIERTER FUNKTIONALITÄTSMODUS -
    .
    FILE ::
    "c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe"
    .
    .
    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\hdvidcodec.com
    c:\program files (x86)\hdvidcodec.com\uninst.exe
    c:\program files (x86)\Tuguu SL
    c:\program files (x86)\Tuguu SL\FlashPlayer\AxInterop.WMPLib.dll
    c:\program files (x86)\Tuguu SL\FlashPlayer\ComponentFactory.Krypton.Toolkit.dll
    c:\program files (x86)\Tuguu SL\FlashPlayer\FileBrowser.dll
    c:\program files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe
    c:\program files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.exe.config
    c:\program files (x86)\Tuguu SL\FlashPlayer\FlashPlayer.InstallState
    c:\program files (x86)\Tuguu SL\FlashPlayer\Interop.WMPLib.dll
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Arabic.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Arabic.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Bulgarian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Bulgarian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Catalan.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Catalan.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Simplified).gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Simplified).ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Traditional).gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Chinese (Traditional).ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Czech.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Czech.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Danish.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Danish.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Dutch.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Dutch.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\English.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\English.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Estonian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Estonian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Finnish.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Finnish.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\French.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\French.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\German.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\German.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Greek.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Greek.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Haitian Creole.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Haitian Creole.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hebrew.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hebrew.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hindi.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hindi.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hungarian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Hungarian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Indonesian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Indonesian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Italian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Italian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Japanese.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Japanese.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Korean.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Korean.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Latvian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Latvian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Lithuanian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Lithuanian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Norwegian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Norwegian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Polish.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Polish.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Portuguese.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Portuguese.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Romanian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Romanian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Russian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Russian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovak.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovak.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovenian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Slovenian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Spanish.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Spanish.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Swedish.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Swedish.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Thai.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Thai.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Turkish.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Turkish.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Ukrainian.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Ukrainian.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Vietnamese.gif
    c:\program files (x86)\Tuguu SL\FlashPlayer\languages\Vietnamese.ini
    c:\program files (x86)\Tuguu SL\FlashPlayer\Newtonsoft.Json.dll
    c:\program files (x86)\Tuguu SL\FlashPlayer\UltraID3Lib.dll
    c:\program files (x86)\Tuguu SL\FlashPlayer\Uninstall.exe
    c:\program files (x86)\Tuguu SL\FlashPlayer\VAFUpdate.exe
    c:\program files (x86)\Tuguu SL\FlashPlayer\wmp.dll
    c:\program files (x86)\Unfriend Checker
    c:\program files (x86)\Unfriend Checker\chrome.crx
    c:\program files (x86)\Unfriend Checker\FF\chrome.manifest
    c:\program files (x86)\Unfriend Checker\FF\chrome\content\icon.png
    c:\program files (x86)\Unfriend Checker\FF\chrome\content\main.js
    c:\program files (x86)\Unfriend Checker\FF\chrome\content\overlay.xul
    c:\program files (x86)\Unfriend Checker\FF\install.rdf
    c:\program files (x86)\Unfriend Checker\r.log
    c:\program files (x86)\Unfriend Checker\Uninstall.exe
    c:\program files\DomaIQ Uninstaller
    c:\program files\DomaIQ Uninstaller\DomaIQUninstall.exe
    c:\program files\DomaIQ Uninstaller\Uninstall.xml
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db7953_da08cd01\PriceGrabber.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008ab54_da08cd01\SimpleTapAppStoreAddon.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae4852_da08cd01\InternetExplorer.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b54e_da08cd01\DefaultTheme.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8bd67_da08cd01\Wikipedia.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\001777a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8bd67_da08cd01\Skype.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6f59_da08cd01\Flickr.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db7953_da08cd01\EvernoteLauncher.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5b65_da08cd01\MessageCenterPlus.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\0070345e_da08cd01\LenovoMusic.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f962_da08cd01\LenovoTV.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c942_da08cd01\CoreAudioApi.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a0214b_da08cd01\ScreenRotate.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671b6a_cde0cc01\NewsTile.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae4852_da08cd01\Chrome.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d25b_da08cd01\Groupon.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\0043035d_da08cd01\Kayak.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c761_da08cd01\LenovoSolutionCenter.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c942_da08cd01\DisplayBrightnessApi.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092fa43_da08cd01\WirelessApi.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa834d_da08cd01\Biztree.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8c66_da08cd01\MSOffice.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008ab54_da08cd01\AccuWeatherTile.dll
    c:\users\FRANCI~1\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe0f8_d908cd01\KeyboardLightApi.dll
    c:\users\francisca\AppData\Local\CRE
    c:\users\francisca\AppData\Local\CRE\elnbpjcckofijioeebipepekepoceodh.crx
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\0f63f38c\00db7953_da08cd01\PriceGrabber.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\151dca4d\0008ab54_da08cd01\SimpleTapAppStoreAddon.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\308ea286\00ae4852_da08cd01\InternetExplorer.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\34e98621\0027b54e_da08cd01\DefaultTheme.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\3ea06149\00d8bd67_da08cd01\Wikipedia.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4a63f836\001777a3_e9d9cc01\SugarSync.SimpleTapAddons.FileManager.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\4d145c4b\00d8bd67_da08cd01\Skype.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\518b0bea\00bc6f59_da08cd01\Flickr.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\6e31f4f5\00db7953_da08cd01\EvernoteLauncher.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\7187189f\007e5b65_da08cd01\MessageCenterPlus.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\838b007d\0070345e_da08cd01\LenovoMusic.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\8e9e437d\0024f962_da08cd01\LenovoTV.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\91668108\0065c942_da08cd01\CoreAudioApi.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\97a02421\00a0214b_da08cd01\ScreenRotate.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\9a118f11\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a11e004c\00b5955e_d6d9cc01\AccuWeatherTile.resources.DLL
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\a3bb93d3\00671b6a_cde0cc01\NewsTile.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\aa7c102b\00ae4852_da08cd01\Chrome.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\b3338664\0016d25b_da08cd01\Groupon.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\ca6e014a\0043035d_da08cd01\Kayak.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\cbc76be1\00f7c761_da08cd01\LenovoSolutionCenter.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\d3619f38\0065c942_da08cd01\DisplayBrightnessApi.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\dd89b372\0092fa43_da08cd01\WirelessApi.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\e8bbbb3f\00fa834d_da08cd01\Biztree.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f15f011c\00ab8c66_da08cd01\MSOffice.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\f52797b9\0008ab54_da08cd01\AccuWeatherTile.dll
    c:\users\francisca\AppData\Local\Temp\SimpleTap\assembly\dl3\fcedd7f1\007fe0f8_d908cd01\KeyboardLightApi.dll
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
    c:\users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk
    c:\users\francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk
    .
    .
    ((((((((((((((((((((((( Dateien erstellt von 2013-02-03 bis 2013-03-03 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-03 01:24 . 2013-03-03 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-02 03:58 . 2013-03-02 03:58 -------- d-----w- c:\program files (x86)\DefaultTab
    2013-03-02 03:58 . 2013-03-03 01:24 -------- d-----w- c:\users\francisca\AppData\Roaming\DefaultTab
    2013-03-02 03:58 . 2013-03-02 03:58 -------- d-----w- c:\users\francisca\AppData\Roaming\Optimizer Pro
    2013-03-02 03:58 . 2013-03-02 03:58 -------- d-----w- c:\program files (x86)\Optimizer Pro
    2013-03-02 03:57 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EFB3F46A-61C5-4E28-8571-55C109E4EFE3}\mpengine.dll
    2013-02-28 00:31 . 2013-02-08 00:28 9162192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-24 20:27 . 2013-02-24 20:27 -------- d-----w- c:\programdata\UUdb
    2013-02-24 20:25 . 2013-02-24 20:27 -------- d-----w- c:\program files (x86)\1und1Softwareaktualisierung
    2013-02-24 18:30 . 2013-02-24 18:30 -------- d-----w- c:\windows\ERUNT
    2013-02-24 18:29 . 2013-02-24 18:29 -------- d-----w- C:\JRT
    2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\users\francisca\AppData\Roaming\player
    2013-02-18 03:22 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-18 03:22 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-18 03:20 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
    2013-02-18 03:20 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2013-02-16 22:44 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-16 22:44 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-02-16 22:44 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-02-16 22:44 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-02-16 22:44 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-02-16 22:44 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-02-16 22:35 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-16 22:35 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-16 22:34 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-16 22:34 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-02-16 22:34 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-02-16 22:31 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-02-09 22:08 . 2013-02-09 22:09 -------- d-----w- C:\rei
    2013-02-09 22:07 . 2013-02-09 22:07 -------- d-----w- c:\program files\Reimage
    2013-02-09 03:31 . 2013-02-09 03:31 221 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-02-09 03:29 . 2013-02-09 03:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4213D974-63E3-481A-9977-3775FB1C5B8F}\gapaengine.dll
    2013-02-09 03:27 . 2013-02-09 03:27 -------- d-----w- c:\program files (x86)\ChicaLogic
    2013-02-09 00:36 . 2013-02-27 22:53 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2013-02-09 00:36 . 2013-02-27 22:53 -------- d-----w- c:\program files\Microsoft Security Client
    2013-02-05 03:33 . 2013-02-05 05:02 -------- d-----w- C:\Remote Programs
    2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\programdata\Free Ride Games
    2013-02-05 03:33 . 2013-02-05 03:33 -------- d-----w- c:\program files (x86)\Free Ride Games
    2013-02-05 03:33 . 2012-12-04 21:48 57824 ------w- c:\windows\ExentInfo.exe
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Amazon Browser Bar
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\programdata\Yahoo!
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\NanoService
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d-----w- c:\users\francisca\AppData\Local\Yahoo!
    2013-02-04 16:54 . 2013-02-04 16:54 -------- d--h--w- c:\windows\msdownld.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-18 03:26 . 2012-08-28 11:07 70004024 ----a-w- c:\windows\system32\MRT.exe
    2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-22 01:26 . 2012-07-15 09:48 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-22 01:26 . 2012-07-15 09:48 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-01-20 20:59 . 2012-08-31 03:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2013-01-09 02:26 . 2013-01-09 02:26 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-09 02:26 . 2013-01-09 02:26 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-08 05:32 . 2013-02-09 00:19 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38C78DC1-A2F3-4A2B-98E1-8044F309A170}\mpengine.dll
    2013-01-04 04:43 . 2013-02-16 22:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-12-16 17:11 . 2012-12-21 22:39 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 22:39 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:39 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 22:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-10 23:01 . 2013-01-19 02:36 321384 ----a-w- c:\windows\SysWow64\Sendori.dll
    2012-12-07 13:20 . 2013-01-10 23:27 441856 ----a-w- c:\windows\system32\Wpc.dll
    2012-12-07 13:15 . 2013-01-10 23:27 2746368 ----a-w- c:\windows\system32\gameux.dll
    2012-12-07 12:26 . 2013-01-10 23:27 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
    2012-12-07 12:20 . 2013-01-10 23:27 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
    2012-12-07 11:20 . 2013-01-10 23:27 30720 ----a-w- c:\windows\system32\usk.rs
    2012-12-07 11:20 . 2013-01-10 23:27 43520 ----a-w- c:\windows\system32\csrr.rs
    2012-12-07 11:20 . 2013-01-10 23:27 23552 ----a-w- c:\windows\system32\oflc.rs
    2012-12-07 11:20 . 2013-01-10 23:27 45568 ----a-w- c:\windows\system32\oflc-nz.rs
    2012-12-07 11:20 . 2013-01-10 23:27 44544 ----a-w- c:\windows\system32\pegibbfc.rs
    2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-fi.rs
    2012-12-07 11:20 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi-pt.rs
    2012-12-07 11:19 . 2013-01-10 23:27 20480 ----a-w- c:\windows\system32\pegi.rs
    2012-12-07 11:19 . 2013-01-10 23:27 46592 ----a-w- c:\windows\system32\fpb.rs
    2012-12-07 11:19 . 2013-01-10 23:27 40960 ----a-w- c:\windows\system32\cob-au.rs
    2012-12-07 11:19 . 2013-01-10 23:27 21504 ----a-w- c:\windows\system32\grb.rs
    2012-12-07 11:19 . 2013-01-10 23:27 15360 ----a-w- c:\windows\system32\djctq.rs
    2012-12-07 11:19 . 2013-01-10 23:27 55296 ----a-w- c:\windows\system32\cero.rs
    2012-12-07 11:19 . 2013-01-10 23:27 51712 ----a-w- c:\windows\system32\esrb.rs
    2012-12-07 10:46 . 2013-01-10 23:27 43520 ----a-w- c:\windows\SysWow64\csrr.rs
    2012-12-07 10:46 . 2013-01-10 23:27 30720 ----a-w- c:\windows\SysWow64\usk.rs
    2012-12-07 10:46 . 2013-01-10 23:27 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
    2012-12-07 10:46 . 2013-01-10 23:27 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
    2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
    2012-12-07 10:46 . 2013-01-10 23:27 23552 ----a-w- c:\windows\SysWow64\oflc.rs
    2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
    2012-12-07 10:46 . 2013-01-10 23:27 46592 ----a-w- c:\windows\SysWow64\fpb.rs
    2012-12-07 10:46 . 2013-01-10 23:27 20480 ----a-w- c:\windows\SysWow64\pegi.rs
    2012-12-07 10:46 . 2013-01-10 23:27 21504 ----a-w- c:\windows\SysWow64\grb.rs
    2012-12-07 10:46 . 2013-01-10 23:27 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
    2012-12-07 10:46 . 2013-01-10 23:27 15360 ----a-w- c:\windows\SysWow64\djctq.rs
    2012-12-07 10:46 . 2013-01-10 23:27 55296 ----a-w- c:\windows\SysWow64\cero.rs
    2012-12-07 10:46 . 2013-01-10 23:27 51712 ----a-w- c:\windows\SysWow64\esrb.rs
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\Remote Programs ----
    .
    2013-02-05 05:05 . 2013-02-05 05:05 667 ----a-w- c:\remote programs\Cradle of Rome\Preload.dat
    2013-02-05 05:05 . 2013-02-05 05:05 65574 ----a-w- c:\remote programs\Cradle of Rome\Content.wav
    2013-02-05 05:05 . 2013-02-05 05:05 9116 ----a-w- c:\remote programs\Cradle of Rome\00000000.VIX
    2013-02-05 05:05 . 2013-02-05 05:07 4096 ----a-w- c:\remote programs\Cradle of Rome\ch0_3.dat
    2013-02-05 05:05 . 2013-02-05 05:07 171 ----a-w- c:\remote programs\Cradle of Rome\ch0_3.ix
    2013-02-05 05:05 . 2013-02-05 05:07 4096 ----a-w- c:\remote programs\Cradle of Rome\ch0_2.dat
    2013-02-05 05:05 . 2013-02-05 05:07 171 ----a-w- c:\remote programs\Cradle of Rome\ch0_2.ix
    2013-02-05 05:05 . 2013-02-05 05:07 4096 ----a-w- c:\remote programs\Cradle of Rome\ch0_1.dat
    2013-02-05 05:05 . 2013-02-05 05:07 171 ----a-w- c:\remote programs\Cradle of Rome\ch0_1.ix
    2013-02-05 05:05 . 2013-02-05 05:07 50073600 ----a-w- c:\remote programs\Cradle of Rome\ch0.dat
    2013-02-05 05:05 . 2013-02-05 05:07 67584 ----a-w- c:\remote programs\Cradle of Rome\ch0.ix
    2013-02-05 05:05 . 2013-02-05 05:07 724992 ----a-w- c:\remote programs\Cradle of Rome\ch1.dat
    2013-02-05 05:05 . 2013-02-05 05:07 1536 ----a-w- c:\remote programs\Cradle of Rome\ch1.ix
    2013-02-05 05:05 . 2013-02-05 05:07 231 ----a-w- c:\remote programs\Cradle of Rome\CacheSettings.ini
    2013-02-05 05:05 . 2013-02-05 05:07 231 ----a-w- c:\remote programs\Cradle of Rome\CacheSettings.tmp
    2013-02-05 05:03 . 2013-02-05 05:03 1909 ----a-w- c:\remote programs\Time Riddles - The Mansion\Preload.dat
    2013-02-05 05:03 . 2013-02-05 05:03 65574 ----a-w- c:\remote programs\Time Riddles - The Mansion\Content.wav
    2013-02-05 05:03 . 2013-02-05 05:03 20264 ----a-w- c:\remote programs\Time Riddles - The Mansion\00000000.VIX
    2013-02-05 05:03 . 2013-02-05 05:05 4096 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_3.dat
    2013-02-05 05:03 . 2013-02-05 05:05 4096 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_2.dat
    2013-02-05 05:03 . 2013-02-05 05:05 171 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_3.ix
    2013-02-05 05:03 . 2013-02-05 05:05 171 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_2.ix
    2013-02-05 05:03 . 2013-02-05 05:05 4096 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_1.dat
    2013-02-05 05:03 . 2013-02-05 05:05 107548672 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0.dat
    2013-02-05 05:03 . 2013-02-05 05:05 171 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0_1.ix
    2013-02-05 05:03 . 2013-02-05 05:05 145408 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch0.ix
    2013-02-05 05:03 . 2013-02-05 05:05 2789376 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch1.dat
    2013-02-05 05:03 . 2013-02-05 05:05 4608 ----a-w- c:\remote programs\Time Riddles - The Mansion\ch1.ix
    2013-02-05 05:03 . 2013-02-05 05:05 231 ----a-w- c:\remote programs\Time Riddles - The Mansion\CacheSettings.ini
    2013-02-05 05:03 . 2013-02-05 05:05 231 ----a-w- c:\remote programs\Time Riddles - The Mansion\CacheSettings.tmp
    2013-02-05 05:02 . 2013-02-05 05:02 7082 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\GameIcon_icon.ico.dat
    2013-02-05 05:02 . 2013-02-05 05:05 7672 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
    2013-02-05 05:02 . 2013-02-05 05:02 9902 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\GameIcon_icon.ico.dat
    2013-02-05 05:02 . 2013-02-05 05:02 7003 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
    2013-02-05 05:02 . 2013-02-05 05:02 5182 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\GameIcon_icon.ico.dat
    2013-02-05 05:02 . 2013-02-05 05:03 4588 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
    2013-02-05 05:02 . 2013-02-05 05:02 29875 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
    2013-02-05 05:02 . 2013-02-05 05:02 6102 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\GameImage_player_boxshot.jpg.dat
    2013-02-05 05:02 . 2013-02-05 05:02 29875 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
    2013-02-05 05:02 . 2013-02-05 05:02 1638 ----a-w- c:\remote programs\Heroes of Hellas\Preload.dat
    2013-02-05 05:02 . 2013-02-05 05:02 4439 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\GameImage_player_boxshot.jpg.dat
    2013-02-05 05:02 . 2013-02-05 05:02 612 ----a-w- c:\remote programs\Heroes of Hellas\Content.clog
    2013-02-05 05:02 . 2013-02-05 05:02 29875 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
    2013-02-05 05:02 . 2013-02-05 05:02 65574 ----a-w- c:\remote programs\Heroes of Hellas\Content.wav
    2013-02-05 05:02 . 2013-02-05 05:02 7853 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\GameImage_player_boxshot.jpg.dat
    2013-02-05 05:02 . 2013-02-05 05:02 12468 ----a-w- c:\remote programs\Heroes of Hellas\00000000.VIX
    2013-02-05 05:02 . 2013-02-05 05:03 4096 ----a-w- c:\remote programs\Heroes of Hellas\ch0_3.dat
    2013-02-05 05:02 . 2013-02-05 05:03 171 ----a-w- c:\remote programs\Heroes of Hellas\ch0_3.ix
    2013-02-05 05:02 . 2013-02-05 05:03 4096 ----a-w- c:\remote programs\Heroes of Hellas\ch0_2.dat
    2013-02-05 05:02 . 2013-02-05 05:03 171 ----a-w- c:\remote programs\Heroes of Hellas\ch0_2.ix
    2013-02-05 05:02 . 2013-02-05 05:03 4096 ----a-w- c:\remote programs\Heroes of Hellas\ch0_1.dat
    2013-02-05 05:02 . 2013-02-05 05:03 171 ----a-w- c:\remote programs\Heroes of Hellas\ch0_1.ix
    2013-02-05 05:02 . 2013-02-05 05:03 57442304 ----a-w- c:\remote programs\Heroes of Hellas\ch0.dat
    2013-02-05 05:02 . 2013-02-05 05:03 77824 ----a-w- c:\remote programs\Heroes of Hellas\ch0.ix
    2013-02-05 05:02 . 2013-02-05 05:03 1445888 ----a-w- c:\remote programs\Heroes of Hellas\ch1.dat
    2013-02-05 05:02 . 2013-02-05 05:03 2560 ----a-w- c:\remote programs\Heroes of Hellas\ch1.ix
    2013-02-05 05:02 . 2013-02-05 05:03 231 ----a-w- c:\remote programs\Heroes of Hellas\CacheSettings.ini
    2013-02-05 05:02 . 2013-02-05 05:03 231 ----a-w- c:\remote programs\Heroes of Hellas\CacheSettings.tmp
    2013-02-05 05:02 . 2013-02-05 05:03 449 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\dmAssetsXmlFile_assets.xml
    2013-02-05 05:02 . 2013-02-05 05:05 449 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\dmAssetsXmlFile_assets.xml
    2013-02-05 05:02 . 2013-02-05 05:02 449 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\dmAssetsXmlFile_assets.xml
    2013-02-05 05:02 . 2013-02-05 05:02 21220 ----a-w- c:\remote programs\Time Riddles - The Mansion\143-PU.rgmxold
    2013-02-05 05:02 . 2013-02-05 05:02 20836 ----a-w- c:\remote programs\Cradle of Rome\143-PU.rgmxold
    2013-02-05 05:02 . 2013-02-05 05:02 20864 ----a-w- c:\remote programs\Heroes of Hellas\143-PU.rgmxold
    2013-02-05 05:02 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jpg
    2013-02-05 05:02 . 2013-02-05 05:03 470 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\md.dat
    2013-02-05 05:02 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GameInfo\GameImage_DefaultGameImage.gif
    2013-02-05 05:02 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jpg
    2013-02-05 05:02 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\GameImage_DefaultGameImage.gif
    2013-02-05 05:02 . 2013-02-05 05:05 470 ----a-w- c:\remote programs\Cradle of Rome\Default\GameInfo\md.dat
    2013-02-05 05:02 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jpg
    2013-02-05 05:02 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\GameImage_DefaultGameImage.gif
    2013-02-05 05:02 . 2013-02-05 05:02 470 ----a-w- c:\remote programs\Heroes of Hellas\Default\GameInfo\md.dat
    2013-02-05 05:02 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GPlrLanc\GPlayer.ico
    2013-02-05 05:02 . 2013-02-05 05:03 6115 ----a-w- c:\remote programs\Time Riddles - The Mansion\Default\GPlrLanc\GPlrLanc.dat
    2013-02-05 05:02 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\Time Riddles - The Mansion\GPlrLanc.exe
    2013-02-05 05:02 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\Time Riddles - The Mansion\exs.dll
    2013-02-05 05:02 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\Cradle of Rome\Default\GPlrLanc\GPlayer.ico
    2013-02-05 05:02 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\Heroes of Hellas\Default\GPlrLanc\GPlayer.ico
    2013-02-05 05:02 . 2013-02-05 05:02 6115 ----a-w- c:\remote programs\Heroes of Hellas\Default\GPlrLanc\GPlrLanc.dat
    2013-02-05 05:02 . 2013-02-05 05:05 6115 ----a-w- c:\remote programs\Cradle of Rome\Default\GPlrLanc\GPlrLanc.dat
    2013-02-05 05:02 . 2013-02-05 05:05 2550 ----a-w- c:\remote programs\Time Riddles - The Mansion\Content.md
    2013-02-05 05:02 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\Heroes of Hellas\GPlrLanc.exe
    2013-02-05 05:02 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\Cradle of Rome\GPlrLanc.exe
    2013-02-05 05:02 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\Heroes of Hellas\exs.dll
    2013-02-05 05:02 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\Cradle of Rome\exs.dll
    2013-02-05 05:02 . 2013-02-05 05:03 2537 ----a-w- c:\remote programs\Heroes of Hellas\Content.md
    2013-02-05 05:02 . 2013-02-05 05:07 2514 ----a-w- c:\remote programs\Cradle of Rome\Content.md
    2013-02-05 03:34 . 2013-02-05 03:34 7358 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\GameIcon_icon.ico.dat
    2013-02-05 03:34 . 2013-02-05 03:34 1510 ----a-w- c:\remote programs\7 Wonders 2\Preload.dat
    2013-02-05 03:34 . 2013-02-05 03:34 306 ----a-w- c:\remote programs\7 Wonders 2\Content.clog
    2013-02-05 03:34 . 2013-02-05 03:34 65574 ----a-w- c:\remote programs\7 Wonders 2\Content.wav
    2013-02-05 03:34 . 2013-02-05 03:34 6456 ----a-w- c:\remote programs\7 Wonders 2\00000000.VIX
    2013-02-05 03:34 . 2013-02-05 03:34 4096 ----a-w- c:\remote programs\7 Wonders 2\ch0_3.dat
    2013-02-05 03:34 . 2013-02-05 03:34 171 ----a-w- c:\remote programs\7 Wonders 2\ch0_3.ix
    2013-02-05 03:34 . 2013-02-05 03:34 4096 ----a-w- c:\remote programs\7 Wonders 2\ch0_2.dat
    2013-02-05 03:34 . 2013-02-05 03:34 171 ----a-w- c:\remote programs\7 Wonders 2\ch0_2.ix
    2013-02-05 03:34 . 2013-02-05 03:34 4096 ----a-w- c:\remote programs\7 Wonders 2\ch0_1.dat
    2013-02-05 03:34 . 2013-02-05 03:34 171 ----a-w- c:\remote programs\7 Wonders 2\ch0_1.ix
    2013-02-05 03:34 . 2013-02-05 03:34 24514560 ----a-w- c:\remote programs\7 Wonders 2\ch0.dat
    2013-02-05 03:34 . 2013-02-05 03:34 33280 ----a-w- c:\remote programs\7 Wonders 2\ch0.ix
    2013-02-05 03:34 . 2013-02-05 03:34 790528 ----a-w- c:\remote programs\7 Wonders 2\ch1.dat
    2013-02-05 03:34 . 2013-02-05 03:34 1536 ----a-w- c:\remote programs\7 Wonders 2\ch1.ix
    2013-02-05 03:34 . 2013-02-05 03:34 231 ----a-w- c:\remote programs\7 Wonders 2\CacheSettings.ini
    2013-02-05 03:34 . 2013-02-05 03:34 231 ----a-w- c:\remote programs\7 Wonders 2\CacheSettings.tmp
    2013-02-05 03:33 . 2013-02-05 03:33 6867 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\ProviderMD_checkRSSFeed.jsp.dat
    2013-02-05 03:33 . 2013-02-05 03:33 29875 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\SplashScreenGameImage_splash_screen.jpg.dat
    2013-02-05 03:33 . 2013-02-05 03:33 28574 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\GameImage_player_boxshot.jpg.dat
    2013-02-05 03:33 . 2013-02-05 03:33 449 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\dmAssetsXmlFile_assets.xml
    2013-02-05 03:33 . 2013-02-05 03:33 21020 ----a-w- c:\remote programs\7 Wonders 2\143-PU.rgmxold
    2013-02-05 03:33 . 2012-12-12 23:31 29875 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\SplashScreenGameImage_DefaultSplashScreenGameImage.jpg
    2013-02-05 03:33 . 2012-12-12 23:31 12207 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\GameImage_DefaultGameImage.gif
    2013-02-05 03:33 . 2013-02-05 03:34 470 ----a-w- c:\remote programs\7 Wonders 2\Default\GameInfo\md.dat
    2013-02-05 03:33 . 2012-12-12 23:31 17542 ----a-w- c:\remote programs\7 Wonders 2\Default\GPlrLanc\GPlayer.ico
    2013-02-05 03:33 . 2013-02-05 03:33 6115 ----a-w- c:\remote programs\7 Wonders 2\Default\GPlrLanc\GPlrLanc.dat
    2013-02-05 03:33 . 2012-12-04 21:48 635360 ----a-w- c:\remote programs\7 Wonders 2\GPlrLanc.exe
    2013-02-05 03:33 . 2012-12-04 21:48 586200 ----a-w- c:\remote programs\7 Wonders 2\exs.dll
    2013-02-05 03:33 . 2013-02-05 03:34 3294 ----a-w- c:\remote programs\7 Wonders 2\Content.md
    .
    .
    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{09942569-D515-42BE-9F5A-A439B20F91AB}]
    c:\program files (x86)\Unfriend Checker\uc.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{491BCA71-06F9-42e1-A72E-76D897607E2B}]
    c:\program files (x86)\OApps\SelectionLinks.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A59D1D83-8A40-4FA5-9CC9-749D4D7BD472}]
    c:\users\francisca\AppData\Local\couponamazing\ie\couponamazing_1357698002.dll [BU]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-01-13 13105848]
    "GoogleChromeAutoLaunch_5075ED5FA5DD9B9ED5ED20BB82467041"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
    "DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
    "Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
    "ChicaPasswordManager"="c:\program files (x86)\ChicaLogic\Chica Password Manager\stpass.exe" [2012-07-09 4299624]
    "Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-10-30 81952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
    "Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-20 507744]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
    "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
    "IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-09 295072]
    "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-12-10 82792]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2013-02-11 572928]
    R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [x]
    R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
    R2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
    R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-30 94720]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-30 747008]
    R3 cpuz134;cpuz134;c:\users\FRANCI~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
    R3 Fastboot;Fastboot;c:\windows\system32\DRIVERS\Fastboot.sys [2012-01-17 70416]
    R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 60928]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-12-20 34200]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
    R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
    R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-28 25416]
    S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-30 33344]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-02-21 1014096]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-02-21 1104208]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
    S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
    S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
    S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-10 58192]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-10 61264]
    S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-10 175440]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
    S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
    S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
    S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
    S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-05-22 222368]
    S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
    S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
    S2 YNanoService;Yahoo! NanoClient Service;c:\program files (x86)\Yahoo!\YNanoClient\cpn0\YNanoService.exe [2012-07-25 157016]
    S2 ZDManager Service;ZDManager Service;c:\program files (x86)\ZD Systems\ZD Manager\ZDManagerService.exe [2012-12-27 176640]
    S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-02-21 1304912]
    S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-12-20 25496]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
    S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-07 27432]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-01 01:59 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Inhalt des "geplante Tasks" Ordners
    .
    2013-03-03 c:\windows\Tasks\DriverScanner.job
    - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-19 17:51]
    .
    2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
    .
    2013-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-06 01:43]
    .
    2013-03-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
    .
    2013-02-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-21 11406608]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
    "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
    "TpShocks"="TpShocks.exe" [2012-02-24 382528]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-10 283984]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com
    IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.17.1
    FF - ProfilePath - c:\users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\
    FF - ExtSQL: 2013-01-18 21:36; [email protected]; c:\program files (x86)\Unfriend Checker\FF
    FF - ExtSQL: !HIDDEN! 2012-10-25 18:00; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - ExtSQL: !HIDDEN! 2012-12-08 21:44; [email protected]; c:\program files (x86)\Mozilla FireFox\extensions\[email protected]
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -
    .
    BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-1ClickDownload - c:\program files (x86)\hdvidcodec.com\uninst.exe
    AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
    AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
    AddRemove-couponamazing - c:\users\francisca\AppData\Local\couponamazing\uninst.exe
    AddRemove-DefaultTab - c:\users\francisca\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    AddRemove-DomaIQ Uninstaller - c:\program files\DomaIQ Uninstaller\DomaIQUninstall.exe
    AddRemove-InfoAtoms - c:\program files (x86)\InfoAtoms\Uninstall.exe
    AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
    AddRemove-sl-adk - c:\program files (x86)\OApps\sl-adk_uninstall.exe
    AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
    [email protected] - c:\program files (x86)\Unfriend Checker\uninstall.exe
    AddRemove-{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1 - c:\program files (x86)\PCFixSpeed\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Weitere laufende Prozesse ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\SysWOW64\SAsrv.exe
    c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Sendori\SendoriUp.exe
    c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
    c:\program files\Lenovo\SimpleTap\SimpleTap.exe
    c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe
    c:\program files (x86)\Optimizer Pro\OptProReminder.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Lenovo\message center plus\mcplaunch.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
    c:\program files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    .
    **************************************************************************
    .
    Zeit der Fertigstellung: 2013-03-02 20:32:40 - PC wurde neu gestartet
    ComboFix-quarantined-files.txt 2013-03-03 01:32
    ComboFix2.txt 2013-02-26 02:23
    ComboFix3.txt 2013-02-26 00:58
    ComboFix4.txt 2013-02-11 01:28
    ComboFix5.txt 2013-02-28 02:48
    .
    Vor Suchlauf: 18 Verzeichnis(se), 404.491.898.880 Bytes frei
    Nach Suchlauf: 19 Verzeichnis(se), 405.018.042.368 Bytes frei
    .
    - - End Of File - - DBCC59C8CF83EEF16ACF23C9CA2DD436
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    There is still an awful lot of junk on this computer. You really need to be more careful what you download. :(

    Let's start by uninstalling these please:

    DefaultTab
    McAfee Security Scan Plus
    Optimizer Pro v3.0
    PC Fix Speed 1.2.0.24
    PlayBryte
    PricePeep

    Then run AdwCleaner again:

    Please download AdwCleaner from here to your desktop

    Run AdwCleaner and select "Search" (do not select "Delete" at this time)

    Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
     
  7. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,967
    hi,
    we have been informed that Cookiegal telephone line is now down and they say that it may take upto three days before Cookiegal will be back online - sorry for any inconvenience

    Wayne
    ETAF
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    Fortunately, the service was restored sooner than anticipated.

    Please carry out the last tasks and report back when you can.
     
  9. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Sorry I haven´t responded in an awfully long while, but I was really buisy over the last few weeks.
    Here is the log of Adw Cleaner you asked for: :rolleyes:

    # AdwCleaner v2.200 - Datei am 19/04/2013 um 22:08:32 erstellt
    # Aktualisiert am 02/04/2013 von Xplode
    # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
    # Benutzer : francisca - FRANCISCA-THINK
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\francisca\Desktop\AdwCleaner.exe
    # Option [Suche]

    **** [Dienste] ****
    Gefunden : DefaultTabSearch
    Gefunden : DefaultTabUpdate
    ***** [Dateien / Ordner] *****
    Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    Datei Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Datei Gefunden : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\SweetIm.xml
    Ordner Gefunden : C:\Program Files (x86)\DefaultTab
    Ordner Gefunden : C:\Program Files (x86)\SweetIM
    Ordner Gefunden : C:\Program Files\DomaIQ Uninstaller
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Ordner Gefunden : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Ordner Gefunden : C:\Users\francisca\AppData\Roaming\DefaultTab
    ***** [Registrierungsdatenbank] *****
    Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DefaultTab
    Schlüssel Gefunden : HKCU\Software\Default Tab
    Schlüssel Gefunden : HKCU\Software\DefaultTab
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.BHO
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\Software\Default Tab
    Schlüssel Gefunden : HKLM\Software\DefaultTab
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Schlüssel Gefunden : HKU\S-1-5-21-4088704973-2131027104-1757421381-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    ***** [Internet Browser] *****
    -\\ Internet Explorer v9.0.8112.16476
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}
    -\\ Mozilla Firefox v19.0 (en-US)
    Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\prefs.js
    Gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Gefunden : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
    Gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    -\\ Google Chrome v24.0.1312.57
    Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Gefunden [l.13] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={371055F0-A95B-11E2-804D-685D434429FA}", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp" ]
    Gefunden [l.37] : icon_url = "hxxp://www.snap.do/favicon.ico",
    Gefunden [l.40] : keyword = "search.snap.do",
    Gefunden [l.43] : search_url = "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms}",
    Gefunden [l.2208] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={371055F0-A95B-11E2-804D-685D434429FA}", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=hp" ]
    *************************
    AdwCleaner[R1].txt - [44418 octets] - [08/02/2013 20:26:50]
    AdwCleaner[R2].txt - [11167 octets] - [19/04/2013 22:08:32]
    AdwCleaner[S1].txt - [50802 octets] - [08/02/2013 23:29:39]
    ########## EOF - C:\AdwCleaner[R2].txt - [11289 octets] ##########
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    I've moved your new post here to your existing thread. Please do not start a new one but rather send me a private message to reopen the thread in the future.

    Please run AdwCleaner again and this time select the option to "delete" and post the result log.
     
  11. sweety_pie

    sweety_pie Thread Starter

    Joined:
    Feb 3, 2013
    Messages:
    20
    Okay thanks I´m sorry.
    Here´s the new log: :rolleyes:

    # AdwCleaner v2.200 - Datei am 09/05/2013 um 21:20:29 erstellt
    # Aktualisiert am 02/04/2013 von Xplode
    # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
    # Benutzer : francisca - FRANCISCA-THINK
    # Bootmodus : Normal
    # Ausgeführt unter : C:\Users\francisca\Desktop\AdwCleaner.exe
    # Option [Löschen]

    **** [Dienste] ****
    Gestoppt & Gelöscht : DefaultTabSearch
    Gestoppt & Gelöscht : DefaultTabUpdate
    ***** [Dateien / Ordner] *****
    Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
    Datei Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\extensions\[email protected]
    Datei Gelöscht : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\searchplugins\SweetIm.xml
    Ordner Gelöscht : C:\Program Files (x86)\DefaultTab
    Ordner Gelöscht : C:\Program Files (x86)\SweetIM
    Ordner Gelöscht : C:\Program Files\DomaIQ Uninstaller
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\elnbpjcckofijioeebipepekepoceodh
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Ordner Gelöscht : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Ordner Gelöscht : C:\Users\francisca\AppData\Roaming\DefaultTab
    ***** [Registrierungsdatenbank] *****
    Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
    Schlüssel Gelöscht : HKCU\Software\Default Tab
    Schlüssel Gelöscht : HKCU\Software\DefaultTab
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\Software\Default Tab
    Schlüssel Gelöscht : HKLM\Software\DefaultTab
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    ***** [Internet Browser] *****
    -\\ Internet Explorer v9.0.8112.16476
    Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=b74c95a0-0d72-41f4-9020-19dcbce5ecf6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    -\\ Mozilla Firefox v19.0 (en-US)
    Datei : C:\Users\francisca\AppData\Roaming\Mozilla\Firefox\Profiles\iwrs8z2w.default\prefs.js
    Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
    Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    -\\ Google Chrome v24.0.1312.57
    Datei : C:\Users\francisca\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Gelöscht [l.13] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10[...]
    Gelöscht [l.37] : icon_url = "hxxp://www.snap.do/favicon.ico",
    Gelöscht [l.40] : keyword = "search.snap.do",
    Gelöscht [l.43] : search_url = "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&useri[...]
    Gelöscht [l.2208] : urls_to_restore_on_startup = [ "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042[...]
    *************************
    AdwCleaner[R1].txt - [44418 octets] - [08/02/2013 20:26:50]
    AdwCleaner[R2].txt - [11339 octets] - [19/04/2013 22:08:32]
    AdwCleaner[S1].txt - [50802 octets] - [08/02/2013 23:29:39]
    AdwCleaner[S2].txt - [10632 octets] - [09/05/2013 21:20:29]
    ########## EOF - C:\AdwCleaner[S2].txt - [10693 octets] ##########
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,715
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088221