|
Plagegeister aller Art und deren Bekämpfung: Aufforderung zum Java und Acrobat Update; WerbeseitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.07.2014, 20:39 | #16 |
| Aufforderung zum Java und Acrobat Update; WerbeseitenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2014 Ran by Besitzer at 2014-07-22 00:32:05 Run:1 Running from C:\Users\Besitzer\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\Policies\Explorer: [NofolderOptions] 0 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394996401&from=tugs&uid=TOSHIBAXMK1059GSMP_Z1EGP4IETXXZ1EGP4IET&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394996401&from=tugs&uid=TOSHIBAXMK1059GSMP_Z1EGP4IETXXZ1EGP4IET&q={searchTerms} SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n12281-409&apn_uid=0340489355504112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n12281-409&apn_uid=0340489355504112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=2.9&ts=1368303693678&tguid=43169-3580-1368303693678-D41D8CD98F00B204E9800998ECF8427E&q={searchTerms} SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=129&systemid=473&v=n12281-409&apn_uid=0340489355504112&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=2.9&ts=1368303693678&tguid=43169-3580-1368303693678-D41D8CD98F00B204E9800998ECF8427E&q={searchTerms} BHO-x32: Claro LTD Helper Object -> {000F18F2-09EB-4A59-82B2-5AE4184C39C3} -> C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll No File Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - Claro LTD Toolbar - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll No File Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKLM-x32 - HomeTab - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Besitzer\AppData\Roaming\HomeTab\HomeTab.dll No File CHR Plugin: (Babylon ToolBar) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File CHR HKLM-x32\...\Chrome\Extension: [didlmjkkjfegblmkekbhgpefajgikncm] - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx [2011-08-25] CHR Plugin: (Google Update) - C:\Users\Besitzer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File Task: {00A78659-44DC-48C8-A03B-7E378CD8A20B} - \ProtectedSearch\Protected Search No Task File <==== ATTENTION Task: {1484B026-A9F9-40B2-B06D-AA52680C1D06} - \Browser Manager No Task File <==== ATTENTION Task: {1C61B412-8443-4678-8EEC-BB2FB7B54439} - \Show-Password_wd No Task File <==== ATTENTION Task: {53F9346C-904A-4760-A85A-D813FBBB279E} - \Software Updater No Task File <==== ATTENTION Task: {620D1BA8-EDFB-44A0-A61B-ABD90FEDF4A4} - System32\Tasks\WinZip Malware Protector_startup => C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe Task: {688926A2-CB35-4825-A4F9-54386820A8B5} - \FF Watcher {8B6EF464-0937-4326-9D41-1A0A5F1F3B29} No Task File <==== ATTENTION Task: {7C9458CF-FF69-483E-AA45-837ED35BCBA6} - \Funmoods No Task File <==== ATTENTION Task: {829A6F8D-E934-4BD9-85C9-C2BCB45C7758} - \SomotoUpdateCheckerAutoStart No Task File <==== ATTENTION Task: {9B48C3C0-4C63-4821-ADF6-86A41638CAB0} - \LaunchApp No Task File <==== ATTENTION Task: {A64F32CB-0145-431E-9ECF-FAEE1CCD0AC1} - \Show-Password Update No Task File <==== ATTENTION Task: {DBEAF3F7-F592-42EB-A64B-D00C8A2E1192} - \Software Updater Ui No Task File <==== ATTENTION Task: {DEF9A442-D2C6-4FC7-B654-06EB1506788D} - \Freemium1ClickMaint No Task File <==== ATTENTION Task: {F7EC5750-2CA8-44AB-8C83-4B1B1D139787} - \Browser Updater\Browser Updater No Task File <==== ATTENTION Task: C:\Windows\Tasks\Show-Password_wd.job => C:\Program Files (x86)\Show-Password\Show-Password_wd.exe <==== ATTENTION C:\Program Files (x86)\Show-Password\Show-Password_wd.exe C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe C:\Users\Besitzer\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform ***************** HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value deleted successfully. HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NofolderOptions => value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully. 'HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}' => Key deleted successfully. 'HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}' => Key deleted successfully. 'HKCR\CLSID\{52db1893-8a90-4192-aede-08e00b8f8473}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully. 'HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. 'HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}' => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}' => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}' => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{96edaac7-6183-4cb5-8823-b8b12d94f967} => value deleted successfully. 'HKCR\Wow6432Node\CLSID\{96edaac7-6183-4cb5-8823-b8b12d94f967}' => Key deleted successfully. C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll not found. 'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\didlmjkkjfegblmkekbhgpefajgikncm' => Key deleted successfully. "C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx" => File/Directory not found. C:\Users\Besitzer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00A78659-44DC-48C8-A03B-7E378CD8A20B}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00A78659-44DC-48C8-A03B-7E378CD8A20B}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProtectedSearch\Protected Search' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1484B026-A9F9-40B2-B06D-AA52680C1D06}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1484B026-A9F9-40B2-B06D-AA52680C1D06}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Manager' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C61B412-8443-4678-8EEC-BB2FB7B54439}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C61B412-8443-4678-8EEC-BB2FB7B54439}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Show-Password_wd' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{53F9346C-904A-4760-A85A-D813FBBB279E}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F9346C-904A-4760-A85A-D813FBBB279E}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{620D1BA8-EDFB-44A0-A61B-ABD90FEDF4A4}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{620D1BA8-EDFB-44A0-A61B-ABD90FEDF4A4}' => Key deleted successfully. C:\Windows\System32\Tasks\WinZip Malware Protector_startup => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinZip Malware Protector_startup' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{688926A2-CB35-4825-A4F9-54386820A8B5}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{688926A2-CB35-4825-A4F9-54386820A8B5}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {8B6EF464-0937-4326-9D41-1A0A5F1F3B29}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C9458CF-FF69-483E-AA45-837ED35BCBA6}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C9458CF-FF69-483E-AA45-837ED35BCBA6}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{829A6F8D-E934-4BD9-85C9-C2BCB45C7758}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{829A6F8D-E934-4BD9-85C9-C2BCB45C7758}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B48C3C0-4C63-4821-ADF6-86A41638CAB0}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B48C3C0-4C63-4821-ADF6-86A41638CAB0}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A64F32CB-0145-431E-9ECF-FAEE1CCD0AC1}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A64F32CB-0145-431E-9ECF-FAEE1CCD0AC1}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Show-Password Update' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBEAF3F7-F592-42EB-A64B-D00C8A2E1192}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBEAF3F7-F592-42EB-A64B-D00C8A2E1192}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Updater Ui' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEF9A442-D2C6-4FC7-B654-06EB1506788D}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEF9A442-D2C6-4FC7-B654-06EB1506788D}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Freemium1ClickMaint' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F7EC5750-2CA8-44AB-8C83-4B1B1D139787}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7EC5750-2CA8-44AB-8C83-4B1B1D139787}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater\Browser Updater' => Key deleted successfully. C:\Windows\Tasks\Show-Password_wd.job => Moved successfully. "C:\Program Files (x86)\Show-Password\Show-Password_wd.exe" => File/Directory not found. "C:\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe" => File/Directory not found. C:\Users\Besitzer\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe => Moved successfully. "C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx" => File/Directory not found. "C:\Windows\system32\rundll32.exe %LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform" => File/Directory not found. ==== End of Fixlog ==== Gruß Emine Hallo, das Programm läuft jetzt schon seit gestern Nacht und ist immer noch bei 5%... Ist das normal??? Gruß Emine |
22.07.2014, 22:35 | #17 |
Ruhe in Frieden † 2019 | Aufforderung zum Java und Acrobat Update; Werbeseiten Nein, das dauert zwar lang aber so lang sollte das nicht dauern, versuch mal das:
__________________Emsisoft Emergency Kit - Scanner Vorbereitung
Los gehts
__________________ |
23.07.2014, 00:25 | #18 |
| Aufforderung zum Java und Acrobat Update; WerbeseitenCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=90a7e4bffa0d844bb9414850eea097bb # engine=19283 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-22 06:08:15 # local_time=2014-07-22 08:08:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 33370 36577715 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 224644 157639145 0 0 # scanned=14090 # found=79 # cleaned=0 # scan_time=26945 sh=5C4B7F3C811E690F096F97274F42EC204720222E ft=1 fh=880b0172c1c8eac5 vn="Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir" sh=454D740EA39C03F9353B4568DBBD839D812D26CF ft=1 fh=476bd48d95d28c6f vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroApp.dll.vir" sh=5EEA7FB2167B1E28706047558142C887212EE682 ft=1 fh=6f725b00270ab6da vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroEng.dll.vir" sh=57C13C89B4500279191472E12EC6D90A1E7C9CF7 ft=1 fh=d6cc0b11f9f6bb23 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\clarosrv.exe.vir" sh=5C4D3DEA66446B81114374FB495909E23B27F091 ft=1 fh=14b53cb4fa0286c2 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll.vir" sh=5D0F9F1896E9A8515FA63DB1CF49DDD0C60014D1 ft=1 fh=d91bac540639de25 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\escortShld.dll.vir" sh=863412D1DD24CE77D26FE8003C64A6F3E14EB1B0 ft=1 fh=87342aaa7b9bebfe vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll.vir" sh=FC401B78CFE3D325F2A6F3E6AFE2BEA6C70D85B0 ft=1 fh=31a7ce2c8bb63da0 vn="Variante von Win64/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\free ven\free ven-bho64.dll.vir" sh=1A5417B5B6D7D46C04ACD6C2E0544D0C9306CB08 ft=1 fh=6dca7b5b8bc46b55 vn="Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\free ven\utils.exe.vir" sh=BBDC703D0233DD930A3E18267A34B2F304349AEB ft=1 fh=d59c32855f364819 vn="Win32/Toolbar.Inbox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.dll.vir" sh=F805DBFE6D1527AC02FE87272D0529B253F1B386 ft=1 fh=b97f9b59038848b7 vn="Win32/Toolbar.Inbox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.exe.vir" sh=91BD9A2ACE6C1F533B1EDAD826E6A7B4C42F1CC6 ft=1 fh=e0d7a37d1750a170 vn="Win32/SpeedingUpMyPC.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir" sh=1375A8FFF1D262AD65AB09311A91AA9B96E83049 ft=1 fh=72898e0453db9d6a vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir" sh=9F8E488CB68193DABA2E820964EB6BB5B0053BA0 ft=1 fh=5c179f4fc04177a8 vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir" sh=D9E274574C12779E2062951ED8D4BA4DA71E23D6 ft=1 fh=49cbf485b8b83c97 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir" sh=47E4A554E0D12E4C5D65B45CB1CEFF5997389824 ft=1 fh=bc56293ed5818e2e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir" sh=CDC530374999045D301F3C7D9380C0B4D1FFA987 ft=1 fh=e029eda23f38ba2a vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\PriceGongIE.dll.vir" sh=3AEA20538C6E01640766D7998D30147760F68586 ft=1 fh=ee220bc3bfa14efd vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF.dll.vir" sh=110436C70A3D8AF7508B36375A7777C6E3E2D308 ft=1 fh=381daadd366703a2 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_100.dll.vir" sh=2F5E69238737C8E4FB0A7649FF90DEE245468354 ft=1 fh=a0fc0f32c4cc3bea vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_110.dll.vir" sh=D86269DAA19382A5D970D18B2FB9A9C1F38640DE ft=1 fh=2b202c49a2a98218 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_120.dll.vir" sh=D56F39A1BD07FDBFA099CEB9344948F7978F3A43 ft=1 fh=99b14f4cd118bedf vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_50.dll.vir" sh=666AD335F50EA12856975DA3EE4455EDBE015279 ft=1 fh=84281b05bcd35ee8 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_70.dll.vir" sh=3ABA563F77C2A1D11A9341136F16A49555A468A0 ft=1 fh=8b45e6cecfc91d70 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_80.dll.vir" sh=DFDBE8EA64745984A97EECD08790EAC8910E9A83 ft=1 fh=b09ed32af29c2231 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_90.dll.vir" sh=AB5D7777C3F0F1E045737976872D9903745A20C9 ft=1 fh=c71c00115e47334e vn="Variante von Win32/AdWare.AD150.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Show-Password154.exe.vir" sh=34BDD19B787872AD4344DBD3BA4F7A55B13703D0 ft=1 fh=efdf7cc10ab6a01f vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Show-Password_wd.exe.vir" sh=B01E04BE5762821D24528E4812DA40699F2708CD ft=1 fh=c71c001169466403 vn="Variante von Win32/AdWare.AddLyrics.AF Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Show_Password.exe.vir" sh=78F934B33AB8F81C5F11B03B4473299086FB9A97 ft=1 fh=90fc71564d76aa09 vn="Win32/AdWare.AddLyrics.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Uninstall.exe.vir" sh=85A682B497E35FD7F18A17FEDC7C412995194FAA ft=1 fh=a02888d2c90c8577 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir" sh=189FC4DEFBF3AF52775F7A922789A0CA6A8FF6F8 ft=1 fh=4ed2a41f68ba7620 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir" sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.vir" sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir" sh=A57A0DBBB1F4509E15617380DE4A0D02B2751622 ft=1 fh=c71c001135f763b4 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir" sh=76AB62BE35E54C2F2B53BFFD162B92F1205F76BD ft=1 fh=d18099ba65173554 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\DownloadGuide\Offers\autocompletepro.exe.vir" sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir" sh=77782215196D26229160AD302E5B450EA7912EAF ft=1 fh=4a3e7ec558055b28 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir" sh=3BFA7313089B8DFC726892098A212B0ACBA9A06D ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\pg_background.html.vir" sh=EE268E79F9A6BE888517C38386D02D455413C348 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\pg_client.js.vir" sh=DC0FBCE557AA001E230117A8F247C18E09A125FF ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\menu_dlg\pg_dlg.html.vir" sh=A8FA962A87C1F1477CEB4EC84A232E136750C9B1 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\options\pg_options.html.vir" sh=D93B8416BAAD22FE24D8CD082468986BECDBCC03 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.26_0\extensionData\plugins\242_price_gong_m.js.vir" sh=A944448CDA1CE5AA918107104D3B42C171DC810C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.26_0\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=BA012C56975F4ED772CF56D3C20E0DEC65058981 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnkgiapbjhdboldbhkagdodklkphaip\1.26.44_0\extensionData\plugins\91.js.vir" sh=B8FA06833B424D0C0AAC40D4F83690498AB5ABB7 ft=1 fh=142f71959a9bfd04 vn="Variante von Win32/MediaGet.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Media Get LLC\MediaGet2\update.exe.vir" sh=5A75ED14FD653BA36FD0D3808146B3B46781B26A ft=1 fh=eb2deef59d3845f9 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir" sh=691B151AA675470477E6269427B0FA2172CB8296 ft=1 fh=7adfc5e866da116e vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir" sh=861636B91EF3338C8897864A88A6D19C9F9562FE ft=1 fh=937dec266619c20b vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir" sh=1B5DF506A37B1E38A33690EE69900804E18C881D ft=1 fh=55baa4ff8c26a3d8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir" sh=964DBF59FD2A81A13CF9C56988DA23AEF9128485 ft=1 fh=53ccbc6f0987b8f7 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir" sh=3A9D2ACEC49B69831B60F8A98CB49ADBF26DC83D ft=1 fh=2f25fe92184e33d7 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir" sh=02F20B0284565E90500906D819F042DF14A64767 ft=1 fh=e1048f6da6924c7c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=3C7CA5BDEE2A50F7443F019EBF92F71E8220E931 ft=1 fh=01f699d030d655fa vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=655E9CBB2B98707AAB594FFF3C0DF59E22607C8E ft=1 fh=afa2c7c5906d656a vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=1E2168C20E3564103845BD83FB18D35EDB9D2A9A ft=1 fh=bfc349c7e4c5372f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=E7A06A582218F5DD0E8DD0A6B30E8D993F45E335 ft=1 fh=c3a343ae1ba20fba vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_10.dll.vir" sh=3AC4106396ABF4412FA9FA434FCC816007511849 ft=1 fh=e7ff80b85aee9fe1 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_11.dll.vir" sh=ABAA231F5172D62DB83B8396640EDC3A96B99AAF ft=1 fh=a660ff4ebb92c017 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_12.dll.vir" sh=A3089A02827A38390D918C378ADA0318FA343F3A ft=1 fh=14594b9b2421fb24 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_13.dll.vir" sh=D25520431384F5ED3393D42D40EA847E4F49AF7A ft=1 fh=75a833ecf81f82d3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_14.dll.vir" sh=2440B5594C82A9389F3010521E3C3D2A2F394E38 ft=1 fh=372c54954e0fab89 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_15.dll.vir" sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir" sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir" sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir" sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir" sh=59D5FB6A637A5AAEBC4C9F248CFB15925BED28DB ft=1 fh=69048a99daac5c58 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=AEE1F787EC3B4F48727BB9E5D10FCA1B8051F1F7 ft=1 fh=f721f9348704c7ba vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=ADE0988D213A87833AF36ED997DDB4FB9B31DB9D ft=1 fh=90fcad4796f74c1b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=8138E24E28032737794E402DD0A8DFD29EBE87FA ft=1 fh=4681bb64a3e583e3 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=2098293CCFFC6E18C4ADF23D8FF7BCF74FE84707 ft=1 fh=b2fc828811dea587 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=4338B5605E8C0C8F311203EF9DFC05382401EF2A ft=1 fh=597ef71358e48b92 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Software Updater\Downloads\DLG_free+system+utilities_update_de-de.exe.vir" sh=E1E21C19D3293E60C914A640E30AADC67653FFE9 ft=1 fh=73b097b36de5cf18 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\Complitly.dll.vir" sh=7D4A95A4012E9C3E19EC9E1DD4FF32A4879318FF ft=1 fh=24670cfeedf56bf6 vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\KeepMeUpdated.exe.vir" sh=C0E4B78EB7A6BAE9076B059F18C6ABB3F5704DAC ft=1 fh=31bce9ca89bc990b vn="Variante von Win64/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\64\Complitly64.dll.vir" sh=7D4A95A4012E9C3E19EC9E1DD4FF32A4879318FF ft=1 fh=24670cfeedf56bf6 vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\64\KeepMeUpdated.exe.vir" sh=D3B19EC10BC4815C453973B521965741B7671846 ft=1 fh=fa2d5f36edf48bdb vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe.vir" sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\9AC8828571894D93A863E8D3BB7BFB85\sp-downloader.exe.vir" sh=464FD963183897BB987030A2097E759ED613A79C ft=1 fh=d1e1cc77b7d23939 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\SupTab\SupTab.dll.vir" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=90a7e4bffa0d844bb9414850eea097bb # engine=19286 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-07-22 10:38:00 # local_time=2014-07-23 12:38:00 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 59400 36637100 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 284029 157698530 0 0 # scanned=249927 # found=126 # cleaned=0 # scan_time=59143 sh=5C4B7F3C811E690F096F97274F42EC204720222E ft=1 fh=880b0172c1c8eac5 vn="Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir" sh=454D740EA39C03F9353B4568DBBD839D812D26CF ft=1 fh=476bd48d95d28c6f vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroApp.dll.vir" sh=5EEA7FB2167B1E28706047558142C887212EE682 ft=1 fh=6f725b00270ab6da vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroEng.dll.vir" sh=57C13C89B4500279191472E12EC6D90A1E7C9CF7 ft=1 fh=d6cc0b11f9f6bb23 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\clarosrv.exe.vir" sh=5C4D3DEA66446B81114374FB495909E23B27F091 ft=1 fh=14b53cb4fa0286c2 vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll.vir" sh=5D0F9F1896E9A8515FA63DB1CF49DDD0C60014D1 ft=1 fh=d91bac540639de25 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\escortShld.dll.vir" sh=863412D1DD24CE77D26FE8003C64A6F3E14EB1B0 ft=1 fh=87342aaa7b9bebfe vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll.vir" sh=D7AE173C90615C0A0CA4AF1531179D4CB056E8FB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\free ven\51682.crx.vir" sh=5C11473CFDD9898D0E4746FD8C6649622E7D0E3F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\free ven\51682.xpi.vir" sh=FC401B78CFE3D325F2A6F3E6AFE2BEA6C70D85B0 ft=1 fh=31a7ce2c8bb63da0 vn="Variante von Win64/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\free ven\free ven-bho64.dll.vir" sh=1A5417B5B6D7D46C04ACD6C2E0544D0C9306CB08 ft=1 fh=6dca7b5b8bc46b55 vn="Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\free ven\utils.exe.vir" sh=D23C4BB999593D1F3FDB8A52266917D8C83518F4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Inbox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\FF_Install.cab.vir" sh=BBDC703D0233DD930A3E18267A34B2F304349AEB ft=1 fh=d59c32855f364819 vn="Win32/Toolbar.Inbox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.dll.vir" sh=F805DBFE6D1527AC02FE87272D0529B253F1B386 ft=1 fh=b97f9b59038848b7 vn="Win32/Toolbar.Inbox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Inbox Toolbar\Inbox.exe.vir" sh=91BD9A2ACE6C1F533B1EDAD826E6A7B4C42F1CC6 ft=1 fh=e0d7a37d1750a170 vn="Win32/SpeedingUpMyPC.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir" sh=1375A8FFF1D262AD65AB09311A91AA9B96E83049 ft=1 fh=72898e0453db9d6a vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir" sh=9F8E488CB68193DABA2E820964EB6BB5B0053BA0 ft=1 fh=5c179f4fc04177a8 vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir" sh=D9E274574C12779E2062951ED8D4BA4DA71E23D6 ft=1 fh=49cbf485b8b83c97 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir" sh=47E4A554E0D12E4C5D65B45CB1CEFF5997389824 ft=1 fh=bc56293ed5818e2e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir" sh=73BF3BEB9492E49F29D357E74C119E82EBC3F47A ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\PriceGong.crx.vir" sh=CDC530374999045D301F3C7D9380C0B4D1FFA987 ft=1 fh=e029eda23f38ba2a vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\PriceGongIE.dll.vir" sh=3AEA20538C6E01640766D7998D30147760F68586 ft=1 fh=ee220bc3bfa14efd vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF.dll.vir" sh=110436C70A3D8AF7508B36375A7777C6E3E2D308 ft=1 fh=381daadd366703a2 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_100.dll.vir" sh=2F5E69238737C8E4FB0A7649FF90DEE245468354 ft=1 fh=a0fc0f32c4cc3bea vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_110.dll.vir" sh=D86269DAA19382A5D970D18B2FB9A9C1F38640DE ft=1 fh=2b202c49a2a98218 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_120.dll.vir" sh=D56F39A1BD07FDBFA099CEB9344948F7978F3A43 ft=1 fh=99b14f4cd118bedf vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_50.dll.vir" sh=666AD335F50EA12856975DA3EE4455EDBE015279 ft=1 fh=84281b05bcd35ee8 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_70.dll.vir" sh=3ABA563F77C2A1D11A9341136F16A49555A468A0 ft=1 fh=8b45e6cecfc91d70 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_80.dll.vir" sh=DFDBE8EA64745984A97EECD08790EAC8910E9A83 ft=1 fh=b09ed32af29c2231 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceGong\2.6.5\FF\components\PriceGongFF_90.dll.vir" sh=AB5D7777C3F0F1E045737976872D9903745A20C9 ft=1 fh=c71c00115e47334e vn="Variante von Win32/AdWare.AD150.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Show-Password154.exe.vir" sh=34BDD19B787872AD4344DBD3BA4F7A55B13703D0 ft=1 fh=efdf7cc10ab6a01f vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Show-Password_wd.exe.vir" sh=B01E04BE5762821D24528E4812DA40699F2708CD ft=1 fh=c71c001169466403 vn="Variante von Win32/AdWare.AddLyrics.AF Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Show_Password.exe.vir" sh=78F934B33AB8F81C5F11B03B4473299086FB9A97 ft=1 fh=90fc71564d76aa09 vn="Win32/AdWare.AddLyrics.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Show-Password\Uninstall.exe.vir" sh=85A682B497E35FD7F18A17FEDC7C412995194FAA ft=1 fh=a02888d2c90c8577 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir" sh=189FC4DEFBF3AF52775F7A922789A0CA6A8FF6F8 ft=1 fh=4ed2a41f68ba7620 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=B992ED7A1B4DF30F6AF8A911FBFDE92ED9F77519 ft=1 fh=5dac4dde3cd39976 vn="Variante von MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir" sh=7560ADB6881D658A46F52AD1DCDF667B615F6EDE ft=1 fh=19f14dde2ee67322 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZip Malware Protector\WinZipMalwareProtector.exe.vir" sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir" sh=A57A0DBBB1F4509E15617380DE4A0D02B2751622 ft=1 fh=c71c001135f763b4 vn="Variante von Win32/ELEX.AE evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir" sh=76AB62BE35E54C2F2B53BFFD162B92F1205F76BD ft=1 fh=d18099ba65173554 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\DownloadGuide\Offers\autocompletepro.exe.vir" sh=E3F8B8FE0BBC22CBB743C688ED79E0BF73FCCFE5 ft=1 fh=a81abe411291deb5 vn="Variante von Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir" sh=77782215196D26229160AD302E5B450EA7912EAF ft=1 fh=4a3e7ec558055b28 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir" sh=3BFA7313089B8DFC726892098A212B0ACBA9A06D ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\pg_background.html.vir" sh=EE268E79F9A6BE888517C38386D02D455413C348 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\pg_client.js.vir" sh=DC0FBCE557AA001E230117A8F247C18E09A125FF ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\menu_dlg\pg_dlg.html.vir" sh=A8FA962A87C1F1477CEB4EC84A232E136750C9B1 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\options\pg_options.html.vir" sh=D93B8416BAAD22FE24D8CD082468986BECDBCC03 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.26_0\extensionData\plugins\242_price_gong_m.js.vir" sh=A944448CDA1CE5AA918107104D3B42C171DC810C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh\1.26.26_0\extensionData\plugins\91_monetizationLoader.js.js.vir" sh=BA012C56975F4ED772CF56D3C20E0DEC65058981 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnkgiapbjhdboldbhkagdodklkphaip\1.26.44_0\extensionData\plugins\91.js.vir" sh=B8FA06833B424D0C0AAC40D4F83690498AB5ABB7 ft=1 fh=142f71959a9bfd04 vn="Variante von Win32/MediaGet.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Media Get LLC\MediaGet2\update.exe.vir" sh=62869592A6D491E7B9A31D2FC04B5CF5A7ABB4A0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\0Extension.crx.vir" sh=C5804372FE30283514B07C388EA8EADE22E566A6 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\1Extension.crx.vir" sh=5A75ED14FD653BA36FD0D3808146B3B46781B26A ft=1 fh=eb2deef59d3845f9 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir" sh=691B151AA675470477E6269427B0FA2172CB8296 ft=1 fh=7adfc5e866da116e vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir" sh=861636B91EF3338C8897864A88A6D19C9F9562FE ft=1 fh=937dec266619c20b vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir" sh=1B5DF506A37B1E38A33690EE69900804E18C881D ft=1 fh=55baa4ff8c26a3d8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir" sh=964DBF59FD2A81A13CF9C56988DA23AEF9128485 ft=1 fh=53ccbc6f0987b8f7 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir" sh=3A9D2ACEC49B69831B60F8A98CB49ADBF26DC83D ft=1 fh=2f25fe92184e33d7 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir" sh=02F20B0284565E90500906D819F042DF14A64767 ft=1 fh=e1048f6da6924c7c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=3C7CA5BDEE2A50F7443F019EBF92F71E8220E931 ft=1 fh=01f699d030d655fa vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=655E9CBB2B98707AAB594FFF3C0DF59E22607C8E ft=1 fh=afa2c7c5906d656a vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=1E2168C20E3564103845BD83FB18D35EDB9D2A9A ft=1 fh=bfc349c7e4c5372f vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=E7A06A582218F5DD0E8DD0A6B30E8D993F45E335 ft=1 fh=c3a343ae1ba20fba vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_10.dll.vir" sh=3AC4106396ABF4412FA9FA434FCC816007511849 ft=1 fh=e7ff80b85aee9fe1 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_11.dll.vir" sh=ABAA231F5172D62DB83B8396640EDC3A96B99AAF ft=1 fh=a660ff4ebb92c017 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_12.dll.vir" sh=A3089A02827A38390D918C378ADA0318FA343F3A ft=1 fh=14594b9b2421fb24 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_13.dll.vir" sh=D25520431384F5ED3393D42D40EA847E4F49AF7A ft=1 fh=75a833ecf81f82d3 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_14.dll.vir" sh=2440B5594C82A9389F3010521E3C3D2A2F394E38 ft=1 fh=372c54954e0fab89 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_15.dll.vir" sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir" sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir" sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir" sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir" sh=59D5FB6A637A5AAEBC4C9F248CFB15925BED28DB ft=1 fh=69048a99daac5c58 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=AEE1F787EC3B4F48727BB9E5D10FCA1B8051F1F7 ft=1 fh=f721f9348704c7ba vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=ADE0988D213A87833AF36ED997DDB4FB9B31DB9D ft=1 fh=90fcad4796f74c1b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=8138E24E28032737794E402DD0A8DFD29EBE87FA ft=1 fh=4681bb64a3e583e3 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=2098293CCFFC6E18C4ADF23D8FF7BCF74FE84707 ft=1 fh=b2fc828811dea587 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir" sh=4338B5605E8C0C8F311203EF9DFC05382401EF2A ft=1 fh=597ef71358e48b92 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Local\Software Updater\Downloads\DLG_free+system+utilities_update_de-de.exe.vir" sh=E1E21C19D3293E60C914A640E30AADC67653FFE9 ft=1 fh=73b097b36de5cf18 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\Complitly.dll.vir" sh=7D4A95A4012E9C3E19EC9E1DD4FF32A4879318FF ft=1 fh=24670cfeedf56bf6 vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\KeepMeUpdated.exe.vir" sh=C0E4B78EB7A6BAE9076B059F18C6ABB3F5704DAC ft=1 fh=31bce9ca89bc990b vn="Variante von Win64/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\64\Complitly64.dll.vir" sh=7D4A95A4012E9C3E19EC9E1DD4FF32A4879318FF ft=1 fh=24670cfeedf56bf6 vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Complitly\64\KeepMeUpdated.exe.vir" sh=D3B19EC10BC4815C453973B521965741B7671846 ft=1 fh=fa2d5f36edf48bdb vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe.vir" sh=85EB6FAB566EECCC1EF53A30CBE2B16996BCADFC ft=1 fh=137c5f3ff6d0fdbb vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\2D4AA5C72CB44E509D821AC4DE71A88A\dlm.exe.vir" sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\9AC8828571894D93A863E8D3BB7BFB85\sp-downloader.exe.vir" sh=85EB6FAB566EECCC1EF53A30CBE2B16996BCADFC ft=1 fh=137c5f3ff6d0fdbb vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\A51A2CA7D023431EA398B50E0CD25635\dlm.exe.vir" sh=85EB6FAB566EECCC1EF53A30CBE2B16996BCADFC ft=1 fh=137c5f3ff6d0fdbb vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\C1A12061199946229A544871BA67C660\dlm.exe.vir" sh=85EB6FAB566EECCC1EF53A30CBE2B16996BCADFC ft=1 fh=137c5f3ff6d0fdbb vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\CC50E5E43F0A42EB82AFEBE3E154C95B\dlm.exe.vir" sh=85EB6FAB566EECCC1EF53A30CBE2B16996BCADFC ft=1 fh=137c5f3ff6d0fdbb vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\EE3CFE78BF354585A55940F410FE4D93\dlm.exe.vir" sh=85EB6FAB566EECCC1EF53A30CBE2B16996BCADFC ft=1 fh=137c5f3ff6d0fdbb vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\OpenCandy\EF59269980F54D4EAAEEB2677CF77CE7\dlm.exe.vir" sh=464FD963183897BB987030A2097E759ED613A79C ft=1 fh=d1e1cc77b7d23939 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Besitzer\AppData\Roaming\SupTab\SupTab.dll.vir" sh=2E5FD4DD95916F91EEC5B1FEB6CF0A9D2C3A22C5 ft=1 fh=4a02543944c293a9 vn="Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\nsm430D.tmp" sh=EE6208CCCCBB1507842C1C42D7B2D4C992798000 ft=1 fh=c647ff67fad7b297 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000" sh=4FE744E4BB695E8399F3010F8DB816A0F0D55EE5 ft=1 fh=b86171f5425a8b05 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000" sh=C0245CF9523CD2FD81125FD41BE7E8F26A2BD312 ft=1 fh=6a1c633cb7000b79 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000" sh=017203FDA6C52DBC02A2F8CD6C7E0FAB3490D7A4 ft=1 fh=0e731ec4dc624917 vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000001" sh=65A7455005E40611CB89E288868A31B467A1AEA2 ft=1 fh=5488276ab09ee09d vn="Variante von Win32/DomaIQ.BI evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000000" sh=9BFC102125582A1785E412DC3D98E0E8AD9A9ADA ft=1 fh=8e4dd4978aa55933 vn="Variante von Win32/SoftPulse.E evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\012\t\00\00000000" sh=66A17E384DE010588B617C09CD15BA30BEA9158C ft=1 fh=2c18ed788a7b442a vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\913XIX1V\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate[1].exe" sh=15779A83152DB723FC94C3A9C1D054CC55E88414 ft=1 fh=68ba20b51425ebf1 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\Downloads\agsetup183se.exe" sh=6046326F54B7275DDEE8D747E73C81D6F6859229 ft=1 fh=f41fe1325ab7b80b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\Downloads\any-audio-converter.exe" sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\Downloads\burnaware72_free.exe" sh=FD688DF49536A7CB56AC04997905DC99E368796C ft=1 fh=cce198221ea45429 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\Downloads\FreeAudioCDBurner2.0.27.623.exe" sh=E97A979585BACDE8BD15559E9BC33F5708486572 ft=1 fh=1391cd3cdfbeff16 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\Downloads\FreeYouTubeToMP3Converter-3.12.41.623.exe" sh=96942D3D16102062530CDF51EBC135C45B305F1C ft=1 fh=ca8c6a67c0d3f3de vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\Downloads\WinZip165Multi-language.exe" sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\Besitzer\Downloads\wzmp_8.exe" sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll" sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe" sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" sh=15DF73618AC6DC9E3B26953DF9151E1A7BBFC3F5 ft=0 fh=0000000000000000 vn="Win64/Adware.Adpeak.D Anwendung" ac=I fn="C:\Temp\InstallFilter64.msi" sh=2E5FD4DD95916F91EEC5B1FEB6CF0A9D2C3A22C5 ft=1 fh=4a02543944c293a9 vn="Variante von Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\nsm430D.tmp" sh=EE6208CCCCBB1507842C1C42D7B2D4C992798000 ft=1 fh=c647ff67fad7b297 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000000" sh=4FE744E4BB695E8399F3010F8DB816A0F0D55EE5 ft=1 fh=b86171f5425a8b05 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\00\00000000" sh=C0245CF9523CD2FD81125FD41BE7E8F26A2BD312 ft=1 fh=6a1c633cb7000b79 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000" sh=017203FDA6C52DBC02A2F8CD6C7E0FAB3490D7A4 ft=1 fh=0e731ec4dc624917 vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000001" sh=65A7455005E40611CB89E288868A31B467A1AEA2 ft=1 fh=5488276ab09ee09d vn="Variante von Win32/DomaIQ.BI evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000000" sh=9BFC102125582A1785E412DC3D98E0E8AD9A9ADA ft=1 fh=8e4dd4978aa55933 vn="Variante von Win32/SoftPulse.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\File System\012\t\00\00000000" sh=66A17E384DE010588B617C09CD15BA30BEA9158C ft=1 fh=2c18ed788a7b442a vn="Win32/Somoto.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\913XIX1V\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate[1].exe" sh=15779A83152DB723FC94C3A9C1D054CC55E88414 ft=1 fh=68ba20b51425ebf1 vn="Variante von Win32/Toolbar.Funmoods.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\agsetup183se.exe" sh=6046326F54B7275DDEE8D747E73C81D6F6859229 ft=1 fh=f41fe1325ab7b80b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\any-audio-converter.exe" sh=5F724434F8D9B3B4C2EAF89DA5832413F631260F ft=1 fh=c65a73dc622a46c5 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\burnaware72_free.exe" sh=FD688DF49536A7CB56AC04997905DC99E368796C ft=1 fh=cce198221ea45429 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\FreeAudioCDBurner2.0.27.623.exe" sh=E97A979585BACDE8BD15559E9BC33F5708486572 ft=1 fh=1391cd3cdfbeff16 vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\FreeYouTubeToMP3Converter-3.12.41.623.exe" sh=96942D3D16102062530CDF51EBC135C45B305F1C ft=1 fh=ca8c6a67c0d3f3de vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\WinZip165Multi-language.exe" sh=A981E3D6F03D3BD57D1472F33A4093A01533F8A8 ft=1 fh=7aaf7b3d0491af48 vn="Variante von MSIL/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Besitzer\Downloads\wzmp_8.exe" sh=9121592067CBC45C5A14EB602CC80B33EAF590E9 ft=0 fh=0000000000000000 vn="Variante von Win32/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="E:\BESITZER-HP\Backup Set 2014-07-14 113345\Backup Files 2014-07-14 113345\Backup files 1.zip" Proxyeinstellungen hatte ich dir bereits genannt, ich hab den häckchen entfernt bei Proxy weil mein Internet nicht funktioniert hat... Gruß Emine |
23.07.2014, 00:40 | #19 |
| Aufforderung zum Java und Acrobat Update; WerbeseitenCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014 Ran by Besitzer at 2014-07-23 01:29:27 Running from C:\Users\Besitzer\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) AMD APP SDK Runtime (Version: 2.5.709.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.) Any Audio Converter 4.0.6 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com) AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira) BurnAware Free 7.2 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) ccc-utility64 (Version: 2011.0930.2209.37895 - Advanced Micro Devices, Inc.) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.20140117 - Landesfinanzdirektion Thüringen) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Free Audio CD Burner version 2.0.27.623 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: 2.0.27.623 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.41.623 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.41.623 - DVDVideoSoft Ltd.) Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company) HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP) HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard) LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MediaGet (HKCU\...\MediaGet) (Version: - Media Get LLC) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden Pokki (HKCU\...\Pokki) (Version: 0.267.1.208 - Pokki) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.) Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated) TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.2.880 - PCTV Systems) Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.1_Turkcell - ZTE Corporation) ==================== Restore Points ========================= 21-07-2014 21:09:17 TuneUp Utilities 2014 wird entfernt 21-07-2014 21:10:49 TuneUp Utilities 2014 (de-DE) wird entfernt 22-07-2014 06:17:11 Windows-Sicherung 22-07-2014 19:48:40 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0EF55A52-D320-4701-B560-106BA23AEFA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-18] (Adobe Systems Incorporated) Task: {1B82D1E9-746C-4AAE-BD27-97189282FDFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation) Task: {2A0E00D7-A4FC-430C-BA6D-B67DD29C2A04} - System32\Tasks\HPCeeScheduleForBesitzer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {36423831-15BE-4182-96EE-EF21283C288B} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG) Task: {462D26F8-22A9-4569-8097-694926D488CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard) Task: {51C1C629-C28E-4FA9-A23E-F7F441DAE02C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000Core => C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {5351A4CA-F075-4F40-AB54-A2AE2C104836} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {5BD1EE6E-6BFC-452E-84F3-523FEA51717B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21] (Google Inc.) Task: {62D89D86-E960-4F73-B4E6-8B9D21E8D6C8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000UA => C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.) Task: {6F7836F1-6101-4998-BB9A-6E1D19D6C39F} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17] (Sun Microsystems, Inc.) Task: {778F0D1A-0276-4F13-8590-A9FF153D1B26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation) Task: {7C38A0C3-CEAA-4B54-8BA4-FBBB4B3A5432} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2011-09-28] () Task: {7EBD1703-251F-4BEF-8402-15A0ABF75421} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000Core => C:\Users\Besitzer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20] (Google Inc.) Task: {8399144A-3708-4050-8DF5-69D21E39F762} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {83ABCB13-8C72-464E-9361-0E794B40AF4A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000UA => C:\Users\Besitzer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20] (Google Inc.) Task: {8A26F0B1-E302-4E95-8BC3-964D5F409D71} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {A1E472D5-1519-46DD-953F-C1D4BB16435F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {A9E40715-7C32-436F-AF63-A92108AA8DC0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated) Task: {AC38CAA4-5B72-4EC1-A2F3-EA886511C804} - System32\Tasks\Google Updater and Installer => C:\Users\Besitzer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20] (Google Inc.) Task: {C25FA250-5A7D-49F7-ABAA-1D9B1EA9791E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation) Task: {DC314080-5D76-4393-A2AB-CF4CFF8206E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-21] (Google Inc.) Task: {FCB43FC1-4DA8-4450-8319-1C10B4F2D12A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-09-28] (CyberLink) Task: {FF756A73-0F1C-45B4-8E2A-D81CAEE72FBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000Core.job => C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000UA.job => C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000Core.job => C:\Users\Besitzer\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000UA.job => C:\Users\Besitzer\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForBesitzer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-13 20:25 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-06-12 13:18 - 2011-08-25 10:50 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe 2012-02-02 01:27 - 2011-08-09 17:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-03-04 12:02 - 2011-03-04 12:02 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2011-03-04 12:02 - 2011-03-04 12:02 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2011-03-04 12:02 - 2011-03-04 12:02 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2014-07-19 23:02 - 2014-07-15 11:24 - 00718664 _____ () C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\libglesv2.dll 2014-07-19 23:02 - 2014-07-15 11:24 - 00126280 _____ () C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\libegl.dll 2014-07-19 23:02 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll 2014-07-19 23:02 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll 2014-07-19 23:02 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\Besitzer\Downloads\OriginalMail.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318} => "default"="DiskDrive" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AESTFilters => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: Browser Manager => 2 MSCONFIG\Services: CLKMSVC10_38F51D56 => 2 MSCONFIG\Services: FPLService => 2 MSCONFIG\Services: GamesAppService => 3 MSCONFIG\Services: HP Support Assistant Service => 2 MSCONFIG\Services: HPClientSvc => 2 MSCONFIG\Services: HPDrvMntSvc.exe => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: hpsrv => 2 MSCONFIG\Services: HPWMISVC => 2 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: IconMan_R => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: UNS => 2 MSCONFIG\Services: VmbService => 2 MSCONFIG\Services: vToolbarUpdater12.2.6 => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe MSCONFIG\startupreg: HP CoolSense => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe MSCONFIG\startupreg: HPQuickWebProxy => "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C" MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: MDX.CloudPin => "C:\Program Files (x86)\Microsoft Digital Experience\Scripts\PinApps.vbs" MSCONFIG\startupreg: MobileBroadband => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe MSCONFIG\startupreg: UIExec => "C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe" MSCONFIG\startupreg: V-bates => C:\Program Files\V-bates\notifier.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2014 01:21:54 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 08:21:03 AM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)" Error: (07/22/2014 08:09:02 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 08:08:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 08:08:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 08:08:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 08:08:42 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 00:37:00 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 00:36:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/22/2014 00:36:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (07/19/2014 04:47:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/19/2014 04:47:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Client Virtualization Handler erreicht. Error: (07/19/2014 00:25:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SProtection" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/19/2014 00:25:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SProtection erreicht. Error: (07/19/2014 00:14:08 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/18/2014 04:26:12 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (07/18/2014 04:26:11 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (07/18/2014 04:26:11 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (07/18/2014 04:26:10 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error: (07/18/2014 04:26:10 PM) (Source: Disk) (EventID: 11) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Microsoft Office Sessions: ========================= Error: (07/23/2014 01:21:54 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (07/22/2014 08:21:03 AM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005) Error: (07/22/2014 08:09:02 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe Error: (07/22/2014 08:08:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe Error: (07/22/2014 08:08:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe Error: (07/22/2014 08:08:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe Error: (07/22/2014 08:08:42 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe Error: (07/22/2014 00:37:00 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe Error: (07/22/2014 00:36:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe Error: (07/22/2014 00:36:49 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 8139.86 MB Available physical RAM: 4908.82 MB Total Pagefile: 16277.9 MB Available Pagefile: 12844.98 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:905.38 GB) (Free:786.5 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:21.97 GB) (Free:2.29 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.01 GB) FAT32 Drive i: (USB DISK) (Removable) (Total:1.86 GB) (Free:0.16 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1A96511D) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=905 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=22 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=2 GB) - (Type=0B) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014 Ran by Besitzer (administrator) on BESITZER-HP on 23-07-2014 01:28:40 Running from C:\Users\Besitzer\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Google Inc.) C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-15] (Renesas Electronics Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-14] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\.DEFAULT\...\RunOnce: [] => [X] HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-19\...\RunOnce: [] => [X] HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [] => [X] HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [] => [X] HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [] => [X] HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [] => [X] HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [] => [X] HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\Run: [GoogleChromeAutoLaunch_1C5AC3501F46C7D54238099BA174D533] => C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.) HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\Run: [Infigo] => C:\Program Files (x86)\Infigo\Infigo.exe onrun HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: H - H:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {165edf96-b402-11e1-afa2-082e5f869df8} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {165edfb8-b402-11e1-afa2-082e5f869df8} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {52cf8776-b651-11e1-ba22-20107a2a22dc} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {621ca081-37b9-11e3-b6d8-082e5f869df8} - H:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {83f19b78-b6d5-11e1-b1b9-20107a2a22dc} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {9189e929-3900-11e3-986a-082e5f869df8} - H:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {ea4ae5ea-1644-11e3-98d9-082e5f869df8} - G:\AutoRun.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {ea4ae606-1644-11e3-98d9-082e5f869df8} - G:\AutoRun.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1000\...\MountPoints2: {ea4ae61a-1644-11e3-98d9-082e5f869df8} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_1C5AC3501F46C7D54238099BA174D533] => C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.) HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company) HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Infigo] => C:\Program Files (x86)\Infigo\Infigo.exe onrun HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {165edf96-b402-11e1-afa2-082e5f869df8} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {165edfb8-b402-11e1-afa2-082e5f869df8} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {52cf8776-b651-11e1-ba22-20107a2a22dc} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {621ca081-37b9-11e3-b6d8-082e5f869df8} - H:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {83f19b78-b6d5-11e1-b1b9-20107a2a22dc} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9189e929-3900-11e3-986a-082e5f869df8} - H:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea4ae5ea-1644-11e3-98d9-082e5f869df8} - G:\AutoRun.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea4ae606-1644-11e3-98d9-082e5f869df8} - G:\AutoRun.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {ea4ae61a-1644-11e3-98d9-082e5f869df8} - G:\setup_vmb_lite.exe /checkApplicationPresence HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Microsoft MDX Demo] => C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.Demo.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Microsoft MDX DemoScheduler] => C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.DemoScheduler.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [] => [X] HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Microsoft MDX Demo] => C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.Demo.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Microsoft MDX DemoScheduler] => C:\Program Files (x86)\Microsoft Digital Experience\Microsoft.MDX.DemoScheduler.exe HKU\S-1-5-21-3156843129-3224982606-4248949509-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [] => [X] ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {B36BF164-41D9-4944-8E81-8E722003E7B7} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name -> {96edaac7-6183-4cb5-8823-b8b12d94f967} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-11-10] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{26759340-A4A8-4D04-A1D6-D5F37D48313B}: [NameServer]212.65.140.141 212.65.128.1 Tcpip\..\Interfaces\{D577387E-067F-41A1-9536-42DA33335557}: [NameServer]212.65.140.142 212.65.128.2 Tcpip\..\Interfaces\{E134AEED-7F59-4F52-8B7C-9C7F85EC0E3D}: [NameServer]139.7.30.126 139.7.30.125 Tcpip\..\Interfaces\{EB6B4213-7EDC-40E6-A6C1-734D3F3C1C5E}: [NameServer]212.65.140.141 212.65.128.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Besitzer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Besitzer\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-16] Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll () CHR Plugin: (Simple Pass 2012) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll (HP) CHR Plugin: (Babylon ToolBar) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll No File CHR Plugin: (GoogleChromeRemotePlugin) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll No File CHR Plugin: (Norton Confidential) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll No File CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Besitzer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Google Update) - C:\Users\Besitzer\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (Website Logon) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2012-09-12] CHR Extension: (Grooveshark Germany unlocker) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac [2013-01-13] CHR Extension: (Google Wallet) - C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-07-16] CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25] CHR StartMenuInternet: Google Chrome - C:\Users\Besitzer\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-14] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S4 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed] S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-29] (Realsil Microelectronics Inc.) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [270672 2011-08-25] () S4 VmbService; C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-03-29] (Vodafone) [File not signed] S2 Show-Password; C:\Program Files (x86)\Show-Password\Show-Password154.exe [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-14] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-30] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-23] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG) R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.) R3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-07-22] (Emsisoft GmbH) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2011-01-30] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 iscFlash; \??\C:\Users\Besitzer\AppData\Local\Temp\7zS31A4.tmp\iscflashx64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-23 00:03 - 2014-07-23 00:03 - 00000546 _____ () C:\Users\Besitzer\Desktop\Emsisoft Emergency Kit.lnk 2014-07-23 00:02 - 2014-07-23 00:03 - 00000000 ____D () C:\EEK 2014-07-22 23:58 - 2014-07-23 00:00 - 214965464 _____ () C:\Users\Besitzer\Downloads\EmsisoftEmergencyKit.exe 2014-07-22 00:37 - 2014-07-22 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-22 00:35 - 2014-07-22 00:36 - 02347384 _____ (ESET) C:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe 2014-07-22 00:29 - 2014-07-22 00:29 - 02090496 _____ (Farbar) C:\Users\Besitzer\Downloads\FRST64 (1).exe 2014-07-21 23:23 - 2014-07-21 23:23 - 00000000 ____D () C:\Users\Besitzer\Desktop\frst 2014-07-21 23:21 - 2014-07-21 23:21 - 02090496 _____ (Farbar) C:\Users\Besitzer\Downloads\FRST64.exe 2014-07-20 00:41 - 2014-07-20 00:41 - 00001935 _____ () C:\Users\Besitzer\Desktop\mbam20.07.txt 2014-07-20 00:41 - 2014-07-20 00:41 - 00000768 _____ () C:\Users\Besitzer\Desktop\mbam20.07.14.txt 2014-07-19 01:43 - 2014-07-19 01:43 - 00084794 _____ () C:\mbam.txt 2014-07-19 01:41 - 2014-07-19 01:44 - 00000000 ____D () C:\Users\Besitzer\Desktop\mbam 2014-07-19 01:01 - 2014-07-21 22:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-19 01:00 - 2014-07-19 01:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 01:00 - 2014-07-19 01:00 - 00001106 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 01:00 - 2014-07-19 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-19 01:00 - 2014-07-19 01:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-19 01:00 - 2014-07-19 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-19 01:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-19 01:00 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-19 01:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-19 00:59 - 2014-07-19 01:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Besitzer\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-19 00:54 - 2014-07-19 00:54 - 01354223 _____ () C:\Users\Besitzer\Downloads\adwcleaner_3.216 (1).exe 2014-07-19 00:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-07-19 00:32 - 2014-07-19 00:55 - 00000000 ____D () C:\AdwCleaner 2014-07-19 00:32 - 2014-07-19 00:32 - 01354223 _____ () C:\Users\Besitzer\Downloads\adwcleaner_3.216.exe 2014-07-19 00:18 - 2014-07-19 00:18 - 00000092 _____ () C:\Users\Besitzer\AppData\Roaming\burnaware.ini 2014-07-19 00:11 - 2014-04-23 22:33 - 00000426 _____ () C:\AVScanner.ini 2014-07-19 00:05 - 2014-07-19 00:05 - 00003826 _____ () C:\Windows\System32\Tasks\Lexware-Online-Aktualisierungsprogramm 2014-07-19 00:05 - 2014-07-19 00:05 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler 2014-07-19 00:05 - 2014-07-19 00:05 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-07-18 16:17 - 2014-07-19 01:52 - 00262688 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-07-18 16:15 - 2014-07-18 16:20 - 00000000 ____D () C:\Users\Besitzer\Desktop\Türkiye Karisik 2012-2013 2014-07-18 16:15 - 2014-07-18 16:15 - 00002202 _____ () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Orbit.lnk 2014-07-18 16:15 - 2014-07-18 16:15 - 00002119 _____ () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2014-07-18 16:14 - 2014-07-19 00:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Pokki 2014-07-18 16:14 - 2014-07-18 16:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki 2014-07-16 22:40 - 2014-07-16 22:40 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-07-16 22:40 - 2014-07-16 22:40 - 00001536 _____ () C:\ProgramData\Desktop\Free YouTube to MP3 Converter.lnk 2014-07-16 22:35 - 2014-07-16 22:36 - 34488000 _____ (DVDVideoSoft Ltd. ) C:\Users\Besitzer\Downloads\FreeYouTubeToMP3Converter-3.12.41.623.exe 2014-07-16 22:33 - 2014-07-16 22:44 - 00000000 ____D () C:\Users\Besitzer\Documents\Any Audio Converter 2014-07-16 22:32 - 2014-07-16 22:32 - 00000000 ____D () C:\Users\Besitzer\Documents\Temp 2014-07-16 22:32 - 2014-07-16 22:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\AnvSoft 2014-07-16 22:31 - 2014-07-16 22:31 - 00001225 _____ () C:\Users\Besitzer\Desktop\Any Audio Converter.lnk 2014-07-16 22:31 - 2014-07-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft 2014-07-16 22:31 - 2014-07-16 22:31 - 00000000 ____D () C:\Program Files (x86)\AnvSoft 2014-07-16 22:29 - 2014-07-16 22:29 - 00001058 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk 2014-07-16 22:29 - 2014-07-16 22:29 - 00001058 _____ () C:\ProgramData\Desktop\BurnAware Free.lnk 2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free 2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free 2014-07-16 22:28 - 2014-07-16 22:29 - 21122288 _____ (Any-Audio-Converter.com ) C:\Users\Besitzer\Downloads\any-audio-converter.exe 2014-07-16 22:24 - 2014-07-16 22:25 - 06669808 _____ (Burnaware ) C:\Users\Besitzer\Downloads\burnaware72_free.exe 2014-07-16 14:31 - 2014-07-16 14:31 - 00001233 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-16 14:31 - 2014-07-16 14:31 - 00001233 _____ () C:\ProgramData\Desktop\ElsterFormular.lnk 2014-07-16 14:28 - 2014-07-16 14:28 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-16 14:25 - 2014-07-16 14:25 - 00001953 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-07-16 14:25 - 2014-07-16 14:25 - 00001953 _____ () C:\ProgramData\Desktop\CDBurnerXP.lnk 2014-07-16 14:25 - 2014-07-16 14:25 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-07-16 14:25 - 2014-07-16 14:25 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Canneverbe Limited 2014-07-16 14:25 - 2014-07-16 14:25 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-07-16 14:24 - 2014-07-16 14:26 - 148473424 _____ (Landesfinanzdirektion Thüringen) C:\Users\Besitzer\Downloads\ElsterFormular-15.0.20140117k.exe 2014-07-16 14:23 - 2014-07-16 14:23 - 05405880 _____ (Canneverbe Limited ) C:\Users\Besitzer\Downloads\cdbxp_setup_4.5.4.4852_minimal (1).exe 2014-07-16 14:22 - 2014-07-16 14:23 - 05405880 _____ (Canneverbe Limited ) C:\Users\Besitzer\Downloads\cdbxp_setup_4.5.4.4852_minimal.exe 2014-07-16 14:21 - 2014-07-19 00:03 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-07-16 14:21 - 2014-07-18 22:19 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-07-16 14:21 - 2014-07-16 14:21 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\TuneUp Software 2014-07-16 14:21 - 2014-07-16 14:21 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\TuneUp Software 2014-07-16 10:53 - 2014-07-16 10:53 - 00001505 _____ () C:\Users\Besitzer\Desktop\Addition.txt - Verknüpfung.lnk 2014-07-16 10:41 - 2014-07-20 00:44 - 00030991 _____ () C:\Users\Besitzer\Downloads\Addition.txt 2014-07-16 10:40 - 2014-07-23 01:29 - 00030660 _____ () C:\Users\Besitzer\Downloads\FRST.txt 2014-07-16 10:40 - 2014-07-23 01:28 - 00000000 ____D () C:\FRST 2014-07-15 23:47 - 2014-07-21 22:54 - 00000000 ____D () C:\Program Files (x86)\Infigo 2014-07-15 23:47 - 2014-07-15 23:49 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Infigo 2014-07-15 23:47 - 2014-07-15 23:47 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-07-15 23:46 - 2014-07-15 23:46 - 07501568 _____ () C:\Users\Besitzer\Downloads\Infigo_setup.exe 2014-07-15 22:46 - 2014-07-16 22:40 - 00001243 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-07-15 22:46 - 2014-07-16 22:40 - 00001243 _____ () C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk 2014-07-15 22:46 - 2014-07-16 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-07-15 22:46 - 2014-07-16 22:40 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-07-15 22:46 - 2014-07-15 22:46 - 00001433 _____ () C:\Users\Public\Desktop\Free Audio CD Burner.lnk 2014-07-15 22:46 - 2014-07-15 22:46 - 00001433 _____ () C:\ProgramData\Desktop\Free Audio CD Burner.lnk 2014-07-15 22:45 - 2014-07-16 22:40 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft 2014-07-15 22:43 - 2014-07-15 22:43 - 32165280 _____ (DVDVideoSoft Ltd. ) C:\Users\Besitzer\Downloads\FreeAudioCDBurner2.0.27.623.exe 2014-07-15 16:39 - 2014-07-15 16:39 - 00000000 ____D () C:\ProgramData\LightScribe 2014-07-15 16:38 - 2014-07-15 16:39 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Nero 2014-07-15 16:26 - 2014-07-15 21:21 - 00000000 ____D () C:\ProgramData\Nero 2014-07-15 16:18 - 2014-07-15 16:18 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk 2014-07-15 16:18 - 2014-07-15 16:18 - 00002037 _____ () C:\ProgramData\Desktop\LightScribe.lnk 2014-07-15 16:18 - 2014-07-15 16:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling 2014-07-15 16:18 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2014-07-15 16:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2014-07-15 16:18 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-07-15 16:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-07-15 16:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-07-15 16:05 - 2014-07-15 16:08 - 286648280 _____ (Nero AG) C:\Users\Besitzer\Downloads\Nero2014-15.0.09300_trial.exe 2014-07-14 11:38 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-14 11:38 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-14 11:38 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-14 11:38 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-14 11:38 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-14 11:38 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-14 11:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-14 11:37 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-14 11:37 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-14 11:37 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-14 11:37 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-14 11:37 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-14 11:37 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-14 11:37 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-14 11:37 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-14 11:37 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-14 11:37 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-14 11:37 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-14 11:37 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-14 11:37 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-14 11:37 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-14 11:37 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-14 11:36 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-14 11:36 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-14 11:36 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-14 11:36 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-14 11:36 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-14 11:36 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-14 11:36 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-14 11:36 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-14 11:36 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-14 11:36 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-14 11:36 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-14 11:36 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-14 11:36 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-14 11:36 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-14 11:36 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-14 11:36 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-14 11:36 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-14 11:36 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-14 11:36 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-14 11:36 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-14 11:36 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-14 11:36 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-14 11:36 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-14 11:36 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-14 11:36 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-14 11:36 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-14 11:36 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-14 11:36 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-14 11:36 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-14 11:36 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-14 11:36 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-14 11:36 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-14 11:36 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-14 11:36 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-14 11:36 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-14 11:36 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-14 11:36 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-14 11:36 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-14 11:36 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-14 11:36 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-14 11:36 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-14 11:36 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-14 11:36 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-14 11:36 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-14 11:36 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-14 11:36 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-14 11:36 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-14 11:36 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-14 11:36 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-14 11:36 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-14 11:36 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-14 11:36 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-14 11:36 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-14 11:36 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-14 11:36 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-14 11:36 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-14 11:35 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-14 11:35 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-14 11:35 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-01 08:01 - 2014-07-01 08:01 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\cloudbkp ==================== One Month Modified Files and Folders ======= 2014-07-23 01:29 - 2014-07-16 10:40 - 00030660 _____ () C:\Users\Besitzer\Downloads\FRST.txt 2014-07-23 01:28 - 2014-07-16 10:40 - 00000000 ____D () C:\FRST 2014-07-23 01:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-07-23 01:20 - 2014-03-16 21:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-23 00:41 - 2013-07-21 12:06 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-23 00:31 - 2012-05-20 22:03 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000UA.job 2014-07-23 00:03 - 2014-07-23 00:03 - 00000546 _____ () C:\Users\Besitzer\Desktop\Emsisoft Emergency Kit.lnk 2014-07-23 00:03 - 2014-07-23 00:02 - 00000000 ____D () C:\EEK 2014-07-23 00:00 - 2014-07-22 23:58 - 214965464 _____ () C:\Users\Besitzer\Downloads\EmsisoftEmergencyKit.exe 2014-07-22 23:55 - 2012-05-24 14:23 - 00001150 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000UA.job 2014-07-22 23:33 - 2012-02-14 11:30 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1AF77FF2-5D9E-4641-9413-5ED72FBA4225} 2014-07-22 22:54 - 2012-02-02 01:30 - 02054865 _____ () C:\Windows\WindowsUpdate.log 2014-07-22 08:55 - 2012-05-24 14:23 - 00001128 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000Core.job 2014-07-22 08:50 - 2013-07-21 12:06 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-22 00:37 - 2014-07-22 00:37 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-22 00:36 - 2014-07-22 00:35 - 02347384 _____ (ESET) C:\Users\Besitzer\Downloads\esetsmartinstaller_deu.exe 2014-07-22 00:29 - 2014-07-22 00:29 - 02090496 _____ (Farbar) C:\Users\Besitzer\Downloads\FRST64 (1).exe 2014-07-21 23:23 - 2014-07-21 23:23 - 00000000 ____D () C:\Users\Besitzer\Desktop\frst 2014-07-21 23:21 - 2014-07-21 23:21 - 02090496 _____ (Farbar) C:\Users\Besitzer\Downloads\FRST64.exe 2014-07-21 23:06 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-21 23:06 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-21 22:54 - 2014-07-15 23:47 - 00000000 ____D () C:\Program Files (x86)\Infigo 2014-07-21 22:51 - 2014-07-19 01:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-20 00:44 - 2014-07-16 10:41 - 00030991 _____ () C:\Users\Besitzer\Downloads\Addition.txt 2014-07-20 00:41 - 2014-07-20 00:41 - 00001935 _____ () C:\Users\Besitzer\Desktop\mbam20.07.txt 2014-07-20 00:41 - 2014-07-20 00:41 - 00000768 _____ () C:\Users\Besitzer\Desktop\mbam20.07.14.txt 2014-07-19 23:00 - 2013-11-22 22:43 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBesitzer 2014-07-19 23:00 - 2013-11-22 22:43 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForBesitzer.job 2014-07-19 23:00 - 2012-02-14 11:27 - 00000000 ____D () C:\Users\Besitzer 2014-07-19 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-19 16:46 - 2013-11-14 08:46 - 00099856 _____ () C:\Windows\PFRO.log 2014-07-19 16:46 - 2013-07-25 02:21 - 00031007 _____ () C:\Windows\setupact.log 2014-07-19 16:46 - 2013-06-12 13:15 - 00327680 _____ () C:\Windows\system32\Ikeext.etl 2014-07-19 16:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-19 01:52 - 2014-07-18 16:17 - 00262688 _____ () C:\Windows\msxml4-KB2758694-enu.LOG 2014-07-19 01:44 - 2014-07-19 01:41 - 00000000 ____D () C:\Users\Besitzer\Desktop\mbam 2014-07-19 01:43 - 2014-07-19 01:43 - 00084794 _____ () C:\mbam.txt 2014-07-19 01:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-07-19 01:25 - 2014-02-09 16:31 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\FunmoodsChat 2014-07-19 01:25 - 2012-08-27 00:12 - 00000000 ____D () C:\Temp 2014-07-19 01:00 - 2014-07-19 01:00 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 01:00 - 2014-07-19 01:00 - 00001106 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-19 01:00 - 2014-07-19 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-19 01:00 - 2014-07-19 01:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-19 01:00 - 2014-07-19 01:00 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-19 01:00 - 2014-07-19 00:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Besitzer\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-19 00:55 - 2014-07-19 00:32 - 00000000 ____D () C:\AdwCleaner 2014-07-19 00:54 - 2014-07-19 00:54 - 01354223 _____ () C:\Users\Besitzer\Downloads\adwcleaner_3.216 (1).exe 2014-07-19 00:35 - 2013-05-07 23:24 - 00000000 ____D () C:\Windows\System32\Tasks\ProtectedSearch 2014-07-19 00:35 - 2013-05-07 23:24 - 00000000 ____D () C:\Windows\System32\Tasks\Browser Updater 2014-07-19 00:32 - 2014-07-19 00:32 - 01354223 _____ () C:\Users\Besitzer\Downloads\adwcleaner_3.216.exe 2014-07-19 00:18 - 2014-07-19 00:18 - 00000092 _____ () C:\Users\Besitzer\AppData\Roaming\burnaware.ini 2014-07-19 00:14 - 2014-07-18 16:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Pokki 2014-07-19 00:05 - 2014-07-19 00:05 - 00003826 _____ () C:\Windows\System32\Tasks\Lexware-Online-Aktualisierungsprogramm 2014-07-19 00:05 - 2014-07-19 00:05 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler 2014-07-19 00:05 - 2014-07-19 00:05 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-07-19 00:03 - 2014-07-16 14:21 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-07-19 00:03 - 2014-03-06 18:38 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-07-19 00:03 - 2012-05-21 15:45 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\Downloaded Installations 2014-07-19 00:03 - 2012-02-14 11:28 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\hpqlog 2014-07-19 00:01 - 2013-12-26 22:20 - 00000162 _____ () C:\Users\Besitzer\AppData\Roaming\WB.CFG 2014-07-18 22:19 - 2014-07-16 14:21 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-07-18 16:30 - 2011-11-10 21:42 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-07-18 16:30 - 2011-11-10 21:42 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-07-18 16:30 - 2009-07-14 07:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-18 16:20 - 2014-07-18 16:15 - 00000000 ____D () C:\Users\Besitzer\Desktop\Türkiye Karisik 2012-2013 2014-07-18 16:15 - 2014-07-18 16:15 - 00002202 _____ () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Orbit.lnk 2014-07-18 16:15 - 2014-07-18 16:15 - 00002119 _____ () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2014-07-18 16:15 - 2014-03-16 21:04 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-18 16:15 - 2014-03-16 21:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-18 16:15 - 2011-11-10 13:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-18 16:14 - 2014-07-18 16:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki 2014-07-16 22:44 - 2014-07-16 22:33 - 00000000 ____D () C:\Users\Besitzer\Documents\Any Audio Converter 2014-07-16 22:40 - 2014-07-16 22:40 - 00001536 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk 2014-07-16 22:40 - 2014-07-16 22:40 - 00001536 _____ () C:\ProgramData\Desktop\Free YouTube to MP3 Converter.lnk 2014-07-16 22:40 - 2014-07-15 22:46 - 00001243 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-07-16 22:40 - 2014-07-15 22:46 - 00001243 _____ () C:\ProgramData\Desktop\DVDVideoSoft Free Studio.lnk 2014-07-16 22:40 - 2014-07-15 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-07-16 22:40 - 2014-07-15 22:46 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-07-16 22:40 - 2014-07-15 22:45 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\DVDVideoSoft 2014-07-16 22:36 - 2014-07-16 22:35 - 34488000 _____ (DVDVideoSoft Ltd. ) C:\Users\Besitzer\Downloads\FreeYouTubeToMP3Converter-3.12.41.623.exe 2014-07-16 22:32 - 2014-07-16 22:32 - 00000000 ____D () C:\Users\Besitzer\Documents\Temp 2014-07-16 22:32 - 2014-07-16 22:32 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\AnvSoft 2014-07-16 22:31 - 2014-07-16 22:31 - 00001225 _____ () C:\Users\Besitzer\Desktop\Any Audio Converter.lnk 2014-07-16 22:31 - 2014-07-16 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft 2014-07-16 22:31 - 2014-07-16 22:31 - 00000000 ____D () C:\Program Files (x86)\AnvSoft 2014-07-16 22:29 - 2014-07-16 22:29 - 00001058 _____ () C:\Users\Public\Desktop\BurnAware Free.lnk 2014-07-16 22:29 - 2014-07-16 22:29 - 00001058 _____ () C:\ProgramData\Desktop\BurnAware Free.lnk 2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free 2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free 2014-07-16 22:29 - 2014-07-16 22:28 - 21122288 _____ (Any-Audio-Converter.com ) C:\Users\Besitzer\Downloads\any-audio-converter.exe 2014-07-16 22:25 - 2014-07-16 22:24 - 06669808 _____ (Burnaware ) C:\Users\Besitzer\Downloads\burnaware72_free.exe 2014-07-16 14:52 - 2009-07-14 06:45 - 00446496 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-16 14:51 - 2014-05-06 23:30 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-16 14:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-16 14:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-16 14:38 - 2012-02-14 11:28 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\VirtualStore 2014-07-16 14:31 - 2014-07-16 14:31 - 00001233 _____ () C:\Users\Public\Desktop\ElsterFormular.lnk 2014-07-16 14:31 - 2014-07-16 14:31 - 00001233 _____ () C:\ProgramData\Desktop\ElsterFormular.lnk 2014-07-16 14:31 - 2012-05-21 23:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-16 14:29 - 2012-05-21 23:42 - 00000000 ____D () C:\ProgramData\elsterformular 2014-07-16 14:29 - 2012-05-21 23:42 - 00000000 ____D () C:\Program Files (x86)\ElsterFormular 2014-07-16 14:28 - 2014-07-16 14:28 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-07-16 14:26 - 2014-07-16 14:24 - 148473424 _____ (Landesfinanzdirektion Thüringen) C:\Users\Besitzer\Downloads\ElsterFormular-15.0.20140117k.exe 2014-07-16 14:25 - 2014-07-16 14:25 - 00001953 _____ () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-07-16 14:25 - 2014-07-16 14:25 - 00001953 _____ () C:\ProgramData\Desktop\CDBurnerXP.lnk 2014-07-16 14:25 - 2014-07-16 14:25 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-07-16 14:25 - 2014-07-16 14:25 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Canneverbe Limited 2014-07-16 14:25 - 2014-07-16 14:25 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-07-16 14:23 - 2014-07-16 14:23 - 05405880 _____ (Canneverbe Limited ) C:\Users\Besitzer\Downloads\cdbxp_setup_4.5.4.4852_minimal (1).exe 2014-07-16 14:23 - 2014-07-16 14:22 - 05405880 _____ (Canneverbe Limited ) C:\Users\Besitzer\Downloads\cdbxp_setup_4.5.4.4852_minimal.exe 2014-07-16 14:21 - 2014-07-16 14:21 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\TuneUp Software 2014-07-16 14:21 - 2014-07-16 14:21 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\TuneUp Software 2014-07-16 12:34 - 2012-05-20 20:14 - 00000000 ____D () C:\Users\Besitzer\AppData\Local\CrashDumps 2014-07-16 12:23 - 2012-05-20 22:03 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000Core.job 2014-07-16 11:09 - 2013-07-31 15:02 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-07-16 11:09 - 2012-07-11 21:59 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-07-16 10:53 - 2014-07-16 10:53 - 00001505 _____ () C:\Users\Besitzer\Desktop\Addition.txt - Verknüpfung.lnk 2014-07-15 23:49 - 2014-07-15 23:47 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Infigo 2014-07-15 23:47 - 2014-07-15 23:47 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2014-07-15 23:46 - 2014-07-15 23:46 - 07501568 _____ () C:\Users\Besitzer\Downloads\Infigo_setup.exe 2014-07-15 22:57 - 2014-06-07 19:23 - 00000000 ____D () C:\Users\Besitzer\Desktop\Neuer Ordner 2014-07-15 22:46 - 2014-07-15 22:46 - 00001433 _____ () C:\Users\Public\Desktop\Free Audio CD Burner.lnk 2014-07-15 22:46 - 2014-07-15 22:46 - 00001433 _____ () C:\ProgramData\Desktop\Free Audio CD Burner.lnk 2014-07-15 22:43 - 2014-07-15 22:43 - 32165280 _____ (DVDVideoSoft Ltd. ) C:\Users\Besitzer\Downloads\FreeAudioCDBurner2.0.27.623.exe 2014-07-15 21:21 - 2014-07-15 16:26 - 00000000 ____D () C:\ProgramData\Nero 2014-07-15 16:39 - 2014-07-15 16:39 - 00000000 ____D () C:\ProgramData\LightScribe 2014-07-15 16:39 - 2014-07-15 16:38 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\Nero 2014-07-15 16:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors 2014-07-15 16:21 - 2013-09-13 08:14 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-15 16:19 - 2013-04-13 16:19 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-07-15 16:18 - 2014-07-15 16:18 - 00002037 _____ () C:\Users\Public\Desktop\LightScribe.lnk 2014-07-15 16:18 - 2014-07-15 16:18 - 00002037 _____ () C:\ProgramData\Desktop\LightScribe.lnk 2014-07-15 16:18 - 2014-07-15 16:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling 2014-07-15 16:18 - 2012-05-23 18:31 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-15 16:08 - 2014-07-15 16:05 - 286648280 _____ (Nero AG) C:\Users\Besitzer\Downloads\Nero2014-15.0.09300_trial.exe 2014-07-15 16:06 - 2013-05-27 22:39 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-14 11:43 - 2013-10-13 18:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-14 11:27 - 2013-05-25 01:05 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-07-14 11:26 - 2012-05-20 22:03 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000UA 2014-07-14 11:26 - 2012-05-20 22:03 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3156843129-3224982606-4248949509-1000Core 2014-07-01 08:01 - 2014-07-01 08:01 - 00000000 ____D () C:\Users\Besitzer\AppData\Roaming\cloudbkp 2014-06-30 04:09 - 2014-07-14 11:38 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-14 11:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-26 08:37 - 2013-07-21 12:06 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-26 08:36 - 2013-07-21 12:06 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-25 00:29 - 2013-09-16 09:42 - 00000150 _____ () C:\LxDasi.Log 2014-06-25 00:29 - 2013-08-11 19:21 - 00000000 ____D () C:\ProgramData\Lexware 2014-06-23 21:31 - 2013-05-25 01:05 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys Some content of TEMP: ==================== C:\Users\Besitzer\AppData\Local\Temp\avgnt.exe C:\Users\Besitzer\AppData\Local\Temp\DseShExt-x64.dll C:\Users\Besitzer\AppData\Local\Temp\DseShExt-x86.dll C:\Users\Besitzer\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\Besitzer\AppData\Local\Temp\SDShelEx-x64.dll C:\Users\Besitzer\AppData\Local\Temp\TUUUninstallHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-19 17:24 ==================== End Of Log ============================ |
23.07.2014, 22:44 | #20 | |
Ruhe in Frieden † 2019 | Aufforderung zum Java und Acrobat Update; Werbeseiten Ja, aber der Proxy, den du dort eingetragen hattest wurde von Adware benutzt. Hauptsächlich Funde in der Quarantäne, gut Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Documents and Settings\Besitzer\Downloads\agsetup183se.exe C:\Documents and Settings\Besitzer\Downloads\any-audio-converter.exe C:\Documents and Settings\Besitzer\Downloads\burnaware72_free.exe C:\Documents and Settings\Besitzer\Downloads\FreeAudioCDBurner2.0.27.623.exe C:\Documents and Settings\Besitzer\Downloads\FreeYouTubeToMP3Converter-3.12.41.623.exe C:\Documents and Settings\Besitzer\Downloads\WinZip165Multi-language.exe C:\Documents and Settings\Besitzer\Downloads\wzmp_8.exe C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe C:\Temp\InstallFilter64.ms AlternateDataStreams: C:\ProgramData\Temp:373E1720 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Zitat:
Schritt 2 Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf und du bekommst noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu die Datenträgerbereinigung von Windows. Windows Vista
Windows 7
Windows 8
Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun. |