|
Plagegeister aller Art und deren Bekämpfung: Verdacht auf TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.12.2014, 18:43 | #1 |
| Verdacht auf Trojaner Vorerst schöen Feiertage und entschuldige das ich Dich um diese Zeit störe habe aber den Verdacht das ich mir 2 Erpressungstrojaner eingefangen habe. Habe meinen Lap mit Malwarebytes (Premium Edition ) gescannt und er hat mir 2 Trojaner angezeigt die ich in die Quarantäne verschoben habe. Es handelt sich dabei umden security.hijack der als Registrierungswert und alsRegistrierungsschlüssel ausgewiesen ist. E dürfte sich meiner laienhaften Meinung um ein Debug firefox.exe handeln. Der PC funktioniert einwandfrei traue mich aber nicht ihn auszuschalten und wieder hochzufahren obwohl beim 2. scan nichts festgestellt wurde schreibe dich deswegen weil du mir schon einmal erfolgreich geholfen hast lg wolfgang |
26.12.2014, 18:44 | #2 |
/// the machine /// TB-Ausbilder | Verdacht auf Trojaner hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
26.12.2014, 18:55 | #3 |
| Verdacht auf TrojanerFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014 Ran by melsy (administrator) on MELSY-HP on 26-12-2014 18:48:30 Running from C:\Users\melsy\Downloads Loaded Profiles: melsy & _supereasy_1cbackup_ (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe () C:\Users\melsy\AppData\Roaming\BupSystem\bup.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Astonsoft) C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM\...\Run: [SuperEasy 1-Click Backup] => C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe [317024 2013-11-28] () HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\RunOnce: [Adobe Speed Launcher] => 1419551942 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * DfSDKBt ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-3195104690-1283173883-910289243-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON/1 HKU\S-1-5-21-3195104690-1283173883-910289243-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/CQCON/1 HKU\S-1-5-21-3195104690-1283173883-910289243-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON/1 URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {1890CF76-D8E5-4584-8B8B-0415EA96601F} URL = SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> DefaultScope {1890CF76-D8E5-4584-8B8B-0415EA96601F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D43504E5444462670633D43504E544446267372633D49452D536561726368426F78&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&k=0 SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {0E0DBFCD-7DDD-4792-9F42-2DFF3E266C26} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {1890CF76-D8E5-4584-8B8B-0415EA96601F} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {5DAD9BF3-1DB3-4915-899F-52C1FB45E7A5} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F353232312D3131313037322D373833332D332F343F6D7072653D687474703A2F2F73686F702E656261792E636F6D2F3F5F6E6B773D7B7365617263685465726D737D&st={searchTerms}&clid=5b063933-3c54-4d54-8af2-20a413726ddc&pid=freewarede&k=0 SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH) Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693 FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\user.js FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14] FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13] FF Extension: ZenMate Security & Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05] FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11] FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13] FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13] FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21] FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13] FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13] FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24] FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28] FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05] FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf [2014-04-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed] R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 bupService; C:\Users\melsy\AppData\Roaming\BupSystem\bup.exe [1005056 2014-04-13] () [File not signed] S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] () R2 supereasy_1cbackup; c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe [24672 2013-11-28] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.) S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6) R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software) R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] () R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation) S3 CpqDfw; system32\drivers\CpqDfw.sys [X] U3 DfSdkS; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 18:48 - 2014-12-26 18:49 - 00033468 _____ () C:\Users\melsy\Downloads\FRST.txt 2014-12-26 18:47 - 2014-12-26 18:48 - 00000000 ____D () C:\FRST 2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe 2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt 2014-12-24 15:19 - 2014-12-24 15:19 - 00002181 _____ () C:\Users\melsy\Desktop\TuneUp Utilities 2014.lnk 2014-12-24 15:10 - 2014-12-24 15:10 - 00000282 _____ () C:\Windows\PFRO.log 2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe 2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates 2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN 2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe 2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe 2014-12-22 01:01 - 2014-12-22 01:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano 2014-12-22 01:00 - 2014-12-22 01:00 - 00001100 _____ () C:\Users\melsy\Desktop\Duplicate Cleaner Free.lnk 2014-12-22 01:00 - 2014-12-22 01:00 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free 2014-12-22 01:00 - 2014-12-22 01:00 - 00000000 ____D () C:\Program Files (x86)\Duplicate Cleaner 2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe 2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe 2014-12-20 18:36 - 2014-12-20 18:36 - 00001282 _____ () C:\Users\Public\Desktop\NCH Suite.lnk 2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk 2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-20 18:32 - 2014-12-25 21:06 - 00000728 _____ () C:\Windows\setupact.log 2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-18 12:27 - 2014-12-26 14:07 - 00234011 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit 2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign 2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe 2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007 2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus 2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4 2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4 2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe 2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk 2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme 2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe 2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp 2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP 2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe 2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects 2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis 2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP 2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro 2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax 2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll 2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax 2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll 2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll 2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm 2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll 2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax 2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll 2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx 2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm 2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm 2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX 2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll 2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm 2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe 2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe 2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin 2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin 2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job 2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task 2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik 2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part 2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker 2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365 2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe 2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe 2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk 2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme 2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk 2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe 2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15 2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe 2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk 2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4 2014-12-02 22:24 - 2014-12-02 22:24 - 00001078 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup 2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo 2014-12-02 16:15 - 2014-12-18 12:24 - 00000000 ____D () C:\Users\_supereasy_1cbackup_ 2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup 2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help 2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software 2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture 2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia 2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-12-02 16:15 - 2012-05-18 14:20 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\AskToolbar 2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-02 16:14 - 2014-12-02 16:14 - 00000000 ____D () C:\Program Files\SuperEasy Software 2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe 2014-11-30 19:27 - 2014-11-30 19:27 - 05152768 _____ () C:\Users\melsy\Downloads\HPSupportSolutionsFramework-11.51.0027.msi 2014-11-30 19:23 - 2014-11-30 19:23 - 00003002 _____ () C:\Windows\System32\Tasks\{4FBE209A-8A27-4E26-81B3-722670F9ECA0} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-26 18:48 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype 2014-12-26 18:44 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-26 18:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-26 18:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-26 18:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job 2014-12-26 17:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-26 16:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-26 14:09 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps 2014-12-26 00:48 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-26 00:22 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-25 22:50 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-25 21:14 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-25 21:14 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-25 21:12 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC} 2014-12-25 21:12 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1} 2014-12-25 21:12 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C} 2014-12-25 21:12 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938} 2014-12-25 21:12 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat 2014-12-25 21:12 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat 2014-12-25 21:12 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-25 21:11 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1} 2014-12-25 21:11 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462} 2014-12-25 21:11 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E} 2014-12-25 21:11 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869} 2014-12-25 21:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype 2014-12-24 17:34 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy 2014-12-24 17:34 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job 2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF 2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes 2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr 2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien 2014-12-22 10:31 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO 2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre 2014-12-21 19:55 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc 2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX 2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-20 18:42 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2014-12-20 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\ProgramData\NCH Software 2014-12-20 18:36 - 2012-09-23 02:49 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity 2014-12-20 04:09 - 2013-10-22 12:49 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Windows Net Data 2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios 2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView 2014-12-20 01:58 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp 2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video 2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ 2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar 2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM 2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2 2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo 2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client 2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy 2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client 2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-15 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job 2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations 2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos 2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx 2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} 2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications 2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client 2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender 2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client 2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther 2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk 2014-12-05 17:37 - 2012-09-23 02:49 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\NCH Software 2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2 2014-12-02 16:16 - 2013-02-15 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software 2014-11-30 19:49 - 2012-11-11 20:14 - 00000000 ___RD () C:\Users\melsy\Desktop\HP DRUCKER 2014-11-27 20:30 - 2012-05-18 15:59 - 00000000 ____D () C:\Windows\System32\Tasks\Games Some content of TEMP: ==================== C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe C:\Users\melsy\AppData\Local\Temp\ripsetup.exe C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 04:32 ==================== End Of Log ============================ |
27.12.2014, 09:23 | #4 |
| Verdacht auf TrojanerCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014 Ran by melsy at 2014-12-26 18:50:45 Running from C:\Users\melsy\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: AVG Internet Security Business Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AS: AVG Internet Security Business Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security Business Edition 2012 (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Leawo MusicRecorder version 1.0.0.0 (HKLM-x32\...\{FAF11D3B-7633-402B-BAFA-4BCAAE030F20}_is1) (Version: 1.0.0.0 - Leawo Software) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Acoustica Standard Edition 5.0 (HKLM-x32\...\Acoustica Standard Edition_is1) (Version: 5.0 - Acon AS) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Aiseesoft PDF to Word Converter 3.1.8 (HKLM-x32\...\{3CF515C0-55D9-4591-824F-1934352AC10E}_is1) (Version: - ) AntiPhotoSpy 2013 (HKLM-x32\...\{F5593F5B-B3A9-40CB-BB69-8190675F8DD9}_is1) (Version: 1.6 - Abelssoft) Artensoft Photo Mosaic Wizard (HKLM\...\Artensoft Photo Mosaic Wizard_is1) (Version: 1.6 - Artensoft) Ashampoo Movie Studio 2013 v.1.0.4 (HKLM-x32\...\{91B33C97-EB09-F0A4-36AC-3895F9F93DD1}_is1) (Version: 1.0.4 - Ashampoo GmbH & Co. KG) Ashampoo Music Studio 2012 v.1.0.0 (HKLM-x32\...\Ashampoo Music Studio 2012_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 9 v.9.4.3 (HKLM-x32\...\{C92AB6F1-6A1B-F954-7C68-B44BA8E357A4}_is1) (Version: 9.4.3 - Ashampoo GmbH & Co. KG) Ashampoo Snap 7 v.7.0.9 (HKLM-x32\...\{C92AB6F1-9C93-0F51-ED50-15ABBCBDD142}_is1) (Version: 7.0.9 - Ashampoo GmbH & Co. KG) Ashampoo Video Styler 2013 v.1.0.1 (HKLM-x32\...\{91B33C97-8914-D2D4-EB40-39C1714271FF}_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG) Ashampoo Video Styler 2013 v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler 2013_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 11 v.11.00.50 (HKLM-x32\...\{4209F371-8D72-8119-66FA-897D2D41E27F}_is1) (Version: 11.00.50 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 6.60 (HKLM-x32\...\Ashampoo WinOptimizer 6_is1) (Version: 6.6.0 - Ashampoo GmbH & Co. KG) ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) Audials (HKLM-x32\...\{7DED1048-34EC-4D7C-968E-D1112EC3325B}) (Version: 11.0.53800.0 - Audials AG) Audio Record Wizard (HKLM-x32\...\Audio Record Wizard) (Version: 6.8 - NowSmart) AUDIOzilla v1.1 (HKLM-x32\...\AUDIOzilla_is1) (Version: - ) AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies) AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version: - Online Media Technologies Ltd.) AVS Audio Recorder version 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: - Online Media Technologies Ltd.) AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.) AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.) AX3000G SoundEditor (HKLM-x32\...\{30C9A025-801C-11D9-81EE-0000F4602D00}) (Version: 1.00.0.2 - KORG Inc.) B109a-m (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden Balabolka (HKLM-x32\...\Balabolka) (Version: 2.05 - Ilya Morozov) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation) Broadcom Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.1300 - Broadcom Corporation) Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.1300 - Broadcom Corporation) BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden BusinessCards MX (HKLM-x32\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.73 - MOJOSOFT) Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Calme Version 2013 (HKLM-x32\...\{297ACAAE-FAAC-4817-A3BE-336F63399DA3}_is1) (Version: 2013 - Metin Elma) CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source) CCFinder (HKLM-x32\...\CCFinderAppId_is1) (Version: 2014 - Abelssoft) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CCScore (x32 Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.31 - Cliqz.com) Communism Muscle Cars (HKLM-x32\...\Communism Muscle Cars_is1) (Version: - GameHitZone.com) Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company) Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DarkWave Studio 4.4.1 (HKLM-x32\...\DarkWave Studio) (Version: 4.4.1 - ExperimentalScene) Data Wipe (HKLM-x32\...\Data Wipe) (Version: - Tenorshare, Inc.) DesignCAD 3D Max 22 (HKLM-x32\...\{CCB44106-246E-45A5-8507-801F39EFB55B}) (Version: 22.0.0 - IMSIDesign) DesignCAD Toolkit Maschinenbau & Konstruktion 22 Version 22 (HKLM-x32\...\DesignCAD Toolkit Maschinenbau & Konstruktion 22_is1) (Version: 22 - Franzis Verlag) Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Dream Pinball 3D Demo (HKLM-x32\...\Dream Pinball 3D Demo) (Version: 1.00 - TopWare Interactive Inc.) Duplicate Cleaner Free 3.2.4 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd) <==== ATTENTION DvDrum 2 (HKLM-x32\...\"DvDrum 2_is1) (Version: Beta 5 - Daniele Franceschini) Easy Drive Data Recovery (HKLM-x32\...\Easy Drive Data Recovery) (Version: 3.0 - MunSoft) Easy Flyer Creator 3.0 (HKLM-x32\...\{B07CB2BA-819B-41C5-BBE0-484A4C23972E}) (Version: 3.0.0 - Peridot Technologies) eSpeak version 1.45.05 (HKLM-x32\...\eSpeak_is1) (Version: - ) ESSBrwr (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden ESSCDBK (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden ESScore (x32 Version: 8.00.0000.0001 - Ihr Firmenname) Hidden EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 6.02 - Astonsoft Ltd) ESSgui (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden ESSini (x32 Version: 8.00.0000.0001 - Ihr Firmenname) Hidden ESSPCD (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden ESSPDock (x32 Version: 6.03.0001.0004 - Ihr Firmenname) Hidden ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.) Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff) Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.73 - NCH Software) Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software) Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden fflink (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) First PDF (HKLM-x32\...\First PDF) (Version: - ) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Free Audio Converter version 5.0.11.504 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.11.504 - DVDVideoSoft Ltd.) Free Audio Editor v7.9.4 (HKLM-x32\...\Free Audio Editor_is1) (Version: - FreeAudioStudio Inc.) Free Opener (HKLM\...\{A1F2C608-32D6-467D-B035-BBEF509042BA}_is1) (Version: 1.4 - EZ Freeware) Free Pdf Perfect Prereq (x32 Version: 1.1.0.80 - Covus Freemium GmbH) Hidden Free YouTube Download version 3.1.27.508 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.27.508 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation) Freemium Free PDF Perfect (HKLM-x32\...\{88265079-D6F4-4292-86BE-D2053E80BFE4}) (Version: 1.0 - Freemium) Freenet (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Freenet) (Version: - ) Galaxy Invaders (HKLM-x32\...\Galaxy Invaders_is1) (Version: - GameHitZone.com) Geheimtext (HKLM-x32\...\Geheimtext_is1) (Version: 100 - Abelssoft) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden Grand Prix Racing (HKLM-x32\...\Grand Prix Racing_is1) (Version: - GameHitZone.com) Guitar and Bass (HKLM-x32\...\Guitar and Bass_is1) (Version: 1.0.4 - G.F. Software) Guitar Explorer 1.0 (HKLM-x32\...\Guitar Explorer 1.0) (Version: - ) HDR Projects platin (64-Bit) (HKLM\...\HDR Projects platin_is1) (Version: 1.23 - Franzis Verlag GmbH) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (HKLM\...\{54B0845F-5540-4492-9939-CD8880ABABF0}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Deskjet 2050 J510 series Hilfe (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard) HP Documentation (HKLM-x32\...\{68A55875-B6DD-41E8-8CF6-F193D9C47051}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife) HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{A253A57F-4319-49B5-B405-64587FFBCFE2}) (Version: 14.0 - HP) HP Power Manager (HKLM-x32\...\{872B1C80-38EC-4A31-A25C-980820593900}) (Version: 1.2.3 - Hewlett-Packard Company) HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{8B52057C-15DB-433E-957C-E279BC7D07E3}) (Version: 3.1.0.9742 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company) HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP) HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC) HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation) HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation) Hydrogen 0.9.6 preview release for windows (HKLM-x32\...\{B24839E5-A70C-48AD-B4D9-B9FB46B4B038}_is1) (Version: - hydrogen-music.org) ICQ6.5 (HKLM-x32\...\{60DE4033-9503-48D1-A483-7846BD217CA9}) (Version: 6.5 - ICQ) InlineTranslate für Firefox (HKLM-x32\...\{C84149C6-0CF4-4003-BF6F-B9E70E3ACB90}_is1) (Version: 2.0 - InlineTranslate) inSSIDer 3 (HKLM-x32\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Kingsoft Presentation (8.1.0.3019) (HKLM-x32\...\Kingsoft Presentation) (Version: 8.1.0.3019 - Kingsoft Corp.) K-Lite Codec Pack 9.4.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.0 - ) Kodak EasyShare Software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company) L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - ) Last Space Fighter (HKLM-x32\...\Last Space Fighter_is1) (Version: - GameHitZone.com) Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.166 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.1.0.166 - LogMeIn, Inc.) Hidden MagicScore (HKLM-x32\...\MagicScore_is1) (Version: - ) MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Foto Manager MX (HKLM-x32\...\MAGIX_{30D2BC25-D905-48FE-AA2C-98E11AC3A081}) (Version: 9.0.1.238 - MAGIX AG) MAGIX Foto Manager MX (x32 Version: 9.0.1.238 - MAGIX AG) Hidden MAGIX Goya burnR (MSI) (HKLM-x32\...\MX.{4745C004-7D5D-42BB-816A-79BF29C3A65C}) (Version: 4.3.2.0 - MAGIX Software GmbH) MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (Demosongs) (HKLM-x32\...\MX.{4913C631-0363-496A-9E24-1A260205AB9D}) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Music Maker 2013 (Demosongs) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (Einführungsvideos) (HKLM-x32\...\MX.{3968ADA6-A25A-434C-9AD2-CE57498E27DA}) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Music Maker 2013 (Einführungsvideos) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (HKLM-x32\...\MX.{E7F7CA64-C0FC-4499-BC4D-C764E24CA67B}) (Version: 19.0.7.67 - MAGIX Software GmbH) MAGIX Music Maker 2013 (Synthesizer und Effekte) (HKLM-x32\...\MX.{AD409A65-BD38-4322-8765-492DD4E72DBF}) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Music Maker 2013 (Synthesizer und Effekte) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (Version: 19.0.7.67 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 (Visuals) (HKLM-x32\...\MX.{86516976-CC47-4787-B9FD-720500EC1759}) (Version: 1.0.0.0 - MAGIX Software GmbH) MAGIX Music Maker 2013 (Visuals) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker 2013 Soundpools (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden MAGIX Music Maker MX Production Suite Download-Version (x32 Version: 18.0.1.11 - MAGIX AG) Hidden MAGIX Screenshare (HKLM-x32\...\MAGIX_{8EBA7109-16D0-4174-8DF2-B87A67199532}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\{925B36C2-C441-4ADC-8588-AA34E46C94B7}) (Version: 7.0.2.6 - MAGIX AG) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden MicroSIP (remove only) (HKLM-x32\...\MicroSIP) (Version: - ) Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (HKLM-x32\...\{90120000-00B2-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft_VC100_CRT_x64 (HKLM\...\{17106CA8-E65A-4D02-95BE-79AF8C698935}) (Version: 1.0.0 - Microsoft) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla) MP4 To MP3 Converter V3.0.4 (HKLM-x32\...\MP4 To MP3 Converter_is1) (Version: - hxxp://www.MP4ToMP3Converter.net) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.2 - F.J. Wechselberger) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden Nexus Radio (HKLM-x32\...\{8763793B-4D7D-49C8-A859-5C582EC02640}) (Version: 5.6.6 - Talam Group, LLC) Nuclear Coffee - VideoGet (HKLM-x32\...\VideoGet_is1) (Version: 2012 - Nuclear Coffee) OfotoXMI (x32 Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9041 - ooVoo LLC.) OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Opticon USB Drivers Installer (HKLM-x32\...\Opticon USB Installer) (Version: - ) Panopreter Basic version 3.0.9 (HKLM-x32\...\Panopreter Basic_is1) (Version: - Panopreter.com) PC Rambazamba (HKLM-x32\...\{A9D4AF7B-93BA-4671-BC54-EDA2770CAF18}) (Version: 1.00.0000 - Langmeier Software GmbH) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PhoneCrypt Client Version PhoneCrypt 2.9.17.1959 (HKLM-x32\...\PhoneCrypt_is1) (Version: PhoneCrypt 2.9.17.1959 - SecurStar, Inc.) PhotoPad Image Editor (HKLM-x32\...\PhotoPad) (Version: 2.64 - NCH Software) PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 2.42 - NCH Software) PhotoStitcher 1.2 (HKLM-x32\...\{299EB32D-0525-4482-A8B5-1F30725AB6F1}_is1) (Version: - Teorex) Picture-Kit 3 Version 3.0 (HKLM-x32\...\{7B49D3E2-6789-45CF-8006-A78CD1F5A373}_is1) (Version: 3.0 - INGE BEYER Software Solutions) Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - ) Pixillion Imagedatei-Konverter (HKLM-x32\...\Pixillion) (Version: 2.74 - NCH Software) Pixlr-o-matic (HKLM-x32\...\Pixlromatic) (Version: 2.1 - UNKNOWN) Pixlr-o-matic (x32 Version: 2.1 - UNKNOWN) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot) proDAD Heroglyph 2.5 (HKLM-x32\...\proDAD-Heroglyph-2.5) (Version: 2.6.32.50 - proDAD GmbH) Protegere (HKLM-x32\...\Protegere) (Version: - ) PS_AIO_06_B109a-m_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden PT Portrait version 1.0.0 (HKLM\...\{8E2D6BBF-8372-4B53-B006-E24DCE64753A}_is1) (Version: 1.0.0 - PHOTO-TOOLBOX.COM) puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) Q-Dir (HKLM\...\Q-Dir) (Version: - ) Quick Stego 1.2 (HKLM-x32\...\Quick Stego_is1) (Version: - Cybernescence Limited) QuickTime (HKLM-x32\...\{08CA9554-B5FE-4313-938F-D4A417B81175}) (Version: 7.50.61.0 - Apple Inc.) QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version: - Tobit.Software) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden RiffWorks T4 (HKLM-x32\...\RiffWorks T4) (Version: 2.6.7 - Sonoma Wire Works) Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden ScanIT-Client 3.2 (HKLM-x32\...\ScanIT-Client_is1) (Version: - GfK Austria) Screen Capturer (HKLM-x32\...\Screen Capturer) (Version: 1.0.4.42 - ScreenCapturer.com) Screenpresso (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Screenpresso) (Version: 1.5.2.0 - Learnpulse) Scribus 1.4.4 (64bit) (HKLM\...\Scribus 1.4.4) (Version: 1.4.4 - The Scribus Team) SFR (x32 Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden Shape Collage (HKLM-x32\...\ShapeCollage) (Version: - Shape Collage Inc.) SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden Shortcut Racers (HKLM-x32\...\Shortcut Racers_is1) (Version: - GameHitZone.com) Shotcut (HKLM-x32\...\Shotcut) (Version: - ) SimplyGoodPictures (HKLM-x32\...\{29205904-A7A8-4545-0001-697935602C90}) (Version: 1.0.12.426 - Engelmann Media GmbH) skin0001 (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden SKINXSDK (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden Songr (HKLM-x32\...\Songr) (Version: 1.9.36 - hxxp://at-my-window.blogspot.com/?page=songr) Sothink Logo Maker Special (HKLM-x32\...\{E97A8C79-C035-4964-9DF5-B7B6D243A18C}_is1) (Version: 3.5 - SourceTec Software Co., LTD) Spotify (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB) Star Warship (HKLM-x32\...\Star Warship_is1) (Version: - GameHitZone.com) staticcr (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden Steganos Password Manager 15 (HKLM-x32\...\{B8F35E03-DC02-4CAB-AEF2-577B4CA25E8A}) (Version: 15.2.4 - Steganos Software GmbH) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1150 - SUPERAntiSpyware.com) SuperEasy 1-Click Backup (HKLM\...\SuperEasy 1-Click Backup) (Version: 1.13 - SuperEasy Software GmbH & Co. KG) SuperEasy Audio Converter 2 v.2.1.2143 (HKLM-x32\...\{039BC111-3B00-B8C5-E02C-0CA1440A9469}_is1) (Version: 2.1.2143 - SuperEasy Software GmbH & Co. KG) SuperEasy Video Booster v.1.1.3056 (HKLM-x32\...\{039BC111-ED4E-CCDF-634D-AF330C24ACB8}_is1) (Version: 1.1.3056 - SuperEasy Software GmbH & Co. KG) SuperEZ Wave Editor v12.2.1 (HKLM-x32\...\SuperEZ Wave Editor_is1) (Version: - SuperEZMedia Development Inc.) SView5 for Windows (HKLM\...\{A5B47808-9E14-4C04-9EB3-777D62ABFDE4}_is1) (Version: - PerSuaSiVe SoftWorX) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.19045 - TeamViewer) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) Tipard Video Converter Platinum 6.2.16 (HKLM-x32\...\{F4A43B47-0518-4a39-B377-15DC62076AC0}_is1) (Version: 6.2.16 - Tipard Studio) Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.342 - TuneUp Software) Hidden TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.342 - TuneUp Software) TuneUp Utilities 2014 (x32 Version: 14.0.1000.342 - TuneUp Software) Hidden TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac) Ultra Drag Racing (HKLM-x32\...\Ultra Drag Racing_is1) (Version: - GameHitZone.com) Unchecky v0.3.5 (HKLM-x32\...\Unchecky) (Version: 0.3.5 - RaMMicHaeL) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden USB Multi-Channel Audio Device (HKLM-x32\...\Generic USB 106 Sound) (Version: - ) Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden Video Rotator V1.0.9 (HKLM-x32\...\{EC0FD3E2-A241-4D37-BF16-7815EC1E7A29}_is1) (Version: - VideoRotator.com) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita Rock Drums (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden Vita String Ensemble (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) VPRINTOL (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden VSDC Free Video Editor Version 2.3.0.337 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.3.0.337 - Flash-Integro LLC) WaveShop (x64) (HKLM\...\{4912D50F-1CFB-4D91-B654-29E5BC2B1592}) (Version: 1.0.0 - Anal Software) WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) WinX Mobile Video Converter 3.0.0 (HKLM-x32\...\WinX Mobile Video Converter_is1) (Version: - Digiarty Software, Inc.) WIRELESS (x32 Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden WonderFox Video to Picture Converter (HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\WonderFoxVideotoPictureConverter) (Version: - WonderFox Soft. All Rights Reserved.) XnConvert 1.51 (HKLM\...\XnConvert_is1) (Version: 1.51 - Gougelet Pierre-e) XnView 1.99.1 (HKLM-x32\...\XnView_is1) (Version: 1.99.1 - Gougelet Pierre-e) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) YAMAHA Musicsoft Downloader 5 (HKLM-x32\...\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}) (Version: - ) Yamaha USB-MIDI Driver (HKLM-x32\...\InstallShield_{18369253-E53F-4A47-818E-082DFB950872}) (Version: 3.1.2.3 - Yamaha Corporation) Yamaha USB-MIDI Driver (Version: 3.1.2.3 - Yamaha Corporation) Hidden ZD Soft Screen Recorder 4.1.3.0 (HKLM-x32\...\ZD Soft Screen Recorder) (Version: 4.1.3.0 - ZD Soft) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3195104690-1283173883-910289243-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\melsy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 10-12-2014 19:21:35 Created by Wise Care 365 12-12-2014 13:19:55 Windows Modules Installer 13-12-2014 09:27:04 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 wurde installiert. 15-12-2014 11:03:51 Wiederherstellungsvorgang 15-12-2014 14:20:03 Windows Update 15-12-2014 18:59:42 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 15-12-2014 21:07:22 Configured Microsoft Office Enterprise 2007 17-12-2014 00:34:09 DesignCAD 3D Max 22 wurde installiert. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2014-12-25 21:07 - 00001196 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com There are 5 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01129378-72E4-4875-94D9-3244AA84053B} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\SymErr.exe Task: {01198FD1-ED04-442F-BB82-6E294D168A5B} - System32\Tasks\{F5DAFB4E-A60B-4116-9F09-A59C932BA636} => pcalua.exe -a F:\Setup.exe -d F:\ Task: {03E0F7C9-378E-4A6E-9734-912A1191CECC} - System32\Tasks\{4BF1A8B8-CB82-4534-9A28-D08628C5E143} => C:\Programme\jCalendar\jCalendar.exe Task: {0DACDC6D-9900-4C51-A8E6-B8E16FA3D043} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\2.1.2.13\SymErr.exe Task: {0F5004A6-C441-43B3-8C03-BB1E071DBCF9} - System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC} => Firefox.exe hxxp://ui.skype.com/ui/0/6.21.0.104/de/go/help.faq.installer?LastError=1618 Task: {12671161-6449-4349-A52D-3D90185B578F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.) Task: {1C933C6B-7E1B-4D5A-884E-312C03E52C6B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink) Task: {20960428-4821-470E-B356-ADE61D278E74} - System32\Tasks\{DA63B10A-4AA4-415D-B14F-20882B020224} => C:\Users\melsy\Downloads\lhttsged.exe [2012-06-25] (Microsoft Corporation) Task: {2275559B-C5E5-422D-AA45-9FFA455E05C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {243D7A47-C7F3-449F-A4B3-1A47C931B022} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {3010AD89-86DF-48F8-809F-7F0AB43C5091} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.) Task: {316A5078-541C-4E39-A254-03D66FFE9C50} - System32\Tasks\{02DEFB47-6A21-4840-A923-836BA7F0FC4A} => pcalua.exe -a "C:\Program Files (x86)\MUSICSTATION\musicstation.exe" Task: {3247BA29-A020-4C3C-9AE0-E115049C6D3C} - System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.59.106/de/abandoninstall?page=tsMain Task: {343DA5D2-A7B5-4163-994B-A280849E8B9E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-31] (Facebook Inc.) Task: {449672D7-8648-44EE-B5E8-2E0CDCD25B91} - System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.73.102.456/de/go/help.faq.installer?LastError=1618 Task: {46A34A3E-FE2B-48B5-AEAA-BDA3D2C4C6CD} - System32\Tasks\{7571068C-F497-4FC5-ADD4-35E7096DFB57} => C:\Program Files (x86)\Norton Internet Security\Engine64\19.7.1.5\uistub.exe Task: {51D55B4D-67DF-40FA-A4FE-DE3CC1944C3E} - \Browser Updater\Browser Updater No Task File <==== ATTENTION Task: {56D16A26-C086-4C2F-9A50-1256A721D380} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated) Task: {5BEC0A14-800A-4444-BE42-ACC444F20731} - System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar Task: {60081FEC-B90C-4BA1-A4E4-5EC3F0F87609} - System32\Tasks\{8DC528DF-C668-44A2-A31C-93B2FFB13B0A} => C:\Users\melsy\AppData\Local\Freenet\freenetlauncher.exe [2013-05-21] () Task: {65D575BE-410A-447D-B330-5443692346AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.) Task: {6668009D-DEA7-41CE-93D4-D0E6B8459036} - System32\Tasks\HPCeeScheduleFormelsy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: {67E242A7-6F0B-4797-B545-E3E15F1EDEAE} - System32\Tasks\{5BFD2BA9-AC77-4AF0-BEDE-ED496F689609} => pcalua.exe -a "C:\Program Files (x86)\FreeHDSport TV\Uninstall.exe" -c /fromcontrolpanel=1 Task: {67FBE70A-7C8D-4BC7-9925-215764406076} - System32\Tasks\{C5BAA74F-22E2-4F89-8A15-F55C07459494} => pcalua.exe -a C:\Users\melsy\Desktop\FreeScreenCapturer_1-0-4-42.exe -d C:\Users\melsy\Desktop Task: {6DF94FFC-E5D5-412B-9F49-E5C0848C19AB} - System32\Tasks\{AC18E9B7-C5B8-4B30-A692-A929B63DA066} => pcalua.exe -a C:\Users\melsy\Downloads\lhttsged.exe -d C:\Users\melsy\Downloads Task: {6DFD1216-9460-447B-B912-4EC7A58883D3} - System32\Tasks\WpsUpdateTask_melsy => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-10-29] (Zhuhai Kingsoft Office-software Co.,Ltd) Task: {7D678D51-701D-46DD-9972-DF5DFF100443} - System32\Tasks\{68ECAC93-8124-43DB-B24A-650885E2BADD} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\InstallHook.exe" -d "C:\Program Files\TeamSpeak 3 Client\plugins\ts3overlay\" -c ts3overlay_hook_win32.dll 10000 Task: {82748283-6624-447A-A8CA-49C398293069} - System32\Tasks\{963AFCB0-77B1-4C30-B305-F56C7A0EBB2B} => pcalua.exe -a C:\Users\melsy\Downloads\dotNetFx35setup(1).exe -d C:\Users\melsy\Downloads Task: {8515EC2B-C62E-413B-A428-6F858025BC21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {8542C1B0-137C-415E-86F5-2DEC0F2B4B09} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation) Task: {8596C597-1FBF-4783-96D6-FB78F7FE605F} - System32\Tasks\Wise Care 365 PC Checkup Task => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe Task: {8E52F36D-3CBE-4443-AF9D-53F564C3B7F5} - System32\Tasks\{9F7FA772-FD2E-4158-A4C5-6337F924BF71} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation) Task: {8E7F327F-12F6-4D75-9D7F-0B671653AE79} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] () Task: {90E77342-600D-4A4F-BF59-D61B7053855C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {92CE2904-5D89-42DD-B487-579244164EE4} - System32\Tasks\{22E33B45-0371-4117-ABFB-FEA73B3FE9A8} => C:\Programme\jCalendar\jCalendar.exe Task: {971E64F7-C1E0-4A48-A852-324B7F33B1B5} - System32\Tasks\{3ABB7357-D358-41A4-9954-B6BB3A87DC07} => pcalua.exe -a G:\Install.exe -d G:\ Task: {9BCCA73A-EF82-4843-B3CD-A7B5BB0CBC56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-27] (Google Inc.) Task: {9DE87302-322D-492F-BBA0-8B4A585E329F} - System32\Tasks\{61CE41BF-C4A4-4791-A301-5F93B0DFAA9A} => pcalua.exe -a C:\Users\melsy\Desktop\Air_Assault.exe -d C:\Users\melsy\Desktop Task: {9F3A2A36-84C1-4056-9312-C522128A9CF1} - System32\Tasks\{4FBE209A-8A27-4E26-81B3-722670F9ECA0} => C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HPScan.exe [2010-11-16] (Hewlett-Packard Co.) Task: {A3DEBCE1-D5BE-471A-A2D8-1A1C61B3C499} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard) Task: {ABA282D4-9785-4A97-B432-FB442D8FE3EB} - System32\Tasks\Google Updater and Installer => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.) Task: {BC0FD5F5-2ED6-4BB5-AF88-B0B6140C2852} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$Registration\Registration_8.0.20.1.sxt _RegistrationOffer@16 Task: {BD89F47A-50C6-4051-8B84-126CDFEB0DCE} - System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E} => Firefox.exe Task: {BF8B141C-676F-42A5-BF66-8D95ADCA1717} - System32\Tasks\{B50D4207-EE1F-4B4E-98FF-CFA586F34842} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" Task: {C176E98E-B970-46B2-9F4D-ACAC41FB6E98} - System32\Tasks\{390AF46B-3743-4BF4-B011-EA592787C6B7} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe Task: {C67886D0-0FBB-476B-BE8B-299B1FFE7721} - System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {C73BC706-4FC5-42B9-B1C9-6B1DCF74BAC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {CA893ED1-E431-4340-A415-4DFFF3F4D0DA} - System32\Tasks\{AA7F026B-C42A-4E6F-B2DB-FCDAF10D2524} => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [2014-12-01] (Astonsoft) Task: {D6C26C39-486C-43E4-9576-DBE22E3E441C} - System32\Tasks\NCH Software\ExpressRipSevenDays => C:\Program Files (x86)\NCH Software\ExpressRip\ExpressRip.exe [2014-08-08] (NCH Software) Task: {D89AD17C-10FC-4DD5-8120-B85CD2DC8F25} - System32\Tasks\{196512D0-AEDD-4F4D-82E4-FCEF076F1057} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2013-07-23] (Microsoft Corporation) Task: {D9CD8EF1-5ADD-4F91-8527-5EFA8009EDC6} - System32\Tasks\{E41BC0B8-6500-4D58-95D6-ECEDB1C3A9D5} => C:\Users\melsy\Downloads\lhttsged.exe [2012-06-25] (Microsoft Corporation) Task: {E451466A-3491-4B89-8E2A-4477D4DA17C0} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\HomeTab\ProtectedSearch.exe <==== ATTENTION Task: {E6F8C8B4-6095-4F02-82B5-332CF71AEEF2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {EA4916C5-BF71-44C7-BC9E-0F9D40FF1B5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated) Task: {EBD0D2FE-56E0-48B2-91DF-0264665CA8DD} - System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.20.0.104/de/abandoninstall?page=tsProgressBar Task: {EE74F28E-DE62-48C6-8627-8144ECE20501} - System32\Tasks\PC Rambazamba => C:\Program Files (x86)\Langmeier Software\PC Rambazamba\pcrambazamba.exe Task: {EEC8A0D8-581A-4288-A669-717A36652B27} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-31] (Facebook Inc.) Task: {EF07459B-FD41-4C1A-8587-798773836EB9} - \YourFile DownloaderUpdate No Task File <==== ATTENTION Task: {FFE3FE28-EE03-4DF8-8144-3C66979D3375} - System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869} => Firefox.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\EasyShare Registration Task.job => “7BfGDµÀ™g:×6Fh< sÀ €!Þ:2!C:\Windows\system32\rundll32.exe_C:\PROGRA~3\Kodak\EasyShareSetup\$Registration\Registration_8.0.20.1.sxt _RegistrationOffer@16melsy0Ü: Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job => C:\Users\melsy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleFormelsy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseCare365.exe Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe Task: C:\Windows\Tasks\WpsUpdateTask_melsy.job => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-07-05 11:27 - 2011-07-05 11:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-04-13 01:29 - 2014-04-13 01:28 - 01005056 _____ () C:\Users\melsy\AppData\Roaming\BupSystem\bup.exe 2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 2013-11-28 16:04 - 2013-11-28 16:04 - 00024672 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe 2013-11-28 16:04 - 2013-11-28 16:04 - 00104032 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupServiceLib.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 11016288 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00157280 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll 2013-11-28 16:03 - 2013-11-28 16:03 - 04838496 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00494176 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00061024 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll 2013-11-21 11:54 - 2013-11-21 11:54 - 00020992 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll 2013-09-23 20:24 - 2013-09-23 20:24 - 00076288 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00053344 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll 2013-11-28 13:33 - 2013-11-28 13:33 - 00049664 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll 2013-11-28 16:03 - 2013-11-28 16:03 - 00506976 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll 2013-11-28 16:03 - 2013-11-28 16:03 - 00344160 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll 2013-11-21 11:56 - 2013-11-21 11:56 - 00309248 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00113760 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll 2013-11-28 13:32 - 2013-11-28 13:32 - 00626688 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00211040 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll 2014-07-21 11:27 - 2014-07-21 11:27 - 00699704 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll 2013-11-21 12:42 - 2013-11-21 12:42 - 00045056 _____ () c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe 2012-06-18 10:47 - 2012-02-17 19:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2012-10-14 15:54 - 2011-07-23 08:22 - 00133120 _____ () C:\Windows\system32\azcontextmenu.dll 2014-12-14 16:36 - 2014-11-18 09:39 - 00223600 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe 2013-11-28 16:04 - 2013-11-28 16:04 - 00317024 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe 2013-11-28 16:04 - 2013-11-28 16:04 - 06131808 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClientLib.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00390240 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\updateman.dll 2013-11-28 16:03 - 2013-11-28 16:03 - 00506976 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\twirl.dll 2013-11-28 16:03 - 2013-11-28 16:03 - 00344160 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\tomb.dll 2013-11-28 16:03 - 2013-11-28 16:03 - 04838496 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\ox.dll 2013-09-23 20:24 - 2013-09-23 20:24 - 00076288 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zdll.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 11016288 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupCore.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00157280 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\deemon.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00494176 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\veem.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00061024 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\minizutil.dll 2013-11-21 11:54 - 2013-11-21 11:54 - 00020992 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\zlibutil.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00053344 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzmaUtil.dll 2013-11-28 13:33 - 2013-11-28 13:33 - 00049664 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\lzma.dll 2013-11-21 11:56 - 2013-11-21 11:56 - 00309248 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\party.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00113760 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\scoolite.dll 2013-11-28 13:32 - 2013-11-28 13:32 - 00626688 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\sqlite.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00211040 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\netutil.dll 2013-11-28 16:04 - 2013-11-28 16:04 - 00148064 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\featback.dll 2013-11-21 12:42 - 2013-11-21 12:42 - 00045056 _____ () C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\oxHelper.exe 2014-04-13 01:35 - 2014-04-13 01:35 - 00374272 _____ () C:\Users\melsy\AppData\Roaming\BupSystem\sub\default.dll 2014-11-06 18:45 - 2014-10-31 16:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll 2014-11-06 18:45 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll 2012-05-20 16:11 - 2012-02-22 19:49 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll 2012-05-20 16:10 - 2012-02-22 19:49 - 00078336 _____ () C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll 2014-02-28 15:32 - 2014-12-10 19:09 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-12-10 17:54 - 2014-12-10 17:54 - 16841392 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:8D09CB9B AlternateDataStreams: C:\ProgramData\Temp:9341E0C6 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hear.lnk => C:\Windows\pss\Hear.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^melsy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screen Capturer.lnk => C:\Windows\pss\Screen Capturer.lnk.Startup MSCONFIG\startupfolder: C:^Users^melsy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TerminplanerStart.lnk => C:\Windows\pss\TerminplanerStart.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: MapsGalaxy Search Scope Monitor => "C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39srchmn.exe" /m=2 /w /h MSCONFIG\startupreg: MapsGalaxy_39 Browser Plugin Loader => C:\PROGRA~2\MapsGalaxy_39\bar\1.bin\39brmon.exe MSCONFIG\startupreg: Ocs_SM => C:\Users\melsy\AppData\Roaming\OCS\SM\SearchAnonymizer.exe MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: SaferSurf Tray => "C:\Program Files (x86)\SaferSurf\SaferSurfTray.exe" MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe MSCONFIG\startupreg: Spotify => "C:\Users\melsy\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\melsy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe ========================= Accounts: ========================== Administrator (S-1-5-21-3195104690-1283173883-910289243-500 - Administrator - Disabled) fbwuser (S-1-5-21-3195104690-1283173883-910289243-1002 - Limited - Enabled) Gast (S-1-5-21-3195104690-1283173883-910289243-501 - Limited - Disabled) melsy (S-1-5-21-3195104690-1283173883-910289243-1001 - Administrator - Enabled) => C:\Users\melsy _supereasy_1cbackup_ (S-1-5-21-3195104690-1283173883-910289243-1003 - Administrator - Enabled) => C:\Users\_supereasy_1cbackup_ ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/26/2014 02:09:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.1.711, Zeitstempel: 0x542b53ec Name des fehlerhaften Moduls: QtGui4.dll, Version: 4.8.4.0, Zeitstempel: 0x51353087 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002a609d ID des fehlerhaften Prozesses: 0xc78 Startzeit der fehlerhaften Anwendung: 0xmbam.exe0 Pfad der fehlerhaften Anwendung: mbam.exe1 Pfad des fehlerhaften Moduls: mbam.exe2 Berichtskennung: mbam.exe3 Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (12/25/2014 03:57:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 9002) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden. (HRESULT : 0x8004117f) (0x8004117f) Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=1100} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (12/25/2014 03:57:13 PM) (Source: Windows Search Service) (EventID: 9000) (User: ) Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden. Details: 0x%08x (0x8004117f - Der Inhaltsindexserver kann wegen eines Datenbankfehlers keine Daten aktualisieren oder auf sie zugreifen. Beenden Sie den Suchdienst, und starten Sie ihn erneut. Wenn das Problem weiterhin besteht, setzen Sie den Inhaltsindex zurück, und crawlen Sie ihn erneut. In manchen Fällen muss der Inhaltsindex möglicherweise gelöscht und erneut erstellt werden. (HRESULT : 0x8004117f)) System errors: ============= Error: (12/25/2014 09:08:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/25/2014 09:08:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (12/25/2014 09:07:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (12/25/2014 09:01:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (12/25/2014 09:01:01 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/25/2014 08:51:39 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (12/25/2014 08:51:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (12/25/2014 08:51:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (12/25/2014 08:51:07 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Error: (12/25/2014 08:51:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80070422 Microsoft Office Sessions: ========================= Error: (12/16/2014 07:39:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 403 seconds with 300 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-09-16 22:33:20.886 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-09-16 22:33:20.636 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-25 15:01:32.976 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD E-450 APU with Radeon(tm) HD Graphics Percentage of memory in use: 71% Total physical RAM: 3690.91 MB Available physical RAM: 1034.56 MB Total Pagefile: 7379.99 MB Available Pagefile: 4149.91 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.09 GB) (Free:229.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:15.51 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F2DC90A7) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ==================== End Of Log ============================ Guten morgen ! Konntest du schon etwas feststellen ? LG Wolfgang |
28.12.2014, 00:02 | #5 |
/// the machine /// TB-Ausbilder | Verdacht auf Trojaner Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.12.2014, 12:31 | #6 |
| Verdacht auf Trojaner Vorerst : Habe Revo Installer laufen lassen und wollte die beiden Programme deinstallieren bekam die Meldung VIS Dateipfad nicht gefunden Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 29/12/2014 um 11:47:47 # Aktualisiert 21/12/2014 von Xplode # Database : 2014-12-28.1 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : melsy - MELSY-HP # Gestartet von : C:\Users\melsy\Downloads\AdwCleaner_4.106.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : bupService [#] Dienst Gelöscht : YahooAUService ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Conduit Ordner Gelöscht : C:\ProgramData\NCH Software Ordner Gelöscht : C:\ProgramData\SuperEasy Software Ordner Gelöscht : C:\ProgramData\Yahoo! Companion Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperEasy Software Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\NCH Software Ordner Gelöscht : C:\Program Files (x86)\SearchProtect Ordner Gelöscht : C:\Program Files (x86)\SuperEasy Software Ordner Gelöscht : C:\Program Files (x86)\SaferSurf Ordner Gelöscht : C:\Program Files (x86)\Common Files\Tobit Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4} Ordner Gelöscht : C:\Windows\SysWOW64\hotspot shield Ordner Gelöscht : C:\Program Files\SuperEasy Software Ordner Gelöscht : C:\Users\DefaultAppPool\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\melsy\AppData\Local\Conduit Ordner Gelöscht : C:\Users\melsy\AppData\Local\DownloadGuide Ordner Gelöscht : C:\Users\melsy\AppData\Local\CrashRpt Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\GutscheinCodes Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\SimplyTech Ordner Gelöscht : C:\Users\melsy\AppData\LocalLow\Yahoo! Companion Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\BupSystem Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\NCH Software Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Security System 2 Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Systweak Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Tobit Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\Windows Net Data Ordner Gelöscht : C:\Users\melsy\AppData\Roaming\SuperEasy Software Ordner Gelöscht : C:\Users\_supereasy_1cbackup_\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddkeieaieohnceanbhdeijclgemgjjkf Datei Gelöscht : C:\END Datei Gelöscht : C:\Users\melsy\Favorites\Startfenster.lnk Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\foxydeal.sqlite Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml Datei Gelöscht : C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\user.js ***** [ Tasks ] ***** Task Gelöscht : YourFile DownloaderUpdate ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0E0DBFCD-7DDD-4792-9F42-2DFF3E266C26} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1890CF76-D8E5-4584-8B8B-0415EA96601F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5DAD9BF3-1DB3-4915-899F-52C1FB45E7A5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\SuperEasy Software Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect Schlüssel Gelöscht : HKLM\SOFTWARE\systweak Schlüssel Gelöscht : HKLM\SOFTWARE\SuperEasy Software Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eSpeak_is1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\SuperEasy Software Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\4340C4778499EED41AE496DC3D613EC6 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4340C4778499EED41AE496DC3D613EC6 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v34.0.5 (x86 de) -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [59805 octets] - [19/09/2013 13:30:58] AdwCleaner[R1].txt - [18759 octets] - [29/12/2014 11:30:15] AdwCleaner[R2].txt - [18816 octets] - [29/12/2014 11:42:09] AdwCleaner[S0].txt - [40073 octets] - [19/09/2013 13:32:28] AdwCleaner[S1].txt - [17602 octets] - [29/12/2014 11:47:47] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [17663 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 7 Home Premium x64 Ran by melsy on 29.12.2014 at 12:00:13.85 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update qualitink Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util qualitink ~~~ Files Successfully deleted: [File] "C:\Users\melsy\favorites\links\startfenster.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\Users\melsy\AppData\Roaming\getrighttogo" ~~~ FireFox Emptied folder: C:\Users\melsy\AppData\Roaming\mozilla\firefox\profiles\ztxv0dqa.default-1397397919693\minidumps [3 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.12.2014 at 12:08:20.98 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by melsy (administrator) on MELSY-HP on 29-12-2014 12:21:26 Running from C:\Users\melsy\Downloads Loaded Profile: melsy (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM\...\Run: [SuperEasy 1-Click Backup] => "C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe" --hidden HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * DfSDKBt ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH) Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693 FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14] FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13] FF Extension: ZenMate Security & Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05] FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11] FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13] FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13] FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21] FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13] FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13] FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24] FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28] FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05] FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed] R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] () S2 supereasy_1cbackup; "c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe" "--controlFolder=c:\ProgramData\SuperEasy 1-Click Backup\control" "--id=supereasy_1cbackup" daemon ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.) S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6) R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software) R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-29] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] () R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation) S3 CpqDfw; system32\drivers\CpqDfw.sys [X] U3 DfSdkS; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 12:21 - 2014-12-29 12:21 - 02123264 _____ (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe 2014-12-29 12:08 - 2014-12-29 12:08 - 00001190 _____ () C:\Users\melsy\Desktop\JRT.txt 2014-12-29 11:59 - 2014-12-29 11:59 - 01707939 _____ (Thisisu) C:\Users\melsy\Downloads\JRT(1).exe 2014-12-29 11:55 - 2014-12-29 11:55 - 00818637 _____ (Thisisu) C:\Users\melsy\Downloads\JRT.exe 2014-12-29 11:27 - 2014-12-29 11:28 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106(1).exe 2014-12-29 11:16 - 2014-12-29 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-29 11:15 - 2014-12-29 11:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\melsy\Downloads\revosetup95.exe 2014-12-29 10:00 - 2014-12-29 10:00 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-27 09:35 - 2014-12-27 09:35 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106.exe 2014-12-26 18:50 - 2014-12-26 18:52 - 00071035 _____ () C:\Users\melsy\Downloads\Addition.txt 2014-12-26 18:48 - 2014-12-29 12:21 - 00028192 _____ () C:\Users\melsy\Downloads\FRST.txt 2014-12-26 18:47 - 2014-12-29 12:21 - 00000000 ____D () C:\FRST 2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe 2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt 2014-12-24 15:10 - 2014-12-29 11:50 - 00000600 _____ () C:\Windows\PFRO.log 2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe 2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates 2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN 2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe 2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe 2014-12-22 01:01 - 2014-12-29 11:20 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano 2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe 2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe 2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk 2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-20 18:32 - 2014-12-29 11:50 - 00000896 _____ () C:\Windows\setupact.log 2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-18 12:27 - 2014-12-29 11:49 - 00300701 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit 2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign 2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe 2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007 2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus 2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4 2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4 2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe 2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk 2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme 2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe 2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp 2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP 2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe 2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects 2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis 2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP 2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro 2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax 2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll 2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax 2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll 2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll 2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm 2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll 2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax 2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll 2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx 2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm 2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm 2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX 2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll 2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm 2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe 2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe 2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin 2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin 2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job 2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task 2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik 2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part 2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker 2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365 2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe 2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe 2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk 2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme 2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk 2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe 2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15 2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe 2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk 2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4 2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup 2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo 2014-12-02 16:15 - 2014-12-29 11:51 - 00000000 ____D () C:\Users\_supereasy_1cbackup_ 2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup 2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help 2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software 2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture 2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia 2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe 2014-11-30 19:27 - 2014-11-30 19:27 - 05152768 _____ () C:\Users\melsy\Downloads\HPSupportSolutionsFramework-11.51.0027.msi 2014-11-30 19:23 - 2014-11-30 19:23 - 00003002 _____ () C:\Windows\System32\Tasks\{4FBE209A-8A27-4E26-81B3-722670F9ECA0} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-29 12:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-29 12:20 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit 2014-12-29 12:16 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-29 12:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-29 12:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job 2014-12-29 11:58 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-29 11:58 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-29 11:57 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat 2014-12-29 11:57 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat 2014-12-29 11:57 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-29 11:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-29 11:51 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-29 11:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-29 11:48 - 2013-09-19 13:30 - 00000000 ____D () C:\AdwCleaner 2014-12-29 11:34 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps 2014-12-29 11:30 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype 2014-12-29 10:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-29 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job 2014-12-29 02:42 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC} 2014-12-29 02:42 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1} 2014-12-29 02:42 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1} 2014-12-29 02:42 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C} 2014-12-29 02:42 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938} 2014-12-29 02:42 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462} 2014-12-29 02:42 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E} 2014-12-29 02:42 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869} 2014-12-29 02:00 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-29 01:52 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-29 01:46 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy 2014-12-29 01:46 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job 2014-12-27 23:22 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO 2014-12-27 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2014-12-27 03:56 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc 2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype 2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF 2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes 2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr 2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien 2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre 2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX 2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity 2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios 2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp 2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video 2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ 2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar 2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM 2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2 2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo 2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client 2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy 2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client 2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations 2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos 2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx 2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} 2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications 2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client 2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender 2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client 2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther 2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk 2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2 2014-11-30 19:49 - 2012-11-11 20:14 - 00000000 ___RD () C:\Users\melsy\Desktop\HP DRUCKER Some content of TEMP: ==================== C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe C:\Users\melsy\AppData\Local\Temp\Quarantine.exe C:\Users\melsy\AppData\Local\Temp\ripsetup.exe C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe C:\Users\melsy\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 04:32 ==================== End Of Log ============================ --- --- --- |
29.12.2014, 21:28 | #7 |
/// the machine /// TB-Ausbilder | Verdacht auf Trojaner Bei der Meldung einfach ok oder abbrechen klicken, dann macht Revo den Rest. ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.12.2014, 22:15 | #8 |
| Verdacht auf Trojaner Habe ich bei Revo so gemacht . Der Rest wird etwas dauern da ich einige externe Festplatten habe lg wolfgang |
30.12.2014, 14:51 | #9 |
/// the machine /// TB-Ausbilder | Verdacht auf Trojaner ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
31.12.2014, 13:58 | #10 |
| Verdacht auf TrojanerCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7131f657cc7c0a45b334d333cc399cee # engine=21746 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-30 01:30:07 # local_time=2014-12-30 02:30:07 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='AVG Internet Security 2013' # compatibility_mode=1046 16777213 100 88 59144 107080191 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 45154332 171576057 0 0 # scanned=617048 # found=260 # cleaned=0 # scan_time=52968 sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir" sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir" sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir" sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir" sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir" sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir" sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir" sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir" sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir" sh=A416ACC21756868987F275190BD1033BF74E180C ft=1 fh=d3699c00a2c5c199 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\protegere.exe.vir" sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir" sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir" sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir" sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir" sh=1D9AE65A97C417A8083FB38EFDB8022EAE3A9698 ft=1 fh=8dd7dc1cf3445b5c vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Security System 2\uninstaller.exe.vir" sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir" sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir" sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir" sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir" sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir" sh=A48076CEBF63988E749815CBD69039D08B14735A ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ArtensoftPhotoMosaicWizard.zip" sh=024079FF7B8C864324A8F5F5706DB446D7B3D5F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CleanseUninstallerPro.zip" sh=693F4A3E417C867790179DB63B33E46C0346D613 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\KingsoftPresentationStd.zip" sh=4C34B47BB5C70ABEF7B265D86BF2010F8AB810B4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\MP4ToMP3Converter.zip" sh=C650DB886472079561CC80DEF94817835E02FD24 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SothinkLogoMaker.zip" sh=1FE03D963E03841AFC90F28F6D296878E5206C1F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoGet.zip" sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe" sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll" sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\AppData\Local\Temp\DMR\dmr_72.exe" sh=2729F6FA8F28FB792FBCFF2725FCC8D81CE3CCA3 ft=0 fh=0000000000000000 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\DvDrum2_b5_Setup.zip" sh=07A1B083446273B593E7287021D55ED5688C53EC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\melsy\Desktop\1054_Must_Have_PHP_Scripts_part1\Chat_Scripts\Chat Scripts\blablite22.zip" sh=24688AAD083DBEAB180203CB89B36F7056E93128 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\firefox@qualitink.net.xpi" sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\d3339536-cdf9-444a-b529-160714835cb8@52bed7c4-5816-4cf8-b479-2c341232cd59.com\extensionData\plugins\91_monetizationLoader.js.js" sh=3164F34A7FEC5F532C6A9DFF760113B4E55026E3 ft=1 fh=b5a6070113be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\130120-sview5-v384-Downloader.exe" sh=C779120ED93C6E7F96DC51C9FC882F9F96340324 ft=1 fh=41bdabcae1f2b528 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\2WPinball-Downloader.exe" sh=16D9C063CD13D25EEBC63FCF358C64009A4FCFB0 ft=1 fh=0307e473c2448ea4 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\AshampooMovieStudio2013Ver104-Downloader.exe" sh=919FB69C250161AC362B1E6ECC27E66B892E863F ft=1 fh=6cc80959aef3cdad vn="Win32/Adware.1ClickDownload.AX Anwendung" ac=I fn="C:\Users\melsy\Downloads\BarcelonaStreamApp.exe" sh=7E2D6ECE2E74BF74BDE2D7D0D66EA9FA0EFB65C5 ft=1 fh=d8b24a2eee5b8eea vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\dffsetup-lame_enc.exe" sh=C131ED4CF8F0F152D001811D77BF89299BB2ACEA ft=1 fh=831285361d7e9534 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe" sh=495A75196C43A41FA1313D4B62B0D4170E906431 ft=1 fh=d9125e0aa1ab4a89 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\FreeImageConvertAndResize.exe" sh=837238B0C3C1FCDDCD18A2852D680A2610F72154 ft=1 fh=9061159b2822d34e vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-2.8.10-setup-Downloader.exe" sh=81452D54213DAFA857AE5467B67C11014549715A ft=1 fh=dd0df1ac6180bd2f vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-help-261-html-detar-Downloader.exe" sh=E482AD834AA2F21ADC0140FE4ECC2BFDAF3FAA22 ft=1 fh=4bd4252d18724ebe vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.67-install-chip-389-conduit.exe" sh=7F0A0674E9522BFCF7CBA33DED49AAEBAF36F614 ft=1 fh=2f70aa409cdbff5b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.90.exe" sh=1E155C8E88C907618214809BA49529D38D709174 ft=1 fh=3d226696a6f054ac vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\ipnetinfo-Downloader.exe" sh=C9AD39E15D50C4E6FEADB99FA445E3BDB9BF3647 ft=1 fh=77b67014d8a47abf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\kingsoftpresentationstd-Downloader.exe" sh=87D1158606ED48018BC966899016FD9D392C8D31 ft=1 fh=eb078c41703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MicroSIP-3.3.27-Downloader.exe" sh=F8B71E3C73416F4905087E05488AEF3192FB635A ft=1 fh=c82e78466d0c8942 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MusicRecorder10-Downloader.exe" sh=4D3D18C2D516AD7A7FC93E1E9C07E00C3656B8FF ft=1 fh=4e7fde5325cd1268 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\phonecrypt-desktop-Downloader.exe" sh=1A83C861ACCD538CC1577A46767C5A0496AF4CDE ft=1 fh=ad0294a213be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\pickitinst-Downloader.exe" sh=BCBA8E2AF400377B691EC82DB1256ABB9462678B ft=1 fh=5f941106423da96d vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\privacyfix-firefox502-Downloader.exe" sh=A5EA57A708B3D292515B4005A31E9EA021C2FC97 ft=1 fh=c1e8a60c703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\shotcut-win32-131022-Downloader.exe" sh=E94FEEC085E6758E0C544F28D653085F79120B76 ft=1 fh=e67ac52ec83c3cc9 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SoftonicDownloader_fuer_riffworks.exe" sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader(1).exe" sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader.exe" sh=17E3CFAC3CC46008685A6A83A464DED18C7C34B5 ft=1 fh=688f6c4d456fdf25 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe" sh=41ED9036ECCFCB5F4642E6BB03CB956FF9A62C7D ft=1 fh=47f5978555dce2f4 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vitainterface2014Gold1078-Downloader.exe" sh=4F8B1197AF01C40FCE88746CDB905ED8F5678A91 ft=1 fh=de9355ff8be6e0c5 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.0-win64-Downloader.exe" sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.3-win32.exe" sh=E79CE0DA43C79F2A4E48A4F4A02905DE783FBD16 ft=1 fh=a9eb553813c219ce vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.4-win64.exe" sh=3393146A8D0C8A8E1C3CEEBDA60C6C81476C3E2D ft=1 fh=ba364102e7b75553 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe" sh=94EC870BA0DF99B54B45DA64AD9D7187CA7708D3 ft=1 fh=97cc4212331376f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe" sh=C10EF1D1E3534F528026316078F554FDFF1B1E05 ft=1 fh=ee7edc0b435aa6f2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe" sh=C0BA2A9C0869846851D8F14DA86E4899E199678C ft=1 fh=7d4d9d957035df84 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe" sh=8643736EC068EAC343D8F74B575517D2363F1376 ft=1 fh=52a3309f2fb86f58 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe" sh=13C48F6FC45F6949AF5192EA564E40E760122C4E ft=1 fh=1cb7fcde8a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert32-Bit151-Downloader.exe" sh=812035F9C97F32427B1E79C7C1B6B3EE7AAE9BBA ft=1 fh=a4d8ef288a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert64-Bit151-Downloader.exe" sh=71C5327830182909BE7CDA6E11E45DE267898660 ft=1 fh=b2c4ea99ed910581 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnViewShell-Erweiterung64-bit32-Downloader.exe" sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\59d187f.msi" sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir" sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir" sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir" sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir" sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir" sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir" sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir" sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir" sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir" sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir" sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir" sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir" sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir" sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir" sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir" sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\FreeSoundRecorder\tbFree.dll" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\ldrtbFree.dll" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\prxtbFree.dll" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Program Files (x86)\Freeware.de\tbFree.dll" sh=378BCE9CB615CA414D5099F2E78C5EA313101701 ft=0 fh=0000000000000000 vn="Win32/bProtector.D evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" sh=21A2772AC0026ACA82F7BED3BC770638FF8CEAC4 ft=0 fh=0000000000000000 vn="Win32/bProtector.C evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\ProgramData\BrowserProtect\2.5.986.67\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe" sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Lokaler Datenträger\Windows\Installer\59d187f.msi" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\FreeSoundRecorder\tbFree.dll" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\ldrtbFree.dll" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\prxtbFree.dll" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Programme sicherung\Program Files (x86)\Freeware.de\tbFree.dll" sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll (2).vir" sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe (2).vir" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe (2).vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll (2).vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll (2).vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll (2).vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe (2).vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll (2).vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll (2).vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll (2).vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll (2).vir" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir" sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL (2).vir" sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir" sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe (2).vir" sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL (2).vir" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL (2).vir" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir" sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL (2).vir" sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir" sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe (2).vir" sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir" sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll (2).vir" sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir" sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll (2).vir" sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir" sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe (2).vir" sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe (2).vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe (2).vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll (2).vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll (2).vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir" sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll (2).vir" sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll (2).vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll (2).vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir" sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js (2).vir" sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir" sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll (2).vir" sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir" sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat (2).vir" sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir" sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat (2).vir" sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir" sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat (2).vir" sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir" sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat (2).vir" sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir" sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir" sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir" sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir" sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir" sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir" sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir" sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir" sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir" sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir" sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir" sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir" sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir" sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir" sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir" sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir" sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe" sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll" sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Lokaler Datenträger\Windows\Installer\59d187f.msi" sh=A48076CEBF63988E749815CBD69039D08B14735A ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\ArtensoftPhotoMosaicWizard.zip" sh=024079FF7B8C864324A8F5F5706DB446D7B3D5F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\CleanseUninstallerPro.zip" sh=693F4A3E417C867790179DB63B33E46C0346D613 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\KingsoftPresentationStd.zip" sh=4C34B47BB5C70ABEF7B265D86BF2010F8AB810B4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\MP4ToMP3Converter.zip" sh=C650DB886472079561CC80DEF94817835E02FD24 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\SothinkLogoMaker.zip" sh=1FE03D963E03841AFC90F28F6D296878E5206C1F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\VideoGet.zip" sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe" sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll" sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\sicherrung 230112\Lokaler Datenträger\Windows\Installer\59d187f.msi" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=7131f657cc7c0a45b334d333cc399cee # engine=21761 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-12-31 04:34:45 # local_time=2014-12-31 05:34:45 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='AVG Internet Security 2013' # compatibility_mode=1046 16777213 100 88 43189 107134469 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 45208610 171630335 0 0 # scanned=333304 # found=89 # cleaned=0 # scan_time=32719 sh=6C89F129D39CA812C1E18B557119785109DF3F28 ft=1 fh=d91bac543e789082 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Claro LTD\claro\1.8.3.10\escortShld.dll.vir" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\FreeSoundRecorderToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeSoundRecorder\tbFree.dll.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\Freeware.deToolbarHelper.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\ldrtbFree.dll.vir" sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\prxtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeware.de\tbFree.dll.vir" sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\39sknlcr.dll.vir" sh=564173EA0828794311CA65A24B506DD5A01481A0 ft=1 fh=110c0f02df363965 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CREXT.DLL.vir" sh=7C7F414357AE6EA119581D9F98F815A8E7F345AD ft=1 fh=36e26079e06cfa5e vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\CrExtP39.exe.vir" sh=244310F981448E11F34B9981614B6FA9BE973446 ft=1 fh=a66d4ad4dd5d0c5d vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTEX.DLL.vir" sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8EXTPEX.DLL.vir" sh=7C98CBA50F261D738259554D4FE706C997C654F7 ft=1 fh=ac0773121b683aed vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mapsgalaxy_39\bar\1.bin\T8TICKER.DLL.vir" sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js.vir" sh=8D1B69902A404A5799FD5EADDFBF3E363339CBDE ft=1 fh=07f1a7bb45044fb5 vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\dtUser.exe.vir" sh=AD7F7CA53753521EB64AD840156F163909EE5E8C ft=1 fh=f633dab5e52a0ecc vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultsDx.dll.vir" sh=BBCBE78E65CAF60414F998095F88955144ACAAED ft=1 fh=06cfc3bfbefbe6c8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchresults1\searchresultstb.dll.vir" sh=868EB84B484DD5C01835CC394174384F8694ECCC ft=1 fh=584f503eb1d3498f vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Web Cake\WebCakeDesktop.Updater.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2704262\FreeSoundRecorderAutoUpdateHelper.exe.vir" sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\Conduit\CT2736476\Freeware.deAutoUpdateHelper.exe.vir" sh=A416ACC21756868987F275190BD1033BF74E180C ft=1 fh=d3699c00a2c5c199 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\protegere.exe.vir" sh=95D1E596ACC1912879100C54027750C1772027C7 ft=1 fh=212faf0536ad9d68 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe.vir" sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\tbFree.dll.vir" sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\FreeSoundRecorder\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir" sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\ldrtbFree.dll.vir" sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\LocalLow\Freeware.de\tbFree.dll.vir" sh=9B7AFC05F48AE3F56DBE1A2114F8FDF50067A187 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\3mzjeqm2.default\Extensions\plugin@getwebcake.com\content\overlay.js.vir" sh=1D9AE65A97C417A8083FB38EFDB8022EAE3A9698 ft=1 fh=8dd7dc1cf3445b5c vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Security System 2\uninstaller.exe.vir" sh=0D310BC1E118037748964A56AB10A3062E039B17 ft=1 fh=d9be506c5a75908e vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Desktop.OS.dll.vir" sh=6438793AF756D3AA8C4E2CAFBA7D03D239059871 ft=1 fh=19260a5687fcfe5d vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Dora.dat.vir" sh=7503116755BAAD721D41850CAB9CBB2365421231 ft=1 fh=0427fddebd474c95 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Maintain.dat.vir" sh=AED94C436A63639194DD9F9DA87D19AA3EDE45AA ft=1 fh=dc0d04b5290e7546 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Paladin.dat.vir" sh=9C80962CF3A7511A428D6200084F17B71D0D213D ft=1 fh=2e3d6de45b15d6ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\melsy\AppData\Roaming\Web Cake\dat\Phoenix.dat.vir" sh=A48076CEBF63988E749815CBD69039D08B14735A ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ArtensoftPhotoMosaicWizard.zip" sh=024079FF7B8C864324A8F5F5706DB446D7B3D5F2 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\CleanseUninstallerPro.zip" sh=693F4A3E417C867790179DB63B33E46C0346D613 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\KingsoftPresentationStd.zip" sh=4C34B47BB5C70ABEF7B265D86BF2010F8AB810B4 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\MP4ToMP3Converter.zip" sh=C650DB886472079561CC80DEF94817835E02FD24 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SothinkLogoMaker.zip" sh=1FE03D963E03841AFC90F28F6D296878E5206C1F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoGet.zip" sh=DC2B099E1F96C5D03D4F03BF98D69A2CD6F22C04 ft=1 fh=40cbdd24eefbf532 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup32.exe" sh=C8E88610998F6FB74FD0388BC44E18A82207B504 ft=1 fh=9ff1cbafe084559b vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\DvDrum 2\RECORDING SOFTWARE\HC2Setup64.exe" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll" sh=740982CE3B3E4BD08C1CBD5FC8CFEB982F1D4E05 ft=1 fh=af8c0585c052e303 vn="Win32/InstalleRex.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll" sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\AppData\Local\Temp\DMR\dmr_72.exe" sh=2729F6FA8F28FB792FBCFF2725FCC8D81CE3CCA3 ft=0 fh=0000000000000000 vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\DvDrum2_b5_Setup.zip" sh=07A1B083446273B593E7287021D55ED5688C53EC ft=0 fh=0000000000000000 vn="PHP/Kryptik.AB Trojaner" ac=I fn="C:\Users\melsy\Desktop\1054_Must_Have_PHP_Scripts_part1\Chat_Scripts\Chat Scripts\blablite22.zip" sh=24688AAD083DBEAB180203CB89B36F7056E93128 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\firefox@qualitink.net.xpi" sh=C44FEB9DD6271C71E9D4B4899D73CAA0F5F93746 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\d3339536-cdf9-444a-b529-160714835cb8@52bed7c4-5816-4cf8-b479-2c341232cd59.com\extensionData\plugins\91_monetizationLoader.js.js" sh=3164F34A7FEC5F532C6A9DFF760113B4E55026E3 ft=1 fh=b5a6070113be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\130120-sview5-v384-Downloader.exe" sh=C779120ED93C6E7F96DC51C9FC882F9F96340324 ft=1 fh=41bdabcae1f2b528 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\2WPinball-Downloader.exe" sh=16D9C063CD13D25EEBC63FCF358C64009A4FCFB0 ft=1 fh=0307e473c2448ea4 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\AshampooMovieStudio2013Ver104-Downloader.exe" sh=919FB69C250161AC362B1E6ECC27E66B892E863F ft=1 fh=6cc80959aef3cdad vn="Win32/Adware.1ClickDownload.AX Anwendung" ac=I fn="C:\Users\melsy\Downloads\BarcelonaStreamApp.exe" sh=7E2D6ECE2E74BF74BDE2D7D0D66EA9FA0EFB65C5 ft=1 fh=d8b24a2eee5b8eea vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\dffsetup-lame_enc.exe" sh=C131ED4CF8F0F152D001811D77BF89299BB2ACEA ft=1 fh=831285361d7e9534 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe" sh=495A75196C43A41FA1313D4B62B0D4170E906431 ft=1 fh=d9125e0aa1ab4a89 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\FreeImageConvertAndResize.exe" sh=837238B0C3C1FCDDCD18A2852D680A2610F72154 ft=1 fh=9061159b2822d34e vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-2.8.10-setup-Downloader.exe" sh=81452D54213DAFA857AE5467B67C11014549715A ft=1 fh=dd0df1ac6180bd2f vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\gimp-help-261-html-detar-Downloader.exe" sh=E482AD834AA2F21ADC0140FE4ECC2BFDAF3FAA22 ft=1 fh=4bd4252d18724ebe vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.67-install-chip-389-conduit.exe" sh=7F0A0674E9522BFCF7CBA33DED49AAEBAF36F614 ft=1 fh=2f70aa409cdbff5b vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\HSS-2.90.exe" sh=1E155C8E88C907618214809BA49529D38D709174 ft=1 fh=3d226696a6f054ac vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\ipnetinfo-Downloader.exe" sh=C9AD39E15D50C4E6FEADB99FA445E3BDB9BF3647 ft=1 fh=77b67014d8a47abf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\kingsoftpresentationstd-Downloader.exe" sh=87D1158606ED48018BC966899016FD9D392C8D31 ft=1 fh=eb078c41703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MicroSIP-3.3.27-Downloader.exe" sh=F8B71E3C73416F4905087E05488AEF3192FB635A ft=1 fh=c82e78466d0c8942 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\MusicRecorder10-Downloader.exe" sh=4D3D18C2D516AD7A7FC93E1E9C07E00C3656B8FF ft=1 fh=4e7fde5325cd1268 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\phonecrypt-desktop-Downloader.exe" sh=1A83C861ACCD538CC1577A46767C5A0496AF4CDE ft=1 fh=ad0294a213be0c05 vn="Variante von Win32/InstallCore.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\pickitinst-Downloader.exe" sh=BCBA8E2AF400377B691EC82DB1256ABB9462678B ft=1 fh=5f941106423da96d vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\privacyfix-firefox502-Downloader.exe" sh=A5EA57A708B3D292515B4005A31E9EA021C2FC97 ft=1 fh=c1e8a60c703de82c vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\shotcut-win32-131022-Downloader.exe" sh=E94FEEC085E6758E0C544F28D653085F79120B76 ft=1 fh=e67ac52ec83c3cc9 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SoftonicDownloader_fuer_riffworks.exe" sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader(1).exe" sh=28085535F3F4322A78B7D0D0343505566936EDF3 ft=1 fh=ff9e27ee8130d72d vn="Variante von MSIL/DownloadGuide.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader.exe" sh=17E3CFAC3CC46008685A6A83A464DED18C7C34B5 ft=1 fh=688f6c4d456fdf25 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe" sh=41ED9036ECCFCB5F4642E6BB03CB956FF9A62C7D ft=1 fh=47f5978555dce2f4 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vitainterface2014Gold1078-Downloader.exe" sh=4F8B1197AF01C40FCE88746CDB905ED8F5678A91 ft=1 fh=de9355ff8be6e0c5 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.0-win64-Downloader.exe" sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.3-win32.exe" sh=E79CE0DA43C79F2A4E48A4F4A02905DE783FBD16 ft=1 fh=a9eb553813c219ce vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\melsy\Downloads\vlc-2.1.4-win64.exe" sh=3393146A8D0C8A8E1C3CEEBDA60C6C81476C3E2D ft=1 fh=ba364102e7b75553 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe" sh=94EC870BA0DF99B54B45DA64AD9D7187CA7708D3 ft=1 fh=97cc4212331376f8 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe" sh=C10EF1D1E3534F528026316078F554FDFF1B1E05 ft=1 fh=ee7edc0b435aa6f2 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe" sh=C0BA2A9C0869846851D8F14DA86E4899E199678C ft=1 fh=7d4d9d957035df84 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe" sh=8643736EC068EAC343D8F74B575517D2363F1376 ft=1 fh=52a3309f2fb86f58 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe" sh=13C48F6FC45F6949AF5192EA564E40E760122C4E ft=1 fh=1cb7fcde8a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert32-Bit151-Downloader.exe" sh=812035F9C97F32427B1E79C7C1B6B3EE7AAE9BBA ft=1 fh=a4d8ef288a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnConvert64-Bit151-Downloader.exe" sh=71C5327830182909BE7CDA6E11E45DE267898660 ft=1 fh=b2c4ea99ed910581 vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\melsy\Downloads\XnViewShell-Erweiterung64-bit32-Downloader.exe" sh=3BFBC2FC15A34D8DB7623EC3154EE1D5DBCD7227 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\59d187f.msi" lg wolfgang Code:
ATTFilter Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` AVG Internet Security 2013 AVG Internet Security Business Edition 2012 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 Java 7 Update 71 Adobe Flash Player 15.0.0.246 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (Firefox.) Mozilla Thunderbird (24.1.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
31.12.2014, 14:30 | #11 |
| Verdacht auf Trojaner [CODE] Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` AVG Internet Security 2013 AVG Internet Security Business Edition 2012 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 Java 7 Update 71 Adobe Flash Player 15.0.0.246 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (Firefox.) Mozilla Thunderbird (24.1.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by melsy (administrator) on MELSY-HP on 31-12-2014 14:03:23 Running from C:\Users\melsy\Downloads Loaded Profile: melsy (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM\...\Run: [SuperEasy 1-Click Backup] => "C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe" --hidden HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * DfSDKBt ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH) Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693 FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14] FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13] FF Extension: ZenMate Security & Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05] FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11] FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13] FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13] FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21] FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13] FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13] FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24] FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28] FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05] FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed] R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] () S2 supereasy_1cbackup; "c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe" "--controlFolder=c:\ProgramData\SuperEasy 1-Click Backup\control" "--id=supereasy_1cbackup" daemon ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.) S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6) R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software) R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] () R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation) S3 CpqDfw; system32\drivers\CpqDfw.sys [X] U3 DfSdkS; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 13:19 - 2014-12-31 13:19 - 00852505 _____ () C:\Users\melsy\Downloads\SecurityCheck.exe 2014-12-30 20:26 - 2014-12-30 20:26 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu(1).exe 2014-12-29 23:44 - 2014-12-31 13:18 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-29 23:43 - 2014-12-29 23:43 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu.exe 2014-12-29 15:43 - 2014-12-29 15:43 - 00028392 _____ () C:\Users\melsy\Documents\Synth Kick.txt 2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\melsy\Desktop\HammerHead 1.0.lnk 2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\_supereasy_1cbackup_\Desktop\HammerHead 1.0.lnk 2014-12-29 14:14 - 2014-12-29 14:14 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station 2014-12-29 14:12 - 2014-12-29 14:19 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install(2).exe 2014-12-29 13:34 - 2014-12-29 13:34 - 00000045 _____ () C:\Users\melsy\Downloads\lay_back.ram 2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\sharky.ram 2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\mellow.ram 2014-12-29 13:34 - 2014-12-29 13:34 - 00000042 _____ () C:\Users\melsy\Downloads\stomp.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\jumpdude.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\hardcore.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\chemical.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000044 _____ () C:\Users\melsy\Downloads\coolhop.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\jungle.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\hiphop.ram 2014-12-29 13:32 - 2014-12-29 13:32 - 00000041 _____ () C:\Users\melsy\Downloads\acid.ram 2014-12-29 13:22 - 2014-12-30 16:59 - 00000000 ____D () C:\Program Files (x86)\HammerHead 2014-12-29 13:22 - 2014-12-29 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station 2014-12-29 13:21 - 2014-12-29 13:21 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install.exe 2014-12-29 12:21 - 2014-12-29 12:21 - 02123264 _____ (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe 2014-12-29 11:59 - 2014-12-29 11:59 - 01707939 _____ (Thisisu) C:\Users\melsy\Downloads\JRT(1).exe 2014-12-29 11:55 - 2014-12-29 11:55 - 00818637 _____ (Thisisu) C:\Users\melsy\Downloads\JRT.exe 2014-12-29 11:27 - 2014-12-29 11:28 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106(1).exe 2014-12-29 11:16 - 2014-12-29 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-29 11:15 - 2014-12-29 11:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\melsy\Downloads\revosetup95.exe 2014-12-29 10:00 - 2014-12-29 10:00 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-27 09:35 - 2014-12-27 09:35 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106.exe 2014-12-26 18:50 - 2014-12-26 18:52 - 00071035 _____ () C:\Users\melsy\Downloads\Addition.txt 2014-12-26 18:48 - 2014-12-31 14:03 - 00028412 _____ () C:\Users\melsy\Downloads\FRST.txt 2014-12-26 18:47 - 2014-12-31 14:03 - 00000000 ____D () C:\FRST 2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe 2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt 2014-12-24 15:10 - 2014-12-29 11:50 - 00000600 _____ () C:\Windows\PFRO.log 2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe 2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates 2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN 2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe 2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe 2014-12-22 01:01 - 2014-12-29 11:20 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano 2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe 2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe 2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk 2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-20 18:32 - 2014-12-31 05:41 - 00001568 _____ () C:\Windows\setupact.log 2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-18 12:27 - 2014-12-31 05:45 - 00374048 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit 2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign 2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe 2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007 2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus 2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4 2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4 2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe 2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk 2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme 2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe 2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp 2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP 2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe 2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects 2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis 2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP 2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro 2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax 2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll 2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax 2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll 2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll 2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm 2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll 2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax 2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll 2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx 2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm 2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm 2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX 2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll 2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm 2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe 2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe 2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin 2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin 2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job 2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task 2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik 2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part 2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker 2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365 2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe 2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe 2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk 2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme 2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk 2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe 2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15 2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe 2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk 2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4 2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup 2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo 2014-12-02 16:15 - 2014-12-29 11:51 - 00000000 ____D () C:\Users\_supereasy_1cbackup_ 2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup 2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help 2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software 2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture 2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia 2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 14:02 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype 2014-12-31 13:55 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC} 2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1} 2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1} 2014-12-31 13:55 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C} 2014-12-31 13:55 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938} 2014-12-31 13:55 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462} 2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E} 2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869} 2014-12-31 13:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-31 13:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-31 13:41 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-31 13:23 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat 2014-12-31 13:23 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat 2014-12-31 13:23 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-31 13:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-31 13:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job 2014-12-31 12:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-31 05:42 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-31 05:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-31 00:22 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-30 22:50 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-30 19:03 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc 2014-12-30 09:45 - 2014-10-15 16:42 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-12-29 12:20 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit 2014-12-29 11:48 - 2013-09-19 13:30 - 00000000 ____D () C:\AdwCleaner 2014-12-29 11:34 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps 2014-12-29 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job 2014-12-29 01:46 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy 2014-12-29 01:46 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job 2014-12-27 23:22 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO 2014-12-27 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype 2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF 2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes 2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr 2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien 2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre 2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX 2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity 2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios 2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp 2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video 2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ 2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar 2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM 2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2 2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo 2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client 2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy 2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client 2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations 2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos 2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx 2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} 2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications 2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client 2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender 2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client 2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther 2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk 2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2 Some content of TEMP: ==================== C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe C:\Users\melsy\AppData\Local\Temp\Quarantine.exe C:\Users\melsy\AppData\Local\Temp\ripsetup.exe C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe C:\Users\melsy\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 04:32 ==================== End Of Log ============================ --- --- --- --- --- --- [CODE] Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` AVG Internet Security 2013 AVG Internet Security Business Edition 2012 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` TuneUp Utilities 2014 TuneUp Utilities 2014 (de-DE) TuneUp Utilities 2014 Java 7 Update 71 Adobe Flash Player 15.0.0.246 Flash Player out of Date! Adobe Reader XI Mozilla Firefox (Firefox.) Mozilla Thunderbird (24.1.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe AVG avgwdsvc.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014 Ran by melsy (administrator) on MELSY-HP on 31-12-2014 14:03:23 Running from C:\Users\melsy\Downloads Loaded Profile: melsy (Available profiles: melsy & _supereasy_1cbackup_ & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe (RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [Cm106Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm106.dll,CMICtrlWnd HKLM\...\Run: [SuperEasy 1-Click Backup] => "C:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupClient-sez1cb.exe" --hidden HKLM\...\Run: [Ashampoo WinOptimizer Live-Tuner2] => C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner2.exe [3516784 2014-11-18] (Ashampoo Development GmbH & Co. KG) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [SPM15 Chrome Autofill Relay] => C:\Program Files (x86)\Steganos Password Manager 15\passwordmanagercom.exe [480120 2014-06-25] (Steganos Software GmbH) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [Facebook Update] => C:\Users\melsy\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-10-31] (Facebook Inc.) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\wo11.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File BootExecute: autocheck autochk * DfSDKBt ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3195104690-1283173883-910289243-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs URLSearchHook: HKLM-x32 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File URLSearchHook: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 - (No Name) - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File SearchScopes: HKLM -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> {8262B94D-0FB8-44AE-AA96-7114154C01C3} URL = SearchScopes: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar64.dll (Steganos Software GmbH) Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKLM-x32 - No Name - {422f7661-9403-4da4-b4ef-cc3e268817b5} - No File Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 15\SPMIEToolbar.dll (Steganos Software GmbH) Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-3195104690-1283173883-910289243-1001 -> No Name - {422F7661-9403-4DA4-B4EF-CC3E268817B5} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693 FF Homepage: https://www.google.at/?gws_rd=cr&ei=3OKMUuu2NOO54AT-pYGQCg FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype) FF Plugin-x32: @soft-xpansion/npsxpdf -> C:\Program Files (x86)\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\melsy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @talk.google.com/O1DPlugin -> C:\Users\melsy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=3 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-3195104690-1283173883-910289243-1001: @tools.google.com/Google Update;version=9 -> C:\Users\melsy\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Users\melsy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-images.xml FF SearchPlugin: C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\searchplugins\google-maps.xml FF Extension: FDislike - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\fbdislike@doweb.fr.xpi [2014-04-14] FF Extension: Ghostery - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@ghostery.com.xpi [2014-04-13] FF Extension: ZenMate Security & Privacy VPN - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\firefox@zenmate.com.xpi [2014-10-05] FF Extension: ProxTube - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\ich@maltegoetz.de.xpi [2014-09-11] FF Extension: convert2mp3.net YouTube2MP3 Converter - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\info@convert2mp3.net.xpi [2014-04-13] FF Extension: Facebook Select All - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\jid0-n2ISP7BOUOHLqFZBUsiANkm14Ck@jetpack.xpi [2014-04-13] FF Extension: RequestPolicy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\requestpolicy@requestpolicy.com.xpi [2014-11-21] FF Extension: NoScript - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-13] FF Extension: Adblock Plus - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-13] FF Extension: OkayFreedom - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpi [2014-12-24] FF Extension: Google Privacy - C:\Users\melsy\AppData\Roaming\Mozilla\Firefox\Profiles\ztxv0dqa.default-1397397919693\Extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2014-12-08] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-05-20] FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4 FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox4 [2013-06-28] FF HKLM-x32\...\Firefox\Extensions: [{B45418F9-6406-4828-9D1A-35313FB1E2D6}] - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb FF Extension: Free PDF Perfect - C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013-09-02] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Password Manager 15\spmplugin3 [2014-12-05] FF HKU\S-1-5-21-3195104690-1283173883-910289243-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR Profile: C:\Users\melsy\AppData\Local\Google\Chrome\User Data\Default ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-10-22] (SUPERAntiSpyware.com) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed] R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH) S4 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] S4 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3665752 2012-01-26] () S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [234096 2013-09-02] (soft Xpansion) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-21] (TuneUp Software) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-12-22] (RaMMicHaeL) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation) R2 WO_LiveService2; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-11-18] () S2 supereasy_1cbackup; "c:\Program Files\SuperEasy Software\1-Click Backup Free\bin\backupService-sez1cb.exe" "--controlFolder=c:\ProgramData\SuperEasy 1-Click Backup\control" "--id=supereasy_1cbackup" daemon ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133160 2011-06-16] (Broadcom Corporation.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.) S3 L6UX1; C:\Windows\System32\Drivers\L6UX164.sys [772864 2013-07-11] (Line 6) R3 leawo_vad; C:\Windows\System32\drivers\leawo_vad.sys [33048 2013-05-21] (Shenzhen Moyea Software) R2 LiveTuner2PM; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner64.sys [14320 2014-03-20] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-31] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] () R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-03] (Anchorfree Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-11-12] (TuneUp Software) S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1451008 2008-10-13] (C-Media Electronics Inc) S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [51016 2011-11-01] (Yamaha Corporation) S3 CpqDfw; system32\drivers\CpqDfw.sys [X] U3 DfSdkS; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 13:19 - 2014-12-31 13:19 - 00852505 _____ () C:\Users\melsy\Downloads\SecurityCheck.exe 2014-12-30 20:26 - 2014-12-30 20:26 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu(1).exe 2014-12-29 23:44 - 2014-12-31 13:18 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-12-29 23:43 - 2014-12-29 23:43 - 02347384 _____ (ESET) C:\Users\melsy\Downloads\esetsmartinstaller_deu.exe 2014-12-29 15:43 - 2014-12-29 15:43 - 00028392 _____ () C:\Users\melsy\Documents\Synth Kick.txt 2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\melsy\Desktop\HammerHead 1.0.lnk 2014-12-29 14:14 - 2014-12-29 14:14 - 00000971 _____ () C:\Users\_supereasy_1cbackup_\Desktop\HammerHead 1.0.lnk 2014-12-29 14:14 - 2014-12-29 14:14 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station 2014-12-29 14:12 - 2014-12-29 14:19 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install(2).exe 2014-12-29 13:34 - 2014-12-29 13:34 - 00000045 _____ () C:\Users\melsy\Downloads\lay_back.ram 2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\sharky.ram 2014-12-29 13:34 - 2014-12-29 13:34 - 00000043 _____ () C:\Users\melsy\Downloads\mellow.ram 2014-12-29 13:34 - 2014-12-29 13:34 - 00000042 _____ () C:\Users\melsy\Downloads\stomp.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\jumpdude.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\hardcore.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000045 _____ () C:\Users\melsy\Downloads\chemical.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000044 _____ () C:\Users\melsy\Downloads\coolhop.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\jungle.ram 2014-12-29 13:33 - 2014-12-29 13:33 - 00000043 _____ () C:\Users\melsy\Downloads\hiphop.ram 2014-12-29 13:32 - 2014-12-29 13:32 - 00000041 _____ () C:\Users\melsy\Downloads\acid.ram 2014-12-29 13:22 - 2014-12-30 16:59 - 00000000 ____D () C:\Program Files (x86)\HammerHead 2014-12-29 13:22 - 2014-12-29 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HammerHead Rhythm Station 2014-12-29 13:21 - 2014-12-29 13:21 - 01508117 _____ () C:\Users\melsy\Downloads\hh10_install.exe 2014-12-29 12:21 - 2014-12-29 12:21 - 02123264 _____ (Farbar) C:\Users\melsy\Downloads\FRST64(1).exe 2014-12-29 11:59 - 2014-12-29 11:59 - 01707939 _____ (Thisisu) C:\Users\melsy\Downloads\JRT(1).exe 2014-12-29 11:55 - 2014-12-29 11:55 - 00818637 _____ (Thisisu) C:\Users\melsy\Downloads\JRT.exe 2014-12-29 11:27 - 2014-12-29 11:28 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106(1).exe 2014-12-29 11:16 - 2014-12-29 11:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-12-29 11:15 - 2014-12-29 11:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\melsy\Downloads\revosetup95.exe 2014-12-29 10:00 - 2014-12-29 10:00 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-27 09:35 - 2014-12-27 09:35 - 02173952 _____ () C:\Users\melsy\Downloads\AdwCleaner_4.106.exe 2014-12-26 18:50 - 2014-12-26 18:52 - 00071035 _____ () C:\Users\melsy\Downloads\Addition.txt 2014-12-26 18:48 - 2014-12-31 14:03 - 00028412 _____ () C:\Users\melsy\Downloads\FRST.txt 2014-12-26 18:47 - 2014-12-31 14:03 - 00000000 ____D () C:\FRST 2014-12-26 18:47 - 2014-12-26 18:47 - 02122752 _____ (Farbar) C:\Users\melsy\Downloads\FRST64.exe 2014-12-26 15:25 - 2014-12-26 15:25 - 00001455 _____ () C:\trojaner.txt 2014-12-24 15:10 - 2014-12-29 11:50 - 00000600 _____ () C:\Windows\PFRO.log 2014-12-24 15:02 - 2014-12-24 15:02 - 16520304 _____ (Steganos Software GmbH) C:\Users\melsy\Downloads\okayfreedomwr.exe 2014-12-24 14:01 - 2014-12-24 14:01 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos Updates 2014-12-24 13:59 - 2014-12-24 14:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos VPN 2014-12-24 13:56 - 2014-12-24 13:56 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion OkayFreedom Premium Flat - CHIP-Installer.exe 2014-12-22 02:54 - 2014-12-22 02:54 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup(1).exe 2014-12-22 01:01 - 2014-12-29 11:20 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\DigitalVolcano 2014-12-22 00:59 - 2014-12-22 00:59 - 05164040 _____ (DigitalVolcano Software Ltd) C:\Users\melsy\Downloads\DuplicateCleaner_setup.exe 2014-12-21 02:14 - 2014-12-21 02:14 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Magix Music Maker 2013 - CHIP-Installer.exe 2014-12-20 18:36 - 2014-12-20 18:36 - 00001152 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip CD Ripper Software.lnk 2014-12-20 18:36 - 2014-12-20 18:36 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-20 18:32 - 2014-12-31 05:41 - 00001568 _____ () C:\Windows\setupact.log 2014-12-20 18:32 - 2014-12-20 18:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-18 12:27 - 2014-12-31 05:45 - 00374048 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 00:38 - 2014-12-17 00:38 - 00000000 ____D () C:\Users\melsy\Documents\DesignCAD 3D MAX 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD Toolkit Maschinenbau & Konstruktion 22 2014-12-17 00:37 - 2014-12-17 00:37 - 00000000 ____D () C:\Program Files (x86)\DCToolkit 2014-12-17 00:36 - 2014-12-17 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DesignCAD 3D Max 22 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\ProgramData\IMSIDesign 2014-12-17 00:35 - 2014-12-17 00:35 - 00000000 ____D () C:\Program Files (x86)\IMSIDesign 2014-12-17 00:15 - 2014-12-17 00:18 - 95590424 _____ () C:\Users\melsy\Downloads\DesignCAD-V22-3D-Triple-Toolkits-Complete-CHIP.exe 2014-12-16 14:47 - 2014-12-21 19:57 - 00168064 _____ () C:\Users\melsy\AppData\Local\GDIPFONTCACHEV1.DAT 2014-12-15 21:05 - 2014-12-15 21:05 - 00000000 ____D () C:\Users\melsy\Downloads\Office 2007 2014-12-15 19:04 - 2014-12-15 19:11 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Scribus 2014-12-15 18:59 - 2014-12-15 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scribus 1.4.4 2014-12-15 18:57 - 2014-12-15 19:03 - 00000000 ____D () C:\Program Files\Scribus 1.4.4 2014-12-15 17:02 - 2014-12-15 17:04 - 86069640 _____ (The Scribus Team) C:\Users\melsy\Downloads\scribus-1.4.4-windows-x64.exe 2014-12-15 15:06 - 2014-12-15 15:06 - 00001148 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk 2014-12-15 15:06 - 2014-12-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audioverwandte Programme 2014-12-15 11:46 - 2014-12-15 11:46 - 01177424 _____ () C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe 2014-12-14 23:48 - 2014-12-14 23:48 - 00000000 _____ () C:\Windows\SysWOW64\shoFA1F.tmp 2014-12-14 23:31 - 2014-12-14 23:31 - 00000000 __SHD () C:\WISE_DISKSCRUBTEMP 2014-12-14 16:30 - 2014-12-14 16:32 - 43145168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\melsy\Downloads\ashampoo_winoptimizer_11_11.00.50_18137.exe 2014-12-13 09:28 - 2014-12-15 11:35 - 00000000 ____D () C:\Users\melsy\HDR Projects 2014-12-13 09:26 - 2014-12-13 09:26 - 00001045 _____ () C:\Users\Public\Desktop\HDR Projects platin (64-Bit).lnk 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis 2014-12-13 09:26 - 2014-12-13 09:26 - 00000000 ____D () C:\Program Files\Franzis 2014-12-13 09:09 - 2014-12-13 09:09 - 00000000 ____D () C:\Users\melsy\Documents\HDR-projects-platin-win-mac-CHIP 2014-12-12 13:24 - 2014-12-12 13:24 - 00000000 _____ () C:\Windows\SysWOW64\sho287C.tmp 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\Documents\FlashIntegro 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\VideoEditor 2014-12-11 19:52 - 2014-12-11 19:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashIntegro 2014-12-11 19:51 - 2014-12-15 11:35 - 00000000 ____D () C:\Program Files (x86)\FlashIntegro 2014-12-11 19:51 - 2014-12-09 13:21 - 00081792 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter2.ax 2014-12-11 19:51 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll 2014-12-11 19:51 - 2004-12-10 10:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll 2014-12-11 19:51 - 2004-09-06 16:06 - 00053248 _____ () C:\Windows\SysWOW64\xvid.ax 2014-12-11 19:51 - 2004-07-03 21:08 - 00139264 _____ () C:\Windows\SysWOW64\xvidvfw.dll 2014-12-11 19:51 - 2004-07-03 20:59 - 00524288 _____ () C:\Windows\SysWOW64\xvidcore.dll 2014-12-11 19:51 - 2004-02-04 21:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm 2014-12-11 19:51 - 2003-05-22 12:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll 2014-12-11 19:51 - 2003-05-22 12:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax 2014-12-11 19:51 - 2003-05-21 23:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll 2014-12-11 19:51 - 2003-05-21 23:50 - 00156910 _____ () C:\Windows\WMSysPr8.prx 2014-12-11 19:51 - 2003-05-21 23:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm 2014-12-11 19:51 - 2003-05-21 23:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm 2014-12-11 19:51 - 2003-03-25 05:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX 2014-12-11 19:51 - 2002-08-20 00:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll 2014-12-11 19:51 - 2000-03-14 20:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm 2014-12-11 19:47 - 2014-12-11 19:47 - 01177424 _____ () C:\Users\melsy\Downloads\VSDC Free Video Editor - CHIP-Installer.exe 2014-12-10 19:29 - 2014-12-10 19:29 - 17103000 _____ (Electronic Arts, Inc.) C:\Users\melsy\Downloads\OriginThinSetup.exe 2014-12-10 18:55 - 2014-12-10 19:40 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Origin 2014-12-10 18:53 - 2014-12-10 19:54 - 00000000 ____D () C:\ProgramData\Origin 2014-12-10 14:14 - 2014-12-16 08:59 - 00000412 _____ () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job 2014-12-10 14:14 - 2014-12-10 14:14 - 00002834 _____ () C:\Windows\System32\Tasks\Wise Care 365 PC Checkup Task 2014-12-10 09:50 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 09:50 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 09:21 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 09:21 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 09:21 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 09:21 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 09:21 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 09:21 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 09:21 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 09:21 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 09:12 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 09:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-09 13:07 - 2014-12-22 13:17 - 00000000 ____D () C:\Users\melsy\Documents\camera musik 2014-12-09 12:29 - 2014-12-09 12:30 - 11669724 _____ () C:\Users\melsy\Downloads\Camera Rare Grooves Aluminium Edition - 02 Donny Hathaway - The Ghetto.mp4.part 2014-12-09 11:06 - 2014-12-09 11:06 - 00003070 _____ () C:\Windows\System32\Tasks\Wise Turbo Checker 2014-12-09 11:06 - 2014-12-09 11:06 - 00002848 _____ () C:\Windows\System32\Tasks\Wise Care 365 2014-12-09 11:06 - 2014-12-09 11:06 - 00000422 _____ () C:\Windows\Tasks\Wise Care 365.job 2014-12-09 11:06 - 2014-12-09 11:06 - 00000402 _____ () C:\Windows\Tasks\Wise Turbo Checker.job 2014-12-09 10:33 - 2014-12-20 02:15 - 00000000 ____D () C:\Program Files (x86)\Wise 2014-12-09 10:31 - 2014-12-09 10:31 - 01174352 _____ () C:\Users\melsy\Downloads\Wise Care 365 - CHIP-Installer.exe 2014-12-07 14:45 - 2014-12-07 14:46 - 11553744 _____ () C:\Users\melsy\Downloads\EssentialPIM6.exe 2014-12-05 17:37 - 2014-12-05 17:37 - 00001170 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoStage Diashow-Ersteller.lnk 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 17:37 - 2014-12-05 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme 2014-12-05 16:44 - 2014-12-05 16:44 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Image Editor.lnk 2014-12-05 16:44 - 2014-12-05 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette 2014-12-05 16:43 - 2014-12-05 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grafikverwandte Programme 2014-12-05 16:42 - 2014-12-05 16:42 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Imagedatei-Konverter.lnk 2014-12-05 16:29 - 2014-12-05 16:30 - 00505376 _____ (NCH Software) C:\Users\melsy\Downloads\pixpsetup.exe 2014-12-05 13:02 - 2014-12-24 14:32 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Steganos 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steganos Passwort-Manager 15 2014-12-05 13:02 - 2014-12-05 13:03 - 00000000 ____D () C:\Program Files (x86)\Steganos Password Manager 15 2014-12-05 13:00 - 2014-12-05 13:00 - 01174352 _____ () C:\Users\melsy\Downloads\Vollversion Steganos Passwort Manager 15 - CHIP-Installer.exe 2014-12-04 18:05 - 2014-12-04 18:05 - 00001964 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk 2014-12-03 19:41 - 2014-12-03 19:41 - 07270351 _____ () C:\Users\melsy\Downloads\meine 68 jährige (2).mp4 2014-12-02 16:16 - 2014-12-08 03:47 - 00000000 ____D () C:\Users\melsy\AppData\Local\SuperEasy 1-Click Backup 2014-12-02 16:16 - 2014-12-03 16:04 - 00000000 ___HD () C:\ProgramData\sysnfxo 2014-12-02 16:15 - 2014-12-29 11:51 - 00000000 ____D () C:\Users\_supereasy_1cbackup_ 2014-12-02 16:15 - 2014-12-02 16:15 - 00000020 ___SH () C:\Users\_supereasy_1cbackup_\ntuser.ini 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Vorlagen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Startmenü 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Netzwerkumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Lokale Einstellungen 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Eigene Dateien 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Druckumgebung 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Musik 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Documents\Eigene Bilder 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Verlauf 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\AppData\Local\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 _SHDL () C:\Users\_supereasy_1cbackup_\Anwendungsdaten 2014-12-02 16:15 - 2014-12-02 16:15 - 00000000 ____D () C:\ProgramData\SuperEasy 1-Click Backup 2014-12-02 16:15 - 2013-08-14 10:34 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\Microsoft Help 2014-12-02 16:15 - 2013-07-31 08:12 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\TuneUp Software 2014-12-02 16:15 - 2013-07-26 03:08 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Local\ScreenCapture 2014-12-02 16:15 - 2012-12-03 06:32 - 00000000 ____D () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Macromedia 2014-12-02 16:15 - 2012-08-12 01:32 - 00002134 _____ () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk 2014-12-02 16:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-02 16:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\_supereasy_1cbackup_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-12-02 16:13 - 2014-12-02 16:13 - 28074616 _____ (SuperEasy Software GmbH & Co. KG ) C:\Users\melsy\Downloads\supereasy_1-click_backup_free_1.13.0_8279.exe 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EAC 2014-12-02 14:03 - 2014-12-02 14:03 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\AccurateRip 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Cliqz 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy 2014-12-02 14:02 - 2014-12-02 14:02 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy 2014-12-02 13:57 - 2014-12-02 13:57 - 01174352 _____ () C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-31 14:02 - 2012-05-18 12:08 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Skype 2014-12-31 13:55 - 2014-10-15 14:50 - 00003094 _____ () C:\Windows\System32\Tasks\{B2E8F773-5F5C-4836-8957-FEE3042EABFC} 2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{C0C124F4-41F2-47D4-860C-4FCF583875C1} 2014-12-31 13:55 - 2014-09-21 08:03 - 00003088 _____ () C:\Windows\System32\Tasks\{5C4F42ED-5832-48B4-BCB9-D77730EC38C1} 2014-12-31 13:55 - 2014-08-28 18:24 - 00003076 _____ () C:\Windows\System32\Tasks\{8795FFFA-4029-4A70-B1CF-0C3C57CDEE7C} 2014-12-31 13:55 - 2013-10-09 17:59 - 00003102 _____ () C:\Windows\System32\Tasks\{AD7AC0AF-B335-4FB0-ABC0-6583AD2EE938} 2014-12-31 13:55 - 2013-05-03 19:39 - 00003086 _____ () C:\Windows\System32\Tasks\{2A792A14-06ED-4493-81D7-2A64E97EA462} 2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{69CD82CA-4612-410F-907D-CE1E674B652E} 2014-12-31 13:55 - 2012-11-20 13:26 - 00002966 _____ () C:\Windows\System32\Tasks\{670A25EF-5F02-41BB-BB0D-827A205D5869} 2014-12-31 13:54 - 2014-09-10 08:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-31 13:50 - 2013-10-31 22:45 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-31 13:41 - 2014-05-20 14:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-31 13:23 - 2011-08-09 21:16 - 00774266 _____ () C:\Windows\system32\perfh007.dat 2014-12-31 13:23 - 2011-08-09 21:16 - 00175794 _____ () C:\Windows\system32\perfc007.dat 2014-12-31 13:23 - 2009-07-14 06:13 - 01808064 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-31 13:22 - 2013-01-23 23:10 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001UA.job 2014-12-31 13:11 - 2012-08-13 22:06 - 00000386 _____ () C:\Windows\Tasks\WpsUpdateTask_melsy.job 2014-12-31 12:13 - 2013-05-07 17:00 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-31 05:49 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-31 05:42 - 2012-07-27 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-31 05:41 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-31 00:22 - 2013-01-23 23:10 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-30 22:50 - 2013-10-31 22:45 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3195104690-1283173883-910289243-1001Core.job 2014-12-30 19:03 - 2014-04-22 13:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\vlc 2014-12-30 09:45 - 2014-10-15 16:42 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-12-29 12:20 - 2012-05-21 13:38 - 00000000 ___RD () C:\Users\melsy\Desktop\Sicherheit 2014-12-29 11:48 - 2013-09-19 13:30 - 00000000 ____D () C:\AdwCleaner 2014-12-29 11:34 - 2012-05-20 16:38 - 00000000 ____D () C:\Users\melsy\AppData\Local\CrashDumps 2014-12-29 02:58 - 2012-07-02 01:36 - 00000410 _____ () C:\Windows\Tasks\EasyShare Registration Task.job 2014-12-29 01:46 - 2014-07-19 10:21 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormelsy 2014-12-29 01:46 - 2014-07-19 10:21 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFormelsy.job 2014-12-27 23:22 - 2012-05-21 23:39 - 00000000 ___RD () C:\Users\melsy\Desktop\TONSTUDIO 2014-12-27 18:36 - 2012-09-23 02:50 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software 2014-12-26 15:24 - 2014-05-20 14:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-12-25 20:44 - 2014-09-21 08:17 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-25 20:44 - 2012-05-18 12:07 - 00000000 ____D () C:\ProgramData\Skype 2014-12-24 15:22 - 2014-10-15 17:01 - 00003694 _____ () C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm 2014-12-22 13:37 - 2013-03-26 14:54 - 00000000 ____D () C:\Users\melsy\Documents\RAF 2014-12-22 13:37 - 2013-01-23 02:22 - 00000000 ____D () C:\Users\melsy\Documents\Cybershapes 2014-12-22 13:26 - 2012-09-23 01:41 - 00000000 ____D () C:\Users\melsy\Documents\soz-österr 2014-12-22 13:26 - 2012-05-19 10:40 - 00000000 ____D () C:\Users\melsy\Documents\Meine empfangenen Dateien 2014-12-22 08:20 - 2009-07-14 05:45 - 00539840 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-21 19:56 - 2012-05-20 12:12 - 00000000 ____D () C:\Users\melsy\Documents\Gitarre 2014-12-21 04:24 - 2013-03-16 19:48 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-12-21 02:59 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-12-21 02:57 - 2012-07-01 18:18 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-12-21 02:52 - 2013-03-16 19:56 - 00000000 ___RD () C:\Users\melsy\Documents\MAGIX 2014-12-21 02:52 - 2012-07-01 18:18 - 00000000 ____D () C:\ProgramData\MAGIX 2014-12-20 18:34 - 2012-05-18 15:45 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Audacity 2014-12-20 02:31 - 2013-10-11 13:45 - 00000000 ___RD () C:\Users\melsy\Desktop\radios 2014-12-20 02:31 - 2012-09-08 11:59 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\XnView 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCFinder 2014-12-20 01:57 - 2012-11-03 14:18 - 00000000 ____D () C:\Program Files (x86)\CCFinder 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-12-18 12:24 - 2012-05-21 03:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-12-18 12:22 - 2011-12-10 05:20 - 00000000 ____D () C:\ProgramData\Temp 2014-12-17 00:39 - 2012-07-18 02:06 - 00000000 ___RD () C:\Users\melsy\Desktop\Foto Video 2014-12-16 19:19 - 2012-07-24 21:06 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte 2014-12-15 19:01 - 2013-09-02 13:26 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-15 18:40 - 2014-10-23 10:29 - 00000000 ____D () C:\Users\melsy\Documents\KPÖ 2014-12-15 14:25 - 2012-05-21 03:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuxGuitar 2014-12-15 11:49 - 2013-02-03 15:57 - 00000000 ____D () C:\Program Files (x86)\TuxGuitar 2014-12-15 11:35 - 2013-05-18 21:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\EssentialPIM 2014-12-15 11:35 - 2013-02-03 15:59 - 00000000 ____D () C:\Users\melsy\.tuxguitar-1.2 2014-12-15 11:35 - 2012-12-14 19:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-12-15 11:35 - 2012-12-05 11:56 - 00000000 ____D () C:\ProgramData\Ashampoo 2014-12-15 11:35 - 2012-05-20 17:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-15 11:35 - 2012-05-19 13:23 - 00000000 ____D () C:\Program Files (x86)\ScanIT-Client 2014-12-15 11:35 - 2012-05-18 11:43 - 00000000 ____D () C:\Users\melsy 2014-12-15 11:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration 2014-12-15 10:43 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\SoftGrid Client 2014-12-15 10:02 - 2013-09-29 09:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-14 23:43 - 2013-01-03 14:29 - 00000000 ____D () C:\Users\melsy\AppData\Local\Downloaded Installations 2014-12-14 16:36 - 2012-05-21 13:33 - 00000000 ____D () C:\Program Files (x86)\Ashampoo 2014-12-13 13:09 - 2014-09-09 13:12 - 00000000 ____D () C:\Users\melsy\Documents\demos 2014-12-13 12:35 - 2012-09-21 20:10 - 00038311 _____ () C:\Users\melsy\Documents\Passwörter.xlsx 2014-12-10 19:50 - 2012-06-02 18:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-10 17:54 - 2014-09-10 08:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-10 17:54 - 2014-07-04 14:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-10 17:54 - 2014-07-04 14:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-10 10:52 - 2013-02-25 20:12 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE} 2014-12-10 10:52 - 2013-02-25 20:11 - 00000000 ____D () C:\ProgramData\Virtualized Applications 2014-12-10 10:52 - 2012-05-20 12:52 - 00000000 ____D () C:\Users\melsy\AppData\Local\SoftGrid Client 2014-12-10 10:39 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-12-10 10:31 - 2013-05-20 18:34 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-12-10 10:24 - 2013-07-11 11:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-10 09:53 - 2012-05-21 03:56 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-09 14:02 - 2013-05-29 17:59 - 00000000 ____D () C:\Users\melsy\Documents\Essential Kalender 2014-12-09 13:48 - 2013-03-05 13:41 - 00000000 ____D () C:\Users\melsy\AppData\Roaming\TS3Client 2014-12-09 10:51 - 2013-11-11 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-12-09 10:35 - 2007-01-02 02:25 - 00000000 ____D () C:\Windows\Panther 2014-12-07 14:47 - 2013-05-25 09:47 - 00001023 _____ () C:\Users\Public\Desktop\EssentialPIM.lnk 2014-12-03 12:40 - 2014-08-21 22:58 - 00000000 ____D () C:\Users\melsy\Documents\Norma A2 Some content of TEMP: ==================== C:\Users\melsy\AppData\Local\Temp\abelssoft.setup.exe C:\Users\melsy\AppData\Local\Temp\Quarantine.exe C:\Users\melsy\AppData\Local\Temp\ripsetup.exe C:\Users\melsy\AppData\Local\Temp\SkypeSetup.exe C:\Users\melsy\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 04:32 ==================== End Of Log ============================ --- --- --- --- --- --- Habe mit dem PC keine Probleme mehr ..... Bitte sende mir mit einer PM deinen Namen deine Kontonr. habe ich noch falls sie sich im den letzten 13 Monaten nicht geändert haben . Vielen Dank u lg wolfgang |
31.12.2014, 14:32 | #12 |
| Verdacht auf Trojaner Habe mit dem PC keine Probleme mehr ..... Bitte sende mir mit einer PM deinen Namen deine Kontonr. habe ich noch falls sie sich im den letzten 13 Monaten nicht geändert haben . Vielen Dank u lg wolfgang |
31.12.2014, 18:07 | #13 |
/// the machine /// TB-Ausbilder | Verdacht auf Trojaner Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\InstallMate\{2EBA94E4-4F0E-871A-65F1-072CF559B612}\_Setupx.dll C:\Users\melsy\AppData\Local\Temp\DMR\dmr_72.exe C:\Users\melsy\Desktop\DvDrum2_b5_Setup.zip C:\Users\melsy\Desktop\1054_Must_Have_PHP_Scripts_part1\Chat_Scripts\Chat Scripts\blablite22.zip C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\firefox@qualitink.net.xpi C:\Users\melsy\Desktop\Alte Firefox-Daten\3mzjeqm2.default\extensions\d3339536-cdf9-444a-b529-160714835cb8@52bed7c4-5816-4cf8-b479-2c341232cd59.com\extensionData\plugins\91_monetizationLoader.js.js C:\Users\melsy\Downloads\130120-sview5-v384-Downloader.exe C:\Users\melsy\Downloads\2WPinball-Downloader.exe C:\Users\melsy\Downloads\AshampooMovieStudio2013Ver104-Downloader.exe C:\Users\melsy\Downloads\BarcelonaStreamApp.exe C:\Users\melsy\Downloads\dffsetup-lame_enc.exe C:\Users\melsy\Downloads\Exact Audio Copy - CHIP-Installer.exe C:\Users\melsy\Downloads\FreeImageConvertAndResize.exe C:\Users\melsy\Downloads\gimp-2.8.10-setup-Downloader.exe C:\Users\melsy\Downloads\gimp-help-261-html-detar-Downloader.exe C:\Users\melsy\Downloads\HSS-2.67-install-chip-389-conduit.exe C:\Users\melsy\Downloads\HSS-2.90.exe C:\Users\melsy\Downloads\ipnetinfo-Downloader.exe C:\Users\melsy\Downloads\kingsoftpresentationstd-Downloader.exe C:\Users\melsy\Downloads\MicroSIP-3.3.27-Downloader.exe C:\Users\melsy\Downloads\MusicRecorder10-Downloader.exe C:\Users\melsy\Downloads\phonecrypt-desktop-Downloader.exe C:\Users\melsy\Downloads\pickitinst-Downloader.exe C:\Users\melsy\Downloads\privacyfix-firefox502-Downloader.exe C:\Users\melsy\Downloads\shotcut-win32-131022-Downloader.exe C:\Users\melsy\Downloads\SoftonicDownloader_fuer_riffworks.exe C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader(1).exe C:\Users\melsy\Downloads\SuperEasyVideoBooster113056-Downloader.exe C:\Users\melsy\Downloads\TuxGuitar - CHIP-Installer.exe HKU\S-1-5-21-3195104690-1283173883-910289243-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Spendenlink findest Du in meiner Signatur Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
01.01.2015, 15:49 | #14 |
| Verdacht auf Trojaner wann ich FRST. wie beschrieben starte ( fix) kommt fixlist.txt not found obwohl ich diesen gespeichert habe |
01.01.2015, 16:52 | #15 | |
/// the machine /// TB-Ausbilder | Verdacht auf TrojanerZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Verdacht auf Trojaner |
angezeigt, auszuschalten, debug, edition, eingefangen, erfolgreich, festgestellt, funktionier, funktioniert, gefangen, geholfen, gen, gescannt, gestellt, malwarebytes, meinung, nichts, premium, quarantäne, troja, trojaner, verdacht, verschoben, vorerst, wolfgang |