| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: zu hoher Datenverbrauch, MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2015, 07:36
| #1 |
| |  zu hoher Datenverbrauch, Malware Hallo, seit ein paar Tagen habe ich Probleme mit meinem PC/Vista (32bit). Ich gehe mit einem mobilcom debitel Stick (O2) ins Internet und habe mir wohl einiges eingefangen. Wenn ich den Stick starte, habe ich schon einen hohen Datenverbrauch, ohne irgendwas zu machen. Öffne ich dann Google Chrome Brower (habe alternativ auch Iron getestet) verbrauche ich 10x mehr als üblich. Besonders der upload ist sehr hoch und es läd weiter, obwohl ich nichts mehr mache. Gestern habe ich 4 verschiedene Anti Virus Programme geladen, bis ich einen gefunden habe, mit dem ich Malware kostenlos entfernen kann, aber das Problem wurde nicht wirklich behoben. In einem anderen Tread habe ich gesehen, das man einen Farbar Recovery Scan machen soll und dort finde ich beängstigende links von www.007guard.com angefangen, über 100sexlinks.com bis 123haustiereundmehr.com, die ich aber nie geöffnet habe. Was kann ich nun tun, um meinen PC zu reinigen? Da ich viele Pics gespeichert habe und mich allgemein nicht sehr gut auskenne, ist formatieren nicht so die beste Lösung. Vielen Dank schon mal. |
|
25.07.2015, 09:40
| #2 |
| /// the machine /// TB-Ausbilder    | zu hoher Datenverbrauch, Malware hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
25.07.2015, 13:08
| #3 |
| | zu hoher Datenverbrauch, Malware Das ist der Addition-Editor (ich habe den Tex kopiert, das ist ja ganz schön viel, wusste nicht, wie ich das sonst alles einfügen sollte^^):
__________________==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Sandra\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 12:23 - 2010-08-07 16:12 - 00415906 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04672349-6C87-4543-9E6C-29D0CCC90F34} - \GPUP No Task File <==== ATTENTION Task: {05C028A0-C11B-4F15-B923-6B0DCD16EC40} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-2 No Task File <==== ATTENTION Task: {06B3ECA7-D67D-4DAE-A65C-4A16AA407F52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.) Task: {127E4671-C565-43C0-A807-EDAA43B6BE0E} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-1 No Task File <==== ATTENTION Task: {17C0D0B4-5297-416C-89B6-70D62348D1AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {1D03FC86-0B87-442D-A3F6-00565DC6AD8D} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {279DCF4B-0AAA-4E8C-96A7-BC8E6FE40037} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe Task: {3242C53A-87B1-4E03-A12D-E65046410206} - System32\Tasks\{BBC0DD05-563E-45DE-94E3-3D78AA7B2DA8} => C:\Program Files\Skype\Phone\Skype.exe Task: {4599A9A7-2950-49DA-9642-DFABDDB5A0CE} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-3 No Task File <==== ATTENTION Task: {4A8AE827-7072-4A34-8F33-77D2F9805363} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sandra => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation) Task: {4C2DE83B-06EF-4D34-8F6A-CF64C36B082D} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-3 No Task File <==== ATTENTION Task: {4FA0E1BD-A5D1-4902-910A-FF8524AE7147} - System32\Tasks\{9E9A01BD-BCCD-4B27-9326-E45F95CFF5CD} => pcalua.exe -a "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" -d C:\Users\Sandra\Desktop -c "C:\Program Files\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WVGCSFN\gameInitializer[1].rgi" Task: {590E9503-34A9-4868-99E3-5CDAAA16A602} - System32\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] () Task: {6606CB3F-EFF4-4107-A848-B7029DE6EFB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated) Task: {69549D7C-CF36-47DD-A3E2-C9704D2A15C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6CA740DB-A552-42D6-8E81-453A8862BAC2} - \AmiUpdXp No Task File <==== ATTENTION Task: {78EAAA95-67B2-48D8-B67E-2CE5B38B3E82} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-4 No Task File <==== ATTENTION Task: {7B3DBA45-99C5-4216-B2EF-E1CCA5D108B9} - System32\Tasks\{FA5F355F-9358-4DC5-9301-C2395B9662E9} => pcalua.exe -a C:\Users\Sandra\Documents\vlc-1.0.3-win32.exe -d C:\Users\Sandra\Documents Task: {856ED67D-DEF9-447F-82D4-B8D739621AD8} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-5 No Task File <==== ATTENTION Task: {88A46644-2A4D-4B05-9655-D38622DCC782} - System32\Tasks\{BC4D9D0F-7DF9-421D-A196-5DF2608A37C5} => pcalua.exe -a C:\Users\Sandra\Desktop\streamripper-windows-installer-1.64.6.exe -d C:\Users\Sandra\Desktop Task: {96BCD58D-B94D-4717-8068-89EDB44C6EA5} - System32\Tasks\{41BFFA87-B312-43F9-AE86-C48DDF479674} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9I9INF2\gamesplayerinstall.exe" -d C:\Users\Sandra\Desktop Task: {A51642B9-2DC1-4268-9DD6-1D5F5FC1F573} - \SimpleFiles Installer Starter No Task File <==== ATTENTION Task: {B8E12A15-CD06-4C84-9B38-0B43993598C4} - System32\Tasks\{B9615E8E-AFEA-4B25-8042-16B0D1EC9B17} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNAY72AE\IE8-Setup-Full-32[1].exe" -d C:\Users\Sandra\Desktop Task: {C2A98972-5255-46A0-BA57-0BAA9F59F799} - System32\Tasks\{4BB544CD-66D4-419C-B209-BEEE863EAFF5} => pcalua.exe -a C:\Users\Sandra\Desktop\softonic-Deutsch.exe -d C:\Users\Sandra\Desktop <==== ATTENTION Task: {C6B5B700-5F50-4BDF-AFE0-8FAC63AC5F50} - System32\Tasks\AFC Secure Net Task => C:\Program Files\AFC Secure Net\amjob.exe <==== ATTENTION Task: {CF87E585-8CF9-44D9-92B1-70DF85502219} - System32\Tasks\Google Updater and Installer => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe Task: {D0260882-6FD0-4214-9AA5-A85C10C79D2E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {D26D54EB-ED86-4549-AA55-10AFD4BF6595} - System32\Tasks\Program Security Task => C:\Program Files\Program Security\ProgramSecurity.exe [2015-04-08] (Secure Updater) Task: {D7CC05C7-2469-4295-A0B3-C7B55306AFB5} - System32\Tasks\{C02FE5B2-2FE4-419B-9D53-4B5CBF562CDE} => pcalua.exe -a C:\Users\Sandra\Desktop\Download\qc848deu.exe -d C:\Users\Sandra\Desktop\Download Task: {E7C317C7-946E-43E5-A9B5-61E1572C5722} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation) Task: {EEDC6659-64C5-480B-8B1C-FE772757C3D2} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-4 No Task File <==== ATTENTION Task: {F8DA7A8C-6417-4D00-A265-E23F812C0583} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe Task: {FADB5DAD-656F-432B-98A7-7AE8CB0CBDFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe ==================== Loaded Modules (Whitelisted) ============== 2014-09-22 08:39 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe 2014-09-09 10:03 - 2013-04-15 18:40 - 00329872 ____N () C:\Program Files\XSManager\WTGService.exe 2014-09-22 08:39 - 2012-10-29 13:08 - 00118784 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe 2013-12-31 23:46 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe 2014-03-23 18:49 - 2010-05-13 10:41 - 00594432 _____ () C:\Program Files\congstar\Internetmanager\Bin\dbus-1.dll 2014-03-23 18:49 - 2010-05-13 10:41 - 00157696 _____ () C:\Program Files\congstar\Internetmanager\Bin\libgconf-2.dll 2014-03-23 18:49 - 2010-06-17 09:53 - 00089600 _____ () C:\Program Files\congstar\Internetmanager\Bin\itapi.dll 2014-03-23 18:49 - 2008-05-06 13:50 - 00971776 _____ () C:\Program Files\congstar\Internetmanager\Bin\libxml2.dll 2014-03-23 18:49 - 2009-03-28 09:19 - 00080688 _____ () C:\Program Files\congstar\Internetmanager\Bin\zlib1.dll 2014-03-23 18:49 - 2010-06-17 09:53 - 00054272 _____ () C:\Program Files\congstar\Internetmanager\Bin\coder.dll 2014-03-23 18:49 - 2010-06-17 09:53 - 00025088 _____ () C:\Program Files\congstar\Internetmanager\Bin\log.dll 2014-03-23 18:49 - 2010-06-17 09:53 - 00043008 _____ () C:\Program Files\congstar\Internetmanager\Bin\audio.dll 2014-03-23 18:49 - 2010-06-12 08:10 - 00034304 _____ () C:\Program Files\congstar\Internetmanager\Bin\libctlsvr.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 02091152 ____N () C:\Program Files\XSManager\XSManager.exe 2014-09-09 10:03 - 2013-04-15 18:40 - 00018576 ____N () C:\Program Files\XSManager\WTGDebugs.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00399504 ____N () C:\Program Files\XSManager\WtgCore.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00049808 ____N () C:\Program Files\XSManager\WtgDriverInstall.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00231568 ____N () C:\Program Files\XSManager\WtgUtil.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00186512 ____N () C:\Program Files\XSManager\WtgDetection.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00092304 ____N () C:\Program Files\XSManager\WtgPorts.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00112784 ____N () C:\Program Files\XSManager\WtgDatabase.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\WtgDialup.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00145552 ____N () C:\Program Files\XSManager\WtgBluetooth.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\4GSystems_OneClickAssistantGer.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00604304 ____N () C:\Program Files\XSManager\WTGXMLUtil.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00202896 ____N () C:\Program Files\XSManager\WTGSMSPCClient.Dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00011920 ____N () C:\Program Files\XSManager\4GSystems_WTGSMSPCClientGer.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00018064 ____N () C:\Program Files\XSManager\WTGDriverInstallX.Dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00263312 ____N () C:\Program Files\XSManager\WtgMobileBroadband7.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00546960 ____N () C:\Program Files\XSManager\WtgNdisQmiUtil.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\NDISDirectDial.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00028304 ____N () C:\Program Files\XSManager\LogModule.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\ToolKit.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00067728 ____N () C:\Program Files\XSManager\tinyxml.dll 2014-09-09 10:03 - 2013-04-15 18:40 - 00444560 ____N () C:\Program Files\XSManager\sqlite3.dll 2014-03-23 18:49 - 2010-05-13 10:42 - 00215552 _____ () C:\Program Files\congstar\Internetmanager\Bin\dbus-daemon.exe 2014-03-23 18:49 - 2007-09-09 17:07 - 00151552 _____ () C:\Program Files\congstar\Internetmanager\Bin\libexpat.dll 2014-03-23 18:49 - 2010-05-13 10:42 - 00043008 _____ () C:\Program Files\congstar\Internetmanager\Bin\gconfd-2.exe 2014-03-23 18:49 - 2010-05-13 10:41 - 00055808 _____ () C:\Program Files\congstar\Internetmanager\Bin\libgconfbackend-xml.dll 2014-03-23 18:49 - 2010-05-13 10:42 - 00031232 _____ () C:\Program Files\congstar\Internetmanager\Bin\db_daemon.exe 2014-03-23 18:49 - 2010-05-13 10:39 - 00341504 _____ () C:\Program Files\congstar\Internetmanager\Bin\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5 AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5 AlternateDataStreams: C:\Users\Sandra:zylomtest AlternateDataStreams: C:\Users\Sandra:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVVU} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-6C5V-289TUR10SVUF} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CV8I} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVBF} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVF7} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVM5} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-9MH3-26R8QGLT2VVT} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVLB} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVPT} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVS5} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVUD} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-ONL2-28KUTKHT8DD5} AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-TONE-28JR2EO88NS1} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VST} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VVP} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVSB} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTO} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-CMRU-27KCBJ656VVU} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVQN} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVTO} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVV1} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVE} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-298CPF2SOVVG} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-BTPP-21HGNJ8AQVVU} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVHE} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVLT} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUG} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVI} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-28M5NPU00VV4} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVTG} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVVU} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV1} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVQ} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVB} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVP} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVVG} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVVS} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVUK} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVUV} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVVH} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVQN} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVV8} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVTK} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVUH} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVVK} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-EG1B-25KGP2UCCVUF} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-S5RF-2A7U3EJND000} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVND} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VVI} AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28HCA9OPAVTD} AlternateDataStreams: C:\Users\Sandra:zylomtr{007F99P2-504Q-L9VJ-AT87-509CA1F53AR6} AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5 AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5 AlternateDataStreams: C:\ProgramData\TEMP:008586AE AlternateDataStreams: C:\ProgramData\TEMP:0406003C AlternateDataStreams: C:\ProgramData\TEMP:041C0562 AlternateDataStreams: C:\ProgramData\TEMP:04BB186B AlternateDataStreams: C:\ProgramData\TEMP:054F0F17 AlternateDataStreams: C:\ProgramData\TEMP:058A7351 AlternateDataStreams: C:\ProgramData\TEMP:070D9534 AlternateDataStreams: C:\ProgramData\TEMP:0C5BC70E AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB AlternateDataStreams: C:\ProgramData\TEMP:0E67073E AlternateDataStreams: C:\ProgramData\TEMP:0E684AC9 AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545 AlternateDataStreams: C:\ProgramData\TEMP:0F38B460 AlternateDataStreams: C:\ProgramData\TEMP:0F3F6B1E AlternateDataStreams: C:\ProgramData\TEMP:109734F6 AlternateDataStreams: C:\ProgramData\TEMP:10D98D98 AlternateDataStreams: C:\ProgramData\TEMP:123A86B5 AlternateDataStreams: C:\ProgramData\TEMP:12D2EB9C AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9 AlternateDataStreams: C:\ProgramData\TEMP:1316EAD4 AlternateDataStreams: C:\ProgramData\TEMP:1392F09D AlternateDataStreams: C:\ProgramData\TEMP:15752405 AlternateDataStreams: C:\ProgramData\TEMP:178093AE AlternateDataStreams: C:\ProgramData\TEMP:17F7AEA3 AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC AlternateDataStreams: C:\ProgramData\TEMP:193CB03B AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204 AlternateDataStreams: C:\ProgramData\TEMP:1B927722 AlternateDataStreams: C:\ProgramData\TEMP:1BD02801 AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B AlternateDataStreams: C:\ProgramData\TEMP:1F4329D4 AlternateDataStreams: C:\ProgramData\TEMP:204BEE0F AlternateDataStreams: C:\ProgramData\TEMP:206470A5 AlternateDataStreams: C:\ProgramData\TEMP:225CD7D5 AlternateDataStreams: C:\ProgramData\TEMP:2495D97A AlternateDataStreams: C:\ProgramData\TEMP:25249477 AlternateDataStreams: C:\ProgramData\TEMP:27F44544 AlternateDataStreams: C:\ProgramData\TEMP:29629382 AlternateDataStreams: C:\ProgramData\TEMP:2C678471 AlternateDataStreams: C:\ProgramData\TEMP:2D78CEB3 AlternateDataStreams: C:\ProgramData\TEMP:2E45FA8F AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C AlternateDataStreams: C:\ProgramData\TEMP:2F6462DF AlternateDataStreams: C:\ProgramData\TEMP:2FBB2B9B AlternateDataStreams: C:\ProgramData\TEMP:2FC7B9E4 AlternateDataStreams: C:\ProgramData\TEMP:32A82570 AlternateDataStreams: C:\ProgramData\TEMP:32FC67BC AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1 AlternateDataStreams: C:\ProgramData\TEMP:35C78DCC AlternateDataStreams: C:\ProgramData\TEMP:35FAD15D AlternateDataStreams: C:\ProgramData\TEMP:3651A580 AlternateDataStreams: C:\ProgramData\TEMP:36A39835 AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB AlternateDataStreams: C:\ProgramData\TEMP:386B39C3 AlternateDataStreams: C:\ProgramData\TEMP:38FF076E AlternateDataStreams: C:\ProgramData\TEMP:3AD6342E AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0 AlternateDataStreams: C:\ProgramData\TEMP:3D186293 AlternateDataStreams: C:\ProgramData\TEMP:3D36932D AlternateDataStreams: C:\ProgramData\TEMP:3D6B89CE AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365 AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F AlternateDataStreams: C:\ProgramData\TEMP:405D842B AlternateDataStreams: C:\ProgramData\TEMP:413E2927 AlternateDataStreams: C:\ProgramData\TEMP:425759C6 AlternateDataStreams: C:\ProgramData\TEMP:42A3BDD7 AlternateDataStreams: C:\ProgramData\TEMP:43C9D140 AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0 AlternateDataStreams: C:\ProgramData\TEMP:47A24D4B AlternateDataStreams: C:\ProgramData\TEMP:48977386 AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2 AlternateDataStreams: C:\ProgramData\TEMP:4B1195DD AlternateDataStreams: C:\ProgramData\TEMP:4C528C86 AlternateDataStreams: C:\ProgramData\TEMP:4E243396 AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68 AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4 AlternateDataStreams: C:\ProgramData\TEMP:4EF94CF3 AlternateDataStreams: C:\ProgramData\TEMP:4FE30352 AlternateDataStreams: C:\ProgramData\TEMP:4FE42FFC AlternateDataStreams: C:\ProgramData\TEMP:50636E35 AlternateDataStreams: C:\ProgramData\TEMP:5080697C AlternateDataStreams: C:\ProgramData\TEMP:5197985B AlternateDataStreams: C:\ProgramData\TEMP:5335CE76 AlternateDataStreams: C:\ProgramData\TEMP:53DF59D1 AlternateDataStreams: C:\ProgramData\TEMP:551BED5F AlternateDataStreams: C:\ProgramData\TEMP:55E1514E AlternateDataStreams: C:\ProgramData\TEMP:56C17A93 AlternateDataStreams: C:\ProgramData\TEMP:57176330 AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C AlternateDataStreams: C:\ProgramData\TEMP:583FE1DA AlternateDataStreams: C:\ProgramData\TEMP:592D7272 AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C AlternateDataStreams: C:\ProgramData\TEMP:5AE33054 AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6 AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B AlternateDataStreams: C:\ProgramData\TEMP:5F538558 AlternateDataStreams: C:\ProgramData\TEMP:5FA4CB99 AlternateDataStreams: C:\ProgramData\TEMP:6017A808 AlternateDataStreams: C:\ProgramData\TEMP:61A065F2 AlternateDataStreams: C:\ProgramData\TEMP:61B54B15 AlternateDataStreams: C:\ProgramData\TEMP:6247E766 AlternateDataStreams: C:\ProgramData\TEMP:62525FE7 AlternateDataStreams: C:\ProgramData\TEMP:63B94956 AlternateDataStreams: C:\ProgramData\TEMP:661DC753 AlternateDataStreams: C:\ProgramData\TEMP:663B62CA AlternateDataStreams: C:\ProgramData\TEMP:66871744 AlternateDataStreams: C:\ProgramData\TEMP:68A56598 AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20 AlternateDataStreams: C:\ProgramData\TEMP:6E11933F AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A AlternateDataStreams: C:\ProgramData\TEMP:6FD26134 AlternateDataStreams: C:\ProgramData\TEMP:6FD3C973 AlternateDataStreams: C:\ProgramData\TEMP:6FE17A89 AlternateDataStreams: C:\ProgramData\TEMP:701FCC18 AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA AlternateDataStreams: C:\ProgramData\TEMP:7124B44D AlternateDataStreams: C:\ProgramData\TEMP:71612023 AlternateDataStreams: C:\ProgramData\TEMP:71FA8B7F AlternateDataStreams: C:\ProgramData\TEMP:73461BFA AlternateDataStreams: C:\ProgramData\TEMP:737160C1 AlternateDataStreams: C:\ProgramData\TEMP:73AFBB96 AlternateDataStreams: C:\ProgramData\TEMP:74091520 AlternateDataStreams: C:\ProgramData\TEMP:7547DA5B AlternateDataStreams: C:\ProgramData\TEMP:78739EC9 AlternateDataStreams: C:\ProgramData\TEMP:7881FECE AlternateDataStreams: C:\ProgramData\TEMP:7A032A04 AlternateDataStreams: C:\ProgramData\TEMP:7A3AAF2E AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB AlternateDataStreams: C:\ProgramData\TEMP:80EA2EA3 AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3 AlternateDataStreams: C:\ProgramData\TEMP:8140CB50 AlternateDataStreams: C:\ProgramData\TEMP:81653DC8 AlternateDataStreams: C:\ProgramData\TEMP:8247A199 AlternateDataStreams: C:\ProgramData\TEMP:870649A4 AlternateDataStreams: C:\ProgramData\TEMP:883EDFB5 AlternateDataStreams: C:\ProgramData\TEMP:88698068 AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1 AlternateDataStreams: C:\ProgramData\TEMP:8924043A AlternateDataStreams: C:\ProgramData\TEMP:8944C195 AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C AlternateDataStreams: C:\ProgramData\TEMP:8AD1F2E0 AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596 AlternateDataStreams: C:\ProgramData\TEMP:8BA6C9F8 AlternateDataStreams: C:\ProgramData\TEMP:8BFA0030 AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14 AlternateDataStreams: C:\ProgramData\TEMP:8D5A0C4E AlternateDataStreams: C:\ProgramData\TEMP:8FA72FF8 AlternateDataStreams: C:\ProgramData\TEMP:9026FFAC AlternateDataStreams: C:\ProgramData\TEMP:90D89144 AlternateDataStreams: C:\ProgramData\TEMP:918B7566 AlternateDataStreams: C:\ProgramData\TEMP:91DEEE71 AlternateDataStreams: C:\ProgramData\TEMP:92A815D8 AlternateDataStreams: C:\ProgramData\TEMP:93B0BB6F AlternateDataStreams: C:\ProgramData\TEMP:943E8182 AlternateDataStreams: C:\ProgramData\TEMP:953FDC1A AlternateDataStreams: C:\ProgramData\TEMP:957E9765 AlternateDataStreams: C:\ProgramData\TEMP:97C4F81F AlternateDataStreams: C:\ProgramData\TEMP:98982C88 AlternateDataStreams: C:\ProgramData\TEMP:996104FC AlternateDataStreams: C:\ProgramData\TEMP:9A7BF72D AlternateDataStreams: C:\ProgramData\TEMP:9AE67195 AlternateDataStreams: C:\ProgramData\TEMP:9D03192E AlternateDataStreams: C:\ProgramData\TEMP:9DB67071 AlternateDataStreams: C:\ProgramData\TEMP:9DCE3A1C AlternateDataStreams: C:\ProgramData\TEMP:9E9A3410 AlternateDataStreams: C:\ProgramData\TEMP:9F50A55A AlternateDataStreams: C:\ProgramData\TEMP:A02025CE AlternateDataStreams: C:\ProgramData\TEMP:A0C7D68A AlternateDataStreams: C:\ProgramData\TEMP:A0CB43B2 AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00 AlternateDataStreams: C:\ProgramData\TEMP:A296A63F AlternateDataStreams: C:\ProgramData\TEMP:A5584049 AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1 AlternateDataStreams: C:\ProgramData\TEMP:A60D0FA6 AlternateDataStreams: C:\ProgramData\TEMP:A6CDBCAC AlternateDataStreams: C:\ProgramData\TEMP:A7B70C4E AlternateDataStreams: C:\ProgramData\TEMP:AABCC5A7 AlternateDataStreams: C:\ProgramData\TEMP:AB82C54F AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9 AlternateDataStreams: C:\ProgramData\TEMP:AC57032B AlternateDataStreams: C:\ProgramData\TEMP:AC73CDCE AlternateDataStreams: C:\ProgramData\TEMP:AD727397 AlternateDataStreams: C:\ProgramData\TEMP:ADFAD95A AlternateDataStreams: C:\ProgramData\TEMP:AED33A42 AlternateDataStreams: C:\ProgramData\TEMP:B093E177 AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09 AlternateDataStreams: C:\ProgramData\TEMP:B4980368 AlternateDataStreams: C:\ProgramData\TEMP:B64F7263 AlternateDataStreams: C:\ProgramData\TEMP:B8EA2C49 AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99 AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC AlternateDataStreams: C:\ProgramData\TEMP:BD8C785E AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530 AlternateDataStreams: C:\ProgramData\TEMP:BDF08FAF AlternateDataStreams: C:\ProgramData\TEMP:BE40C8A2 AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2 AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B AlternateDataStreams: C:\ProgramData\TEMP:C0A9D0E7 AlternateDataStreams: C:\ProgramData\TEMP:C22674B6 AlternateDataStreams: C:\ProgramData\TEMP:C30487EE AlternateDataStreams: C:\ProgramData\TEMP:C3392F75 AlternateDataStreams: C:\ProgramData\TEMP:C35B4B19 AlternateDataStreams: C:\ProgramData\TEMP:C36B1175 AlternateDataStreams: C:\ProgramData\TEMP:C48A983C AlternateDataStreams: C:\ProgramData\TEMP:C4AB79AE AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE AlternateDataStreams: C:\ProgramData\TEMP:C611D6C8 AlternateDataStreams: C:\ProgramData\TEMP:C72A744C AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82 AlternateDataStreams: C:\ProgramData\TEMP:C7973317 AlternateDataStreams: C:\ProgramData\TEMP:C81D3839 AlternateDataStreams: C:\ProgramData\TEMP:C86B29EB AlternateDataStreams: C:\ProgramData\TEMP:C9CDDE5E AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093 AlternateDataStreams: C:\ProgramData\TEMP:CA8D6B60 AlternateDataStreams: C:\ProgramData\TEMP:CA99FD89 AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8 AlternateDataStreams: C:\ProgramData\TEMP:CB0EB1DE AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B AlternateDataStreams: C:\ProgramData\TEMP:CB16385F AlternateDataStreams: C:\ProgramData\TEMP:CE6885F1 AlternateDataStreams: C:\ProgramData\TEMP:CF1334B0 AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A AlternateDataStreams: C:\ProgramData\TEMP:CFDE7852 AlternateDataStreams: C:\ProgramData\TEMP:CFFC9DD0 AlternateDataStreams: C:\ProgramData\TEMP  0D17155AlternateDataStreams: C:\ProgramData\TEMP 2397415AlternateDataStreams: C:\ProgramData\TEMP 2C57161AlternateDataStreams: C:\ProgramData\TEMP 2D4B33EAlternateDataStreams: C:\ProgramData\TEMP 354012DAlternateDataStreams: C:\ProgramData\TEMP 390A6A7AlternateDataStreams: C:\ProgramData\TEMP 3A89E47AlternateDataStreams: C:\ProgramData\TEMP 3A8AA31AlternateDataStreams: C:\ProgramData\TEMP 453E38BAlternateDataStreams: C:\ProgramData\TEMP 46ECFD5AlternateDataStreams: C:\ProgramData\TEMP 4BB0AD6AlternateDataStreams: C:\ProgramData\TEMP 74C2847AlternateDataStreams: C:\ProgramData\TEMP 8D58038AlternateDataStreams: C:\ProgramData\TEMP 8F9D810AlternateDataStreams: C:\ProgramData\TEMP 9B1EB7EAlternateDataStreams: C:\ProgramData\TEMP C21D414AlternateDataStreams: C:\ProgramData\TEMP D04902EAlternateDataStreams: C:\ProgramData\TEMP E47A3DAAlternateDataStreams: C:\ProgramData\TEMP E9AC04FAlternateDataStreams: C:\ProgramData\TEMP F0BC727AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC AlternateDataStreams: C:\ProgramData\TEMP:E1D818F7 AlternateDataStreams: C:\ProgramData\TEMP:E3B5F2D1 AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D AlternateDataStreams: C:\ProgramData\TEMP:E4FCDFD9 AlternateDataStreams: C:\ProgramData\TEMP:E6A96BE9 AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC AlternateDataStreams: C:\ProgramData\TEMP:E732B44B AlternateDataStreams: C:\ProgramData\TEMP:E774F04D AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D AlternateDataStreams: C:\ProgramData\TEMP:E7B49FBF AlternateDataStreams: C:\ProgramData\TEMP:E7C9DAAE AlternateDataStreams: C:\ProgramData\TEMP:E8CB831A AlternateDataStreams: C:\ProgramData\TEMP:EA10407C AlternateDataStreams: C:\ProgramData\TEMP:EA1919C7 AlternateDataStreams: C:\ProgramData\TEMP:EA701346 AlternateDataStreams: C:\ProgramData\TEMP:EA7D76BE AlternateDataStreams: C:\ProgramData\TEMP:EAEE7554 AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0 AlternateDataStreams: C:\ProgramData\TEMP:EDC744FB AlternateDataStreams: C:\ProgramData\TEMP:EEED3F26 AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444 AlternateDataStreams: C:\ProgramData\TEMP:EF5B3572 AlternateDataStreams: C:\ProgramData\TEMP:F0A06891 AlternateDataStreams: C:\ProgramData\TEMP:F3029A65 AlternateDataStreams: C:\ProgramData\TEMP:F3EFA8A8 AlternateDataStreams: C:\ProgramData\TEMP:F43B7E8F AlternateDataStreams: C:\ProgramData\TEMP:F7370879 AlternateDataStreams: C:\ProgramData\TEMP:F7F6E6CB AlternateDataStreams: C:\ProgramData\TEMP:F81E7082 AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2 AlternateDataStreams: C:\ProgramData\TEMP:F9E46E4C AlternateDataStreams: C:\ProgramData\TEMP:F9EDCFB0 AlternateDataStreams: C:\ProgramData\TEMP:FAFEC4B9 AlternateDataStreams: C:\ProgramData\TEMP:FB647F34 AlternateDataStreams: C:\ProgramData\TEMP:FD000392 AlternateDataStreams: C:\ProgramData\TEMP:FD38E906 AlternateDataStreams: C:\ProgramData\TEMP:FECEF728 ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com There are 7358 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-891572633-1774761820-252287049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\Application Data\Pictures\Drache1.jpg DNS Servers: 193.189.244.225 - 193.189.244.206 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{637B9502-262B-4680-8440-9F93780503AB}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{4B1D55F8-D758-4657-AC3A-DE59BD432B5C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe FirewallRules: [{763A9BFE-AF9D-4598-AB33-0CAC42C4329F}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe FirewallRules: [{82E6866A-456B-4FA2-9255-CEA55E07F257}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe FirewallRules: [{8532313D-6991-4F90-9020-D160BD8A8231}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe FirewallRules: [{9017EDC8-49B9-46D6-8FA3-C11EBC31FCBC}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe FirewallRules: [{37EFC497-31E9-4305-80D8-8FD93559F3DF}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe FirewallRules: [{9EA43957-1A2C-419E-8F50-22BF8DE39B4C}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe FirewallRules: [TCP Query User{73E83C09-C343-42F5-9C06-7F29244FF95A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{5EC8FB2D-F09E-4C5A-B679-54FADA91474C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{6F4D1074-856A-4C64-ACF8-1CD93154FD0F}] => (Allow) LPort=80 FirewallRules: [{2B5F215C-83D8-405F-B200-FA3FDBA04952}] => (Allow) LPort=80 FirewallRules: [{08C8CF5F-BCE2-42AD-A410-83781F5BCAC2}] => (Allow) LPort=80 FirewallRules: [{BDA735D0-96F0-44A4-8EA9-FC9899EE3BE7}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe FirewallRules: [{399DF4C3-B2CC-4BB5-A184-3794FE94AF1F}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe FirewallRules: [{4DC96EA1-4031-485D-973D-1E0610F18211}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{703AC5DC-7522-4A5E-BAB6-EBE9B22E80F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [TCP Query User{693FFD98-9206-4546-9E8B-515167CFDED1}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe FirewallRules: [UDP Query User{2DB7ECB7-1B5A-42D4-A8C1-1637A28909B6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe FirewallRules: [TCP Query User{0ED3ABDE-419A-434E-8596-7305420D9041}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{6DCD1365-4EA1-411A-977B-99384019AD14}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe FirewallRules: [TCP Query User{0921335B-E9C8-4FCC-94EC-E44FB6528D9A}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe FirewallRules: [UDP Query User{9F6876B9-17C8-4B97-ADAB-8ECEB11B70A6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe FirewallRules: [{94631EAF-E186-4D79-8B1C-8D1900F8E2D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{64977571-955F-4037-91F7-77A705548C8F}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe FirewallRules: [{99A14943-855E-48FF-9794-EC516BE5D315}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe FirewallRules: [{A631F5FE-0753-4E43-98C5-953A91EAE2F4}] => (Allow) C:\Program Files\Bench\Proxy\proc.exe FirewallRules: [{666CE59E-EEF3-49BB-AF43-8645562FA2DE}] => (Allow) C:\Program Files\Bench\Proxy\pwdg.exe FirewallRules: [{827C6E82-CF2B-4BAE-ADF2-D78AC6A4761A}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe FirewallRules: [{0B8A5018-DC8F-41A9-AC1F-E6FEDFC84BCA}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe FirewallRules: [{79F79E0B-50B1-4617-9B45-36391DF95D42}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe FirewallRules: [{2C11D001-28E2-4BD0-9E9F-9F6F7AF546F7}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe FirewallRules: [{B0040FE3-CDCC-4F29-B004-87F4A6574B76}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe FirewallRules: [{CC29AF40-6ED8-4CE4-B529-003AEC14CED2}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe FirewallRules: [{956D70E1-9AA4-49B3-9947-EA8F2091C006}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: 6TO4 Adapter Description: Microsoft-6zu4-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{E189E505-C50E-465C-BEC6-C6B777FFB910} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{F4A3DCDE-5A33-4E9D-8E66-AA41066E6DC3} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{F9F0F3DE-5AE4-45F1-8A61-30484AAEC5A6} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{BE2E9025-8DB8-430E-BD83-F989B5EF45D1} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: isatap.{00EDA72F-48BB-431A-8289-56EEE99128CF} Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Microsoft Office: ========================= Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL Error: (07/25/2015 08:03:07 AM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL Error: (07/24/2015 11:13:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL Error: (07/24/2015 10:44:00 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL Error: (07/24/2015 07:48:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CDN.MOVAD.NET\SETTINGS.SOL Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL Error: (07/24/2015 07:33:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\9N2JNYBZ\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#VIZORFB-A.AKAMAIHD.NET\SETTINGS.SOL CodeIntegrity Errors: =================================== Date: 2015-07-24 21:23:39.648 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 20:05:19.745 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 20:05:19.355 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 20:05:18.981 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 20:05:18.591 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 20:05:18.216 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 20:05:17.795 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 19:56:03.404 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 19:53:35.170 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-07-24 11:15:10.419 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\iS3\STOPzilla AntiVirus\Drivers\i386\w2k\SBTIS.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz Percentage of memory in use: 54% Total physical RAM: 2046.45 MB Available physical RAM: 932.38 MB Total Virtual: 4341.89 MB Available Virtual: 2717.74 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:195.31 GB) (Free:124.95 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:117.19 GB) (Free:106.48 GB) NTFS Drive e: () (Fixed) (Total:153.26 GB) (Free:147.39 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B74FD3AC) Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=153.3 GB) - (Type=07 NTFS) ==================== End of log ========================= und hier der FRST Editor : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Sandra (administrator) on HOUSEFRAU on 25-07-2015 08:15:01
Running from C:\Users\Sandra\Downloads
Loaded Profiles: Sandra (Available Profiles: Sandra & Dean & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
() C:\Program Files\XSManager\WTGService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ZTE) C:\Program Files\congstar\Internetmanager\Bin\mcserver.exe
(Skillbrains) C:\Program Files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
() C:\Program Files\XSManager\XSManager.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files\congstar\Internetmanager\Bin\dbus-daemon.exe
() C:\Program Files\congstar\Internetmanager\Bin\gconfd-2.exe
() C:\Program Files\congstar\Internetmanager\Bin\db_daemon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6957600 2009-03-04] (Realtek Semiconductor)
HKLM\...\Run: [NBKeyScan] => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Sparhandy_Germany Silverstone ModemListener] => C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe [118784 2012-10-29] ()
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Run: [LightShot] => C:\Users\Sandra\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Run: [Amazon Cloud Player] => C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2011-06-15]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-891572633-1774761820-252287049-1001\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51105;https=127.0.0.1:51105
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
SearchScopes: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> {19B9443B-07B6-4098-8DB6-06A520A70696} URL = https://www.google.com/search?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-26] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-26] (Oracle Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - No File
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - No File
Toolbar: HKU\S-1-5-21-891572633-1774761820-252287049-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.de/s/v/66.35/uploader2.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E1342154-4889-42B5-BEF6-19237577048F} hxxp://gamescenter.sat1.de/online2/insaniquarium/oberongamesloader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 10 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 11 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 12 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 13 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 14 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 15 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 16 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 17 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Windows\system32\wpclsp.dll [72192 2009-04-13] (Microsoft Corporation)
Winsock: Catalog9 28 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2013-08-06] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{50B1677B-DE90-423A-9282-8B2F88497843}: [DhcpNameServer] 193.189.244.225 193.189.244.206
FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll [2013-03-15] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2009-07-06] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-891572633-1774761820-252287049-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sandra\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-891572633-1774761820-252287049-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\user.js [2015-07-24]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012-04-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012-07-08]
FF Extension: No Name - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-20]
FF Extension: No Name - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\e20dc619-d8c4-48f1-ae07-641cefb43165@3c4d943f-ad97-4f6e-aa94-d9671175a3d0.com [2014-04-20]
FF Extension: Search Assistant - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\{B3834E60-12A8-11E0-A289-939FDFD72085} [2012-05-18]
FF Extension: RefControl - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2011-09-13]
FF Extension: Greasemonkey - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-06-15]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b [2014-11-24]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\d87a1bbc5dfe9f400228128419b2512b [2014-12-12]
FF Extension: Firefox Helper - C:\Program Files\Mozilla Firefox\distribution\bundles\{BB99E7E76B75CD90888179CD3AC88C56} [2014-11-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-13]
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\congstar\Internetmanager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\congstar\Internetmanager\Bin\addon [2014-03-23]
Chrome:
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (YouTube) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-16]
CHR Extension: (Google Search) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-16]
CHR Extension: (Avira Browser Safety) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03]
CHR Extension: (Gmail) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-16]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825136 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1187336 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 Sparhandy_Germany Silverstone Modem Device Helper; C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
R2 WTGService; C:\Program Files\XSManager\WTGService.exe [329872 2013-04-15] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2009-05-02] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-21] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [13184 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 CAM1210; C:\Windows\System32\Drivers\cam1210.sys [94080 2007-08-30] (USB video camera) [File not signed]
R3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [120320 2015-07-24] (Wireless Data Device)
R3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [107520 2015-07-24] (Wireless Device)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-05-02] ()
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
S3 MobileBroadbandDCser; C:\Windows\System32\DRIVERS\MobileBroadbandDCser.sys [108032 2015-07-24] (MobileBroadband.)
S3 mr97310c; C:\Windows\System32\DRIVERS\mr97310c.sys [121472 2005-04-11] (Mars Semiconductor Corp.)
S3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [1317152 2005-05-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-05-02] () [File not signed]
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 tcpipBM; C:\Windows\system32\Drivers\tcpipBM.sys [24192 2009-12-15] (Bytemobile, Inc.) [File not signed]
U3 adishbb7; C:\Windows\system32\Drivers\adishbb7.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 cpuz134; \??\C:\Users\Sandra\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 LVcKap; system32\DRIVERS\LVcKap.sys [X]
S3 LVMVDrv; system32\DRIVERS\LVMVDrv.sys [X]
S3 LVPr2Mon; system32\DRIVERS\LVPr2Mon.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2093-10-30 09:56 - 2093-10-30 09:56 - 00004034 _____ C:\Windows\system32\jupdate-1.6.0_22-b04.log
2015-07-25 08:15 - 2015-07-25 08:15 - 00022444 _____ C:\Users\Sandra\Downloads\FRST.txt
2015-07-25 08:14 - 2015-07-25 08:15 - 00000000 ____D C:\FRST
2015-07-25 08:13 - 2015-07-25 08:14 - 01638912 _____ (Farbar) C:\Users\Sandra\Downloads\FRST.exe
2015-07-24 23:06 - 2015-07-24 23:06 - 00000000 ____D C:\Users\Sandra\AppData\Local\FullTiltPoker.eu
2015-07-24 19:52 - 2015-07-24 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-24 19:48 - 2015-07-24 19:51 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sandra\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-24 19:36 - 2015-07-24 19:38 - 24706984 _____ (ReviverSoft LLC) C:\Users\Sandra\Downloads\PCReviverSetup.exe
2015-07-24 17:59 - 2015-07-24 17:59 - 00001923 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-24 17:59 - 2015-07-24 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-24 17:57 - 2015-07-25 08:02 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-24 17:57 - 2015-07-25 07:52 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-24 17:56 - 2015-07-24 17:56 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (4).exe
2015-07-24 17:36 - 2015-07-24 17:37 - 00000000 ____D C:\Users\Dean\AppData\Roaming\XSManager
2015-07-24 16:27 - 2015-07-24 18:26 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\ReviverSoft
2015-07-24 16:27 - 2015-07-24 16:56 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\SECRV
2015-07-24 16:25 - 2015-07-24 16:25 - 04602104 _____ (ReviverSoft ) C:\Users\Sandra\Downloads\SecurityReviverSetup_ppc.exe
2015-07-24 16:20 - 2015-07-24 16:20 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (3).exe
2015-07-24 16:17 - 2015-07-24 16:17 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (2).exe
2015-07-24 13:17 - 2015-07-24 13:20 - 49026264 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\Windows-KB890830-V5.26 (1).exe
2015-07-24 11:55 - 2015-07-24 11:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Sandra\Downloads\SpyHunter-Installer (1).exe
2015-07-22 04:32 - 2015-07-22 04:32 - 00931408 _____ (Google Inc.) C:\Users\Sandra\Downloads\ChromeSetup (1).exe
2015-07-21 13:00 - 2015-07-14 18:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 13:00 - 2015-07-14 16:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 12:40 - 2015-07-21 12:40 - 00000000 ____D C:\ProgramData\VIPRE
2015-07-21 12:40 - 2015-07-21 12:40 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-21 12:11 - 2015-07-24 11:14 - 00000000 ____D C:\ProgramData\STOPzilla!
2015-07-21 12:11 - 2015-07-21 12:11 - 00000000 ____D C:\Program Files\iS3
2015-07-21 12:06 - 2015-07-21 12:07 - 02042328 _____ (iS3, Inc.) C:\Users\Sandra\Downloads\STOPzillaPRO_Downloader.exe
2015-07-15 13:05 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 13:04 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 13:04 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 13:04 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 13:03 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 13:02 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 13:01 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 13:01 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 13:01 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 13:01 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-15 13:01 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 13:01 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 13:01 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 13:01 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 11:11 - 2015-07-03 07:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 11:11 - 2015-07-03 07:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 11:11 - 2015-06-17 03:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 11:11 - 2015-06-17 03:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 11:11 - 2015-06-17 03:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 11:11 - 2015-06-17 03:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 11:11 - 2015-06-17 03:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 11:11 - 2015-06-17 03:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 11:11 - 2015-06-17 03:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 11:11 - 2015-06-17 03:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 11:11 - 2015-06-17 03:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-07-15 11:11 - 2015-06-17 03:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-07-15 11:11 - 2015-06-17 03:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-07-14 20:40 - 2015-07-14 20:43 - 49026264 _____ (Microsoft Corporation) C:\Users\Sandra\Downloads\Windows-KB890830-V5.26.exe
2015-07-14 20:09 - 2015-07-14 20:09 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Sandra\Downloads\SpyHunter-Installer.exe
2015-07-12 21:57 - 2015-07-12 22:14 - 00000165 _____ C:\Windows\Reimage.ini
2015-07-12 21:56 - 2015-07-12 21:57 - 00772016 _____ (Reimage®) C:\Users\Sandra\Downloads\ReimageRepair.exe
2015-07-09 14:42 - 2015-07-24 22:11 - 00000000 ____D C:\Program Files\AFC Secure Net
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-25 08:06 - 2011-08-10 13:44 - 01692522 _____ C:\Windows\WindowsUpdate.log
2015-07-25 07:52 - 2013-12-31 21:30 - 00311332 _____ C:\Windows\PFRO.log
2015-07-25 07:52 - 2013-05-24 20:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-25 07:52 - 2009-04-12 16:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-25 07:52 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-25 07:52 - 2006-11-02 14:47 - 00004128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-25 07:52 - 2006-11-02 14:47 - 00004128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-24 23:26 - 2006-11-02 15:01 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-24 23:18 - 2013-03-28 12:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-24 23:06 - 2014-02-20 20:13 - 00000000 ____D C:\Users\Sandra\AppData\Local\cache
2015-07-24 23:02 - 2006-11-02 12:33 - 00264390 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-24 22:59 - 2011-09-03 10:57 - 00000378 _____ C:\Windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job
2015-07-24 20:14 - 2015-02-14 18:34 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Angry_Birds
2015-07-24 20:14 - 2014-11-24 21:03 - 00000000 ____D C:\Program Files\Jelbrus Secure Web
2015-07-24 20:14 - 2014-08-30 18:38 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\GetPrivate
2015-07-24 20:14 - 2014-08-30 18:38 - 00000000 ____D C:\Program Files\GetPrivate
2015-07-24 20:14 - 2014-04-20 02:31 - 00000000 ____D C:\Program Files\MediaPlayerplus
2015-07-24 19:32 - 2011-09-03 10:56 - 00000378 _____ C:\Windows\Tasks\update-sys.job
2015-07-24 18:38 - 2014-08-31 18:38 - 00070144 _____ C:\Windows\system32\tasks.dll
2015-07-24 17:58 - 2010-08-12 15:30 - 00000000 ____D C:\Program Files\Google
2015-07-24 17:38 - 2011-03-03 15:30 - 00000680 __RSH C:\Users\Sandra\ntuser.pol
2015-07-24 17:38 - 2008-12-17 00:16 - 00000000 ____D C:\Users\Sandra
2015-07-24 17:35 - 2014-09-09 10:03 - 00134144 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCWwan.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00133120 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_netamd.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00120320 _____ (Wireless Data Device) C:\Windows\system32\Drivers\cmntnet.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00118272 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_seramd.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00112640 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_net32.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00108032 _____ (MobileBroadband.) C:\Windows\system32\Drivers\MobileBroadbandDCser.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00107520 _____ (Wireless Device) C:\Windows\system32\Drivers\cmnuusbser.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00103680 _____ (C-motech Co.,Ltd.) C:\Windows\system32\Drivers\cm_ser32.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00103424 _____ (Mobile Connector) C:\Windows\system32\Drivers\cmnsusbser.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00101056 _____ C:\Windows\system32\Drivers\dvb_nova_12mhz_b0.inp
2015-07-24 17:35 - 2014-09-09 10:03 - 00092456 _____ C:\Windows\system32\Drivers\isdbt_nova_12mhz_b0.inp
2015-07-24 17:35 - 2014-09-09 10:03 - 00079036 _____ C:\Windows\system32\Drivers\tdmb_nova_12mhz_b0.inp
2015-07-24 17:35 - 2014-09-09 10:03 - 00052128 _____ (Siano) C:\Windows\system32\Drivers\smsbda.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00019968 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\MobileBroadbandDCUsb.sys
2015-07-24 17:35 - 2014-09-09 10:03 - 00001678 _____ C:\ProgramData\Microsoft\Windows\Start Menu\XSManager.lnk
2015-07-24 17:35 - 2014-09-09 10:03 - 00001672 _____ C:\Users\Public\Desktop\XSManager.lnk
2015-07-24 17:35 - 2014-09-09 10:03 - 00000040 _____ C:\Windows\system32\Drivers\smsbda.cfg
2015-07-24 17:35 - 2014-09-09 10:03 - 00000000 ____D C:\Program Files\XSManager
2015-07-24 17:32 - 2011-03-03 16:13 - 00001326 __RSH C:\Users\Dean\ntuser.pol
2015-07-24 17:32 - 2011-03-03 16:13 - 00000000 ____D C:\Users\Dean
2015-07-24 17:30 - 2011-03-03 16:13 - 00054552 _____ C:\Users\Dean\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-22 04:10 - 2010-08-12 15:30 - 00000000 ____D C:\Users\Sandra\AppData\Local\Google
2015-07-22 04:10 - 2009-04-19 10:38 - 00000000 ____D C:\ProgramData\Google
2015-07-21 13:29 - 2006-11-02 14:47 - 00252864 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 13:20 - 2015-04-10 22:44 - 00000319 _____ C:\Users\Sandra\Downloads\QuickTime Player 7 76 80 95 Downloader.zip
2015-07-21 13:20 - 2015-02-21 21:55 - 00000943 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract) (3).zip
2015-07-21 13:20 - 2015-02-17 11:24 - 00000945 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract) (2).zip
2015-07-21 13:20 - 2015-02-17 11:23 - 00000945 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract) (1).zip
2015-07-21 13:20 - 2015-02-17 11:20 - 00000945 _____ C:\Users\Sandra\Downloads\Installer (Right Click and select extract).zip
2015-07-18 09:08 - 2012-10-25 14:00 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-14 21:21 - 2013-03-28 12:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-14 21:21 - 2013-03-28 12:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-09 17:47 - 2015-03-03 15:34 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\ActivePresenter
2015-07-09 17:36 - 2015-05-26 16:18 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\UseNeXT
2015-07-03 08:49 - 2006-11-02 12:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-06-30 23:20 - 2015-05-26 16:18 - 00000000 ____D C:\Users\Sandra\Documents\UseNeXT
2015-06-28 20:30 - 2014-09-09 10:03 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\XSManager
2015-06-28 20:03 - 2014-01-03 02:25 - 00027752 _____ C:\Windows\setupact.log
2015-06-27 18:46 - 2015-05-21 16:37 - 00001849 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-06-27 18:46 - 2013-08-06 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
==================== Files in the root of some directories =======
2010-07-20 10:55 - 2002-07-26 17:02 - 0153088 ____N () C:\Program Files\UNWISE.EXE
2015-03-28 19:40 - 2015-03-28 19:40 - 0009662 _____ () C:\Users\Sandra\AppData\Roaming\em_64x64.ico
2009-09-23 21:45 - 2009-09-23 21:45 - 0000760 _____ () C:\Users\Sandra\AppData\Roaming\setup_ldm.iss
2009-12-01 01:12 - 2011-05-01 17:21 - 0022646 _____ () C:\Users\Sandra\AppData\Roaming\UserTile.png
2010-07-28 22:04 - 2013-03-04 09:41 - 0000680 _____ () C:\Users\Sandra\AppData\Local\d3d9caps.dat
2010-07-21 18:50 - 2015-02-24 10:16 - 0123904 _____ () C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-07-25 12:47 - 2010-07-25 12:47 - 0000848 _____ () C:\Users\Sandra\AppData\Local\recently-used.xbel
2010-12-02 21:25 - 2010-12-02 22:22 - 0012670 _____ () C:\Users\Sandra\AppData\Local\slot1.mm1
2011-09-03 10:56 - 2011-09-03 10:56 - 0000003 _____ () C:\Users\Sandra\AppData\Local\updater.log
2011-09-03 10:57 - 2015-04-23 22:07 - 0001577 _____ () C:\Users\Sandra\AppData\Local\UserProducts.xml
2011-03-17 17:47 - 2011-03-17 17:49 - 0019456 _____ () C:\Users\Sandra\AppData\Local\WebpageIcons.db
Some files in TEMP:
====================
C:\Users\Dean\AppData\Local\Temp\AskSLib.dll
C:\Users\Dean\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\1irehevd.zyc.exe
C:\Users\Sandra\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54552D102.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54566C8F1.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54666C8C1.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd5468E1911.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd546A33101.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547380CB2.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547380D44.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547D74022.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd547D745A4.exe
C:\Users\Sandra\AppData\Local\Temp\GPUpd54A192121.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Sandra\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Sandra\AppData\Local\Temp\post2.dll
C:\Users\Sandra\AppData\Local\Temp\post2.exe
C:\Users\Sandra\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Sandra\AppData\Local\Temp\sqlite3.exe
C:\Users\Sandra\AppData\Local\Temp\UNT15E9.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\UNT15FE.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\UNT160F.tmp.exe
C:\Users\Sandra\AppData\Local\Temp\UNT1610.tmp.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-25 07:58
==================== End of log ============================
|
|
26.07.2015, 12:53
| #4 |
| /// the machine /// TB-Ausbilder | zu hoher Datenverbrauch, Malware Addition.txt bitte nochmal, da fehlt die Hälfte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.07.2015, 13:39
| #5 |
| | zu hoher Datenverbrauch, MalwareCode:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version: 26-07-2015
durchgeführt von Sandra an 2015-07-27 14:35:23
Gestartet von c:\Users\Sandra\Downloads
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-891572633-1774761820-252287049-500 - Administrator - Disabled)
Dean (S-1-5-21-891572633-1774761820-252287049-1001 - Limited - Enabled) => C:\Users\Dean
Gast (S-1-5-21-891572633-1774761820-252287049-501 - Limited - Disabled)
Sandra (S-1-5-21-891572633-1774761820-252287049-1000 - Administrator - Enabled) => C:\Users\Sandra
UpdatusUser (S-1-5-21-891572633-1774761820-252287049-1002 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\Amazon Amazon Cloud Player) (Version: 2.2.0.399 - Amazon Services LLC)
Ask Toolbar Updater (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.29495 - Ask.com) <==== ATTENTION
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.408 - Avira Operations GmbH & Co. KG)
Cheat Engine 6.4 (HKLM\...\Cheat Engine 6.4_is1) (Version: - Cheat Engine)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Chrome (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\Google Chrome) (Version: 23.0.1271.64 - Google Inc.)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Lightshot-5.2.1.1 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Paradise Beach Deluxe (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\Paradise Beach Deluxe) (Version: 1.0.0 - Zylom Games)
PDF Reader (HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\PDF Reader) (Version: - )
PDF Reader (HKU\S-1-5-21-891572633-1774761820-252287049-1001\...\PDF Reader) (Version: - )
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 2.80 - Philipp Winterberg)
Sparhandy Modem (HKLM\...\Sparhandy_Germany Silverstone HSPA USB MODEM_is1) (Version: - Sparhandy_Germany)
Unity Web Player (HKU\S-1-5-21-891572633-1774761820-252287049-1000\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
XSManager (HKLM\...\XSManager) (Version: 3.2 - XSManager)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Sandra\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.3\psuser.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-891572633-1774761820-252287049-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.22.5\psuser.dll Keine Datei
==================== Wiederherstellungspunkte =========================
ATTENTION: Systemwiederherstellung ist deaktiviert
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2006-11-02 12:23 - 2010-08-07 16:12 - 00415906 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
Da befinden sich 1000 zusätzliche Einträge.
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04672349-6C87-4543-9E6C-29D0CCC90F34} - \GPUP No Task File <==== ATTENTION
Task: {05C028A0-C11B-4F15-B923-6B0DCD16EC40} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-2 No Task File <==== ATTENTION
Task: {06B3ECA7-D67D-4DAE-A65C-4A16AA407F52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)
Task: {127E4671-C565-43C0-A807-EDAA43B6BE0E} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-1 No Task File <==== ATTENTION
Task: {17C0D0B4-5297-416C-89B6-70D62348D1AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1D03FC86-0B87-442D-A3F6-00565DC6AD8D} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {279DCF4B-0AAA-4E8C-96A7-BC8E6FE40037} - System32\Tasks\ScanSoft Background Update => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
Task: {3242C53A-87B1-4E03-A12D-E65046410206} - System32\Tasks\{BBC0DD05-563E-45DE-94E3-3D78AA7B2DA8} => C:\Program Files\Skype\Phone\Skype.exe
Task: {4599A9A7-2950-49DA-9642-DFABDDB5A0CE} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-3 No Task File <==== ATTENTION
Task: {4A8AE827-7072-4A34-8F33-77D2F9805363} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sandra => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {4C2DE83B-06EF-4D34-8F6A-CF64C36B082D} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-3 No Task File <==== ATTENTION
Task: {4FA0E1BD-A5D1-4902-910A-FF8524AE7147} - System32\Tasks\{9E9A01BD-BCCD-4B27-9326-E45F95CFF5CD} => pcalua.exe -a "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" -d C:\Users\Sandra\Desktop -c "C:\Program Files\RealArcade\Installer\bin\..\installerMain.clf" "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WVGCSFN\gameInitializer[1].rgi"
Task: {590E9503-34A9-4868-99E3-5CDAAA16A602} - System32\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {6606CB3F-EFF4-4107-A848-B7029DE6EFB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {69549D7C-CF36-47DD-A3E2-C9704D2A15C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6CA740DB-A552-42D6-8E81-453A8862BAC2} - \AmiUpdXp No Task File <==== ATTENTION
Task: {78EAAA95-67B2-48D8-B67E-2CE5B38B3E82} - \1a7b6d14-5032-407e-918a-1cdab2120f8e-4 No Task File <==== ATTENTION
Task: {7B3DBA45-99C5-4216-B2EF-E1CCA5D108B9} - System32\Tasks\{FA5F355F-9358-4DC5-9301-C2395B9662E9} => pcalua.exe -a C:\Users\Sandra\Documents\vlc-1.0.3-win32.exe -d C:\Users\Sandra\Documents
Task: {856ED67D-DEF9-447F-82D4-B8D739621AD8} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-5 No Task File <==== ATTENTION
Task: {88A46644-2A4D-4B05-9655-D38622DCC782} - System32\Tasks\{BC4D9D0F-7DF9-421D-A196-5DF2608A37C5} => pcalua.exe -a C:\Users\Sandra\Desktop\streamripper-windows-installer-1.64.6.exe -d C:\Users\Sandra\Desktop
Task: {96BCD58D-B94D-4717-8068-89EDB44C6EA5} - System32\Tasks\{41BFFA87-B312-43F9-AE86-C48DDF479674} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q9I9INF2\gamesplayerinstall.exe" -d C:\Users\Sandra\Desktop
Task: {A51642B9-2DC1-4268-9DD6-1D5F5FC1F573} - \SimpleFiles Installer Starter No Task File <==== ATTENTION
Task: {B8E12A15-CD06-4C84-9B38-0B43993598C4} - System32\Tasks\{B9615E8E-AFEA-4B25-8042-16B0D1EC9B17} => pcalua.exe -a "C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MNAY72AE\IE8-Setup-Full-32[1].exe" -d C:\Users\Sandra\Desktop
Task: {C2A98972-5255-46A0-BA57-0BAA9F59F799} - System32\Tasks\{4BB544CD-66D4-419C-B209-BEEE863EAFF5} => pcalua.exe -a C:\Users\Sandra\Desktop\softonic-Deutsch.exe -d C:\Users\Sandra\Desktop <==== ATTENTION
Task: {C6B5B700-5F50-4BDF-AFE0-8FAC63AC5F50} - System32\Tasks\AFC Secure Net Task => C:\Program Files\AFC Secure Net\amjob.exe <==== ATTENTION
Task: {CF87E585-8CF9-44D9-92B1-70DF85502219} - System32\Tasks\Google Updater and Installer => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D0260882-6FD0-4214-9AA5-A85C10C79D2E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D26D54EB-ED86-4549-AA55-10AFD4BF6595} - System32\Tasks\Program Security Task => C:\Program Files\Program Security\ProgramSecurity.exe [2015-04-08] (Secure Updater)
Task: {D7CC05C7-2469-4295-A0B3-C7B55306AFB5} - System32\Tasks\{C02FE5B2-2FE4-419B-9D53-4B5CBF562CDE} => pcalua.exe -a C:\Users\Sandra\Desktop\Download\qc848deu.exe -d C:\Users\Sandra\Desktop\Download
Task: {E7C317C7-946E-43E5-A9B5-61E1572C5722} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {EEDC6659-64C5-480B-8B1C-FE772757C3D2} - \f08de44e-751a-4092-ad9e-9c9a07ee0606-4 No Task File <==== ATTENTION
Task: {F8DA7A8C-6417-4D00-A265-E23F812C0583} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe
Task: {FADB5DAD-656F-432B-98A7-7AE8CB0CBDFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-24] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-09-22 08:39 - 2012-03-14 12:05 - 00053312 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ServiceManager.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 00329872 ____N () C:\Program Files\XSManager\WTGService.exe
2014-09-22 08:39 - 2012-10-29 13:08 - 00118784 _____ () C:\Program Files\Sparhandy Modem\BackgroundService\ModemListener.exe
2013-12-31 23:46 - 2013-12-12 21:56 - 03145536 _____ () C:\Users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 02091152 ____N () C:\Program Files\XSManager\XSManager.exe
2014-09-09 10:03 - 2013-04-15 18:40 - 00018576 ____N () C:\Program Files\XSManager\WTGDebugs.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00399504 ____N () C:\Program Files\XSManager\WtgCore.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00049808 ____N () C:\Program Files\XSManager\WtgDriverInstall.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00231568 ____N () C:\Program Files\XSManager\WtgUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00186512 ____N () C:\Program Files\XSManager\WtgDetection.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00092304 ____N () C:\Program Files\XSManager\WtgPorts.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00112784 ____N () C:\Program Files\XSManager\WtgDatabase.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\WtgDialup.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00145552 ____N () C:\Program Files\XSManager\WtgBluetooth.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\4GSystems_OneClickAssistantGer.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00604304 ____N () C:\Program Files\XSManager\WTGXMLUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00202896 ____N () C:\Program Files\XSManager\WTGSMSPCClient.Dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00011920 ____N () C:\Program Files\XSManager\4GSystems_WTGSMSPCClientGer.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00018064 ____N () C:\Program Files\XSManager\WTGDriverInstallX.Dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00263312 ____N () C:\Program Files\XSManager\WtgMobileBroadband7.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00546960 ____N () C:\Program Files\XSManager\WtgNdisQmiUtil.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 01374352 ____N () C:\Program Files\XSManager\NDISDirectDial.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00028304 ____N () C:\Program Files\XSManager\LogModule.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00084112 ____N () C:\Program Files\XSManager\ToolKit.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00067728 ____N () C:\Program Files\XSManager\tinyxml.dll
2014-09-09 10:03 - 2013-04-15 18:40 - 00444560 ____N () C:\Program Files\XSManager\sqlite3.dll
2014-04-11 09:38 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-11 09:38 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\Users\Sandra:zylomtest
AlternateDataStreams: C:\Users\Sandra:zylomtr{0000278T-TT9K-T8DU-07LG-28DG94S2MVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-6C5V-289TUR10SVUF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CV8I}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVBF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVF7}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVM5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-9MH3-26R8QGLT2VVT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVLB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVPT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVS5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVUD}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-ONL2-28KUTKHT8DD5}
AlternateDataStreams: C:\Users\Sandra:zylomtr{00013KEU-UKQE-K6V0-TONE-28JR2EO88NS1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VST}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVSB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-3BG4-281NL05DCVTO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-CMRU-27KCBJ656VVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVQN}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVTO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-ELL4-28F9S56GIVV1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-293SB52ICVVE}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG1-J24H-298CPF2SOVVG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-BTPP-21HGNJ8AQVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVHE}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVLT}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVI}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-1EMN-28M5NPU00VV4}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVTG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVVU}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV1}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-L1G2-28QRSPMS6VVH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVQ}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVB}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG3-S3H7-2A5PQROOQVVP}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-5TO3-2831TOKLCVVG}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-74E3-28689HMLOVVS}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVUK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVUV}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG4-RLQO-285DUDG5UVVH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVQN}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-8A6T-26VOTC6OMVV8}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVTK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVUH}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-C61F-283VSOALEVVK}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-EG1B-25KGP2UCCVUF}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG5-S5RF-2A7U3EJND000}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVND}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VVI}
AlternateDataStreams: C:\Users\Sandra:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28HCA9OPAVTD}
AlternateDataStreams: C:\Users\Sandra:zylomtr{007F99P2-504Q-L9VJ-AT87-509CA1F53AR6}
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_PVX2VCGFMV89V8N4TKBRVDNGCMXLJ4M28WLP36MVLGKMVW5FS4K5
AlternateDataStreams: C:\ProgramData\TEMP:008586AE
AlternateDataStreams: C:\ProgramData\TEMP:0406003C
AlternateDataStreams: C:\ProgramData\TEMP:041C0562
AlternateDataStreams: C:\ProgramData\TEMP:04BB186B
AlternateDataStreams: C:\ProgramData\TEMP:054F0F17
AlternateDataStreams: C:\ProgramData\TEMP:058A7351
AlternateDataStreams: C:\ProgramData\TEMP:070D9534
AlternateDataStreams: C:\ProgramData\TEMP:0C5BC70E
AlternateDataStreams: C:\ProgramData\TEMP:0E22C5DB
AlternateDataStreams: C:\ProgramData\TEMP:0E67073E
AlternateDataStreams: C:\ProgramData\TEMP:0E684AC9
AlternateDataStreams: C:\ProgramData\TEMP:0EC7A545
AlternateDataStreams: C:\ProgramData\TEMP:0F38B460
AlternateDataStreams: C:\ProgramData\TEMP:0F3F6B1E
AlternateDataStreams: C:\ProgramData\TEMP:109734F6
AlternateDataStreams: C:\ProgramData\TEMP:10D98D98
AlternateDataStreams: C:\ProgramData\TEMP:123A86B5
AlternateDataStreams: C:\ProgramData\TEMP:12D2EB9C
AlternateDataStreams: C:\ProgramData\TEMP:12EA4DC9
AlternateDataStreams: C:\ProgramData\TEMP:1316EAD4
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:178093AE
AlternateDataStreams: C:\ProgramData\TEMP:17F7AEA3
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC
AlternateDataStreams: C:\ProgramData\TEMP:193CB03B
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204
AlternateDataStreams: C:\ProgramData\TEMP:1B927722
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:1F4329D4
AlternateDataStreams: C:\ProgramData\TEMP:204BEE0F
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:225CD7D5
AlternateDataStreams: C:\ProgramData\TEMP:2495D97A
AlternateDataStreams: C:\ProgramData\TEMP:25249477
AlternateDataStreams: C:\ProgramData\TEMP:27F44544
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:2C678471
AlternateDataStreams: C:\ProgramData\TEMP:2D78CEB3
AlternateDataStreams: C:\ProgramData\TEMP:2E45FA8F
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C
AlternateDataStreams: C:\ProgramData\TEMP:2F6462DF
AlternateDataStreams: C:\ProgramData\TEMP:2FBB2B9B
AlternateDataStreams: C:\ProgramData\TEMP:2FC7B9E4
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:32FC67BC
AlternateDataStreams: C:\ProgramData\TEMP:32FFF2D1
AlternateDataStreams: C:\ProgramData\TEMP:35C78DCC
AlternateDataStreams: C:\ProgramData\TEMP:35FAD15D
AlternateDataStreams: C:\ProgramData\TEMP:3651A580
AlternateDataStreams: C:\ProgramData\TEMP:36A39835
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:386B39C3
AlternateDataStreams: C:\ProgramData\TEMP:38FF076E
AlternateDataStreams: C:\ProgramData\TEMP:3AD6342E
AlternateDataStreams: C:\ProgramData\TEMP:3B812EE0
AlternateDataStreams: C:\ProgramData\TEMP:3D186293
AlternateDataStreams: C:\ProgramData\TEMP:3D36932D
AlternateDataStreams: C:\ProgramData\TEMP:3D6B89CE
AlternateDataStreams: C:\ProgramData\TEMP:3DB6F365
AlternateDataStreams: C:\ProgramData\TEMP:3E06C78F
AlternateDataStreams: C:\ProgramData\TEMP:405D842B
AlternateDataStreams: C:\ProgramData\TEMP:413E2927
AlternateDataStreams: C:\ProgramData\TEMP:425759C6
AlternateDataStreams: C:\ProgramData\TEMP:42A3BDD7
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0
AlternateDataStreams: C:\ProgramData\TEMP:47A24D4B
AlternateDataStreams: C:\ProgramData\TEMP:48977386
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4B1195DD
AlternateDataStreams: C:\ProgramData\TEMP:4C528C86
AlternateDataStreams: C:\ProgramData\TEMP:4E243396
AlternateDataStreams: C:\ProgramData\TEMP:4E6B8D68
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4
AlternateDataStreams: C:\ProgramData\TEMP:4EF94CF3
AlternateDataStreams: C:\ProgramData\TEMP:4FE30352
AlternateDataStreams: C:\ProgramData\TEMP:4FE42FFC
AlternateDataStreams: C:\ProgramData\TEMP:50636E35
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:5197985B
AlternateDataStreams: C:\ProgramData\TEMP:5335CE76
AlternateDataStreams: C:\ProgramData\TEMP:53DF59D1
AlternateDataStreams: C:\ProgramData\TEMP:551BED5F
AlternateDataStreams: C:\ProgramData\TEMP:55E1514E
AlternateDataStreams: C:\ProgramData\TEMP:56C17A93
AlternateDataStreams: C:\ProgramData\TEMP:57176330
AlternateDataStreams: C:\ProgramData\TEMP:57B2B96C
AlternateDataStreams: C:\ProgramData\TEMP:583FE1DA
AlternateDataStreams: C:\ProgramData\TEMP:592D7272
AlternateDataStreams: C:\ProgramData\TEMP:5A8F8A0C
AlternateDataStreams: C:\ProgramData\TEMP:5AE33054
AlternateDataStreams: C:\ProgramData\TEMP:5D10C56A
AlternateDataStreams: C:\ProgramData\TEMP:5D351BC6
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:5F538558
AlternateDataStreams: C:\ProgramData\TEMP:5FA4CB99
AlternateDataStreams: C:\ProgramData\TEMP:6017A808
AlternateDataStreams: C:\ProgramData\TEMP:61A065F2
AlternateDataStreams: C:\ProgramData\TEMP:61B54B15
AlternateDataStreams: C:\ProgramData\TEMP:6247E766
AlternateDataStreams: C:\ProgramData\TEMP:62525FE7
AlternateDataStreams: C:\ProgramData\TEMP:63B94956
AlternateDataStreams: C:\ProgramData\TEMP:661DC753
AlternateDataStreams: C:\ProgramData\TEMP:663B62CA
AlternateDataStreams: C:\ProgramData\TEMP:66871744
AlternateDataStreams: C:\ProgramData\TEMP:68A56598
AlternateDataStreams: C:\ProgramData\TEMP:69AF9D20
AlternateDataStreams: C:\ProgramData\TEMP:6E11933F
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:6FD26134
AlternateDataStreams: C:\ProgramData\TEMP:6FD3C973
AlternateDataStreams: C:\ProgramData\TEMP:6FE17A89
AlternateDataStreams: C:\ProgramData\TEMP:701FCC18
AlternateDataStreams: C:\ProgramData\TEMP:708BB0FA
AlternateDataStreams: C:\ProgramData\TEMP:7124B44D
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:71FA8B7F
AlternateDataStreams: C:\ProgramData\TEMP:73461BFA
AlternateDataStreams: C:\ProgramData\TEMP:737160C1
AlternateDataStreams: C:\ProgramData\TEMP:73AFBB96
AlternateDataStreams: C:\ProgramData\TEMP:74091520
AlternateDataStreams: C:\ProgramData\TEMP:7547DA5B
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9
AlternateDataStreams: C:\ProgramData\TEMP:7881FECE
AlternateDataStreams: C:\ProgramData\TEMP:7A032A04
AlternateDataStreams: C:\ProgramData\TEMP:7A3AAF2E
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB
AlternateDataStreams: C:\ProgramData\TEMP:80EA2EA3
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:8140CB50
AlternateDataStreams: C:\ProgramData\TEMP:81653DC8
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:883EDFB5
AlternateDataStreams: C:\ProgramData\TEMP:88698068
AlternateDataStreams: C:\ProgramData\TEMP:88A44CC1
AlternateDataStreams: C:\ProgramData\TEMP:8924043A
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C
AlternateDataStreams: C:\ProgramData\TEMP:8AD1F2E0
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8BA6C9F8
AlternateDataStreams: C:\ProgramData\TEMP:8BFA0030
AlternateDataStreams: C:\ProgramData\TEMP:8CCDAB14
AlternateDataStreams: C:\ProgramData\TEMP:8D5A0C4E
AlternateDataStreams: C:\ProgramData\TEMP:8FA72FF8
AlternateDataStreams: C:\ProgramData\TEMP:9026FFAC
AlternateDataStreams: C:\ProgramData\TEMP:90D89144
AlternateDataStreams: C:\ProgramData\TEMP:918B7566
AlternateDataStreams: C:\ProgramData\TEMP:91DEEE71
AlternateDataStreams: C:\ProgramData\TEMP:92A815D8
AlternateDataStreams: C:\ProgramData\TEMP:93B0BB6F
AlternateDataStreams: C:\ProgramData\TEMP:943E8182
AlternateDataStreams: C:\ProgramData\TEMP:953FDC1A
AlternateDataStreams: C:\ProgramData\TEMP:957E9765
AlternateDataStreams: C:\ProgramData\TEMP:97C4F81F
AlternateDataStreams: C:\ProgramData\TEMP:98982C88
AlternateDataStreams: C:\ProgramData\TEMP:996104FC
AlternateDataStreams: C:\ProgramData\TEMP:9A7BF72D
AlternateDataStreams: C:\ProgramData\TEMP:9AE67195
AlternateDataStreams: C:\ProgramData\TEMP:9D03192E
AlternateDataStreams: C:\ProgramData\TEMP:9DB67071
AlternateDataStreams: C:\ProgramData\TEMP:9DCE3A1C
AlternateDataStreams: C:\ProgramData\TEMP:9E9A3410
AlternateDataStreams: C:\ProgramData\TEMP:9F50A55A
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A0C7D68A
AlternateDataStreams: C:\ProgramData\TEMP:A0CB43B2
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00
AlternateDataStreams: C:\ProgramData\TEMP:A296A63F
AlternateDataStreams: C:\ProgramData\TEMP:A5584049
AlternateDataStreams: C:\ProgramData\TEMP:A5FC8FA1
AlternateDataStreams: C:\ProgramData\TEMP:A60D0FA6
AlternateDataStreams: C:\ProgramData\TEMP:A6CDBCAC
AlternateDataStreams: C:\ProgramData\TEMP:A7B70C4E
AlternateDataStreams: C:\ProgramData\TEMP:AABCC5A7
AlternateDataStreams: C:\ProgramData\TEMP:AB82C54F
AlternateDataStreams: C:\ProgramData\TEMP:AC0528D9
AlternateDataStreams: C:\ProgramData\TEMP:AC57032B
AlternateDataStreams: C:\ProgramData\TEMP:AC73CDCE
AlternateDataStreams: C:\ProgramData\TEMP:AD727397
AlternateDataStreams: C:\ProgramData\TEMP:ADFAD95A
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B093E177
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:B4980368
AlternateDataStreams: C:\ProgramData\TEMP:B64F7263
AlternateDataStreams: C:\ProgramData\TEMP:B8EA2C49
AlternateDataStreams: C:\ProgramData\TEMP:B8EB1B99
AlternateDataStreams: C:\ProgramData\TEMP:BD27B7FC
AlternateDataStreams: C:\ProgramData\TEMP:BD8C785E
AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530
AlternateDataStreams: C:\ProgramData\TEMP:BDF08FAF
AlternateDataStreams: C:\ProgramData\TEMP:BE40C8A2
AlternateDataStreams: C:\ProgramData\TEMP:BF6C81B2
AlternateDataStreams: C:\ProgramData\TEMP:C07A6A6B
AlternateDataStreams: C:\ProgramData\TEMP:C0A9D0E7
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C30487EE
AlternateDataStreams: C:\ProgramData\TEMP:C3392F75
AlternateDataStreams: C:\ProgramData\TEMP:C35B4B19
AlternateDataStreams: C:\ProgramData\TEMP:C36B1175
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:C4AB79AE
AlternateDataStreams: C:\ProgramData\TEMP:C5E2BAEE
AlternateDataStreams: C:\ProgramData\TEMP:C611D6C8
AlternateDataStreams: C:\ProgramData\TEMP:C72A744C
AlternateDataStreams: C:\ProgramData\TEMP:C76CFF82
AlternateDataStreams: C:\ProgramData\TEMP:C7973317
AlternateDataStreams: C:\ProgramData\TEMP:C81D3839
AlternateDataStreams: C:\ProgramData\TEMP:C86B29EB
AlternateDataStreams: C:\ProgramData\TEMP:C9CDDE5E
AlternateDataStreams: C:\ProgramData\TEMP:CA0CE093
AlternateDataStreams: C:\ProgramData\TEMP:CA8D6B60
AlternateDataStreams: C:\ProgramData\TEMP:CA99FD89
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8
AlternateDataStreams: C:\ProgramData\TEMP:CB0EB1DE
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F
AlternateDataStreams: C:\ProgramData\TEMP:CE6885F1
AlternateDataStreams: C:\ProgramData\TEMP:CF1334B0
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:CFDE7852
AlternateDataStreams: C:\ProgramData\TEMP:CFFC9DD0
AlternateDataStreams: C:\ProgramData\TEMP:D0D17155
AlternateDataStreams: C:\ProgramData\TEMP:D2397415
AlternateDataStreams: C:\ProgramData\TEMP:D2C57161
AlternateDataStreams: C:\ProgramData\TEMP:D2D4B33E
AlternateDataStreams: C:\ProgramData\TEMP:D354012D
AlternateDataStreams: C:\ProgramData\TEMP:D390A6A7
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31
AlternateDataStreams: C:\ProgramData\TEMP:D453E38B
AlternateDataStreams: C:\ProgramData\TEMP:D46ECFD5
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6
AlternateDataStreams: C:\ProgramData\TEMP:D74C2847
AlternateDataStreams: C:\ProgramData\TEMP:D8D58038
AlternateDataStreams: C:\ProgramData\TEMP:D8F9D810
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E
AlternateDataStreams: C:\ProgramData\TEMP:DC21D414
AlternateDataStreams: C:\ProgramData\TEMP:DD04902E
AlternateDataStreams: C:\ProgramData\TEMP:DE47A3DA
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:DF0BC727
AlternateDataStreams: C:\ProgramData\TEMP:E14FA16F
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC
AlternateDataStreams: C:\ProgramData\TEMP:E1D818F7
AlternateDataStreams: C:\ProgramData\TEMP:E3B5F2D1
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E4FCDFD9
AlternateDataStreams: C:\ProgramData\TEMP:E6A96BE9
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E732B44B
AlternateDataStreams: C:\ProgramData\TEMP:E774F04D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:E7B49FBF
AlternateDataStreams: C:\ProgramData\TEMP:E7C9DAAE
AlternateDataStreams: C:\ProgramData\TEMP:E8CB831A
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:EA1919C7
AlternateDataStreams: C:\ProgramData\TEMP:EA701346
AlternateDataStreams: C:\ProgramData\TEMP:EA7D76BE
AlternateDataStreams: C:\ProgramData\TEMP:EAEE7554
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC
AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0
AlternateDataStreams: C:\ProgramData\TEMP:EDC744FB
AlternateDataStreams: C:\ProgramData\TEMP:EEED3F26
AlternateDataStreams: C:\ProgramData\TEMP:EF0C5444
AlternateDataStreams: C:\ProgramData\TEMP:EF5B3572
AlternateDataStreams: C:\ProgramData\TEMP:F0A06891
AlternateDataStreams: C:\ProgramData\TEMP:F3029A65
AlternateDataStreams: C:\ProgramData\TEMP:F3EFA8A8
AlternateDataStreams: C:\ProgramData\TEMP:F43B7E8F
AlternateDataStreams: C:\ProgramData\TEMP:F7370879
AlternateDataStreams: C:\ProgramData\TEMP:F7F6E6CB
AlternateDataStreams: C:\ProgramData\TEMP:F81E7082
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:F9E46E4C
AlternateDataStreams: C:\ProgramData\TEMP:F9EDCFB0
AlternateDataStreams: C:\ProgramData\TEMP:FAFEC4B9
AlternateDataStreams: C:\ProgramData\TEMP:FB647F34
AlternateDataStreams: C:\ProgramData\TEMP:FD000392
AlternateDataStreams: C:\ProgramData\TEMP:FD38E906
AlternateDataStreams: C:\ProgramData\TEMP:FECEF728
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer trusted/restricted ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7358 mehr eingeschränkte Seiten.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-891572633-1774761820-252287049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sandra\Application Data\Pictures\Drache1.jpg
HKU\S-1-5-21-891572633-1774761820-252287049-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dean\AppData\Roaming\Jewel Match 3\wallpaper_4.bmp
HKU\S-1-5-21-891572633-1774761820-252287049-1002\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 193.189.244.206 - 193.189.244.225
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: )
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{637B9502-262B-4680-8440-9F93780503AB}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4B1D55F8-D758-4657-AC3A-DE59BD432B5C}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{763A9BFE-AF9D-4598-AB33-0CAC42C4329F}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{82E6866A-456B-4FA2-9255-CEA55E07F257}] => (Allow) C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
FirewallRules: [{8532313D-6991-4F90-9020-D160BD8A8231}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{9017EDC8-49B9-46D6-8FA3-C11EBC31FCBC}] => (Allow) C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
FirewallRules: [{37EFC497-31E9-4305-80D8-8FD93559F3DF}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{9EA43957-1A2C-419E-8F50-22BF8DE39B4C}] => (Allow) C:\Program Files\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [TCP Query User{73E83C09-C343-42F5-9C06-7F29244FF95A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{5EC8FB2D-F09E-4C5A-B679-54FADA91474C}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{6F4D1074-856A-4C64-ACF8-1CD93154FD0F}] => (Allow) LPort=80
FirewallRules: [{2B5F215C-83D8-405F-B200-FA3FDBA04952}] => (Allow) LPort=80
FirewallRules: [{08C8CF5F-BCE2-42AD-A410-83781F5BCAC2}] => (Allow) LPort=80
FirewallRules: [{BDA735D0-96F0-44A4-8EA9-FC9899EE3BE7}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe
FirewallRules: [{399DF4C3-B2CC-4BB5-A184-3794FE94AF1F}] => (Allow) C:\Program Files\congstar\Internetmanager\Bin\MainApp.exe
FirewallRules: [{4DC96EA1-4031-485D-973D-1E0610F18211}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{703AC5DC-7522-4A5E-BAB6-EBE9B22E80F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{693FFD98-9206-4546-9E8B-515167CFDED1}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [UDP Query User{2DB7ECB7-1B5A-42D4-A8C1-1637A28909B6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [TCP Query User{0ED3ABDE-419A-434E-8596-7305420D9041}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{6DCD1365-4EA1-411A-977B-99384019AD14}C:\program files\mozilla firefox\plugin-container.exe] => (Block) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{0921335B-E9C8-4FCC-94EC-E44FB6528D9A}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [UDP Query User{9F6876B9-17C8-4B97-ADAB-8ECEB11B70A6}C:\program files\srware iron\iron.exe] => (Block) C:\program files\srware iron\iron.exe
FirewallRules: [{94631EAF-E186-4D79-8B1C-8D1900F8E2D1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{64977571-955F-4037-91F7-77A705548C8F}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe
FirewallRules: [{99A14943-855E-48FF-9794-EC516BE5D315}] => (Allow) C:\Program Files\Norpalla\bin\Norpalla.BRT.Helper.exe
FirewallRules: [{A631F5FE-0753-4E43-98C5-953A91EAE2F4}] => (Allow) C:\Program Files\Bench\Proxy\proc.exe
FirewallRules: [{666CE59E-EEF3-49BB-AF43-8645562FA2DE}] => (Allow) C:\Program Files\Bench\Proxy\pwdg.exe
FirewallRules: [{827C6E82-CF2B-4BAE-ADF2-D78AC6A4761A}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe
FirewallRules: [{0B8A5018-DC8F-41A9-AC1F-E6FEDFC84BCA}] => (Allow) C:\Users\Sandra\uber-strike-cheats-ohne.exe
FirewallRules: [{79F79E0B-50B1-4617-9B45-36391DF95D42}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{2C11D001-28E2-4BD0-9E9F-9F6F7AF546F7}] => (Allow) C:\Program Files\SimpleFiles\SimpleFiles.exe
FirewallRules: [{B0040FE3-CDCC-4F29-B004-87F4A6574B76}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{CC29AF40-6ED8-4CE4-B529-003AEC14CED2}] => (Allow) C:\Program Files\SimpleFiles\downloader.exe
FirewallRules: [{09EFE728-7DFF-46DE-8882-65BA0AFAC8D1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{E189E505-C50E-465C-BEC6-C6B777FFB910}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8CA9262A-0035-43CE-8CC2-4191FAFA1ADF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{789BFD34-EEE8-45EF-8A5B-071CE20B26E9}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{C352FDDF-4836-4F23-A92A-F8E58BDF829D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{49DB607C-93BE-4DE2-A90B-007796BCC80E}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{F4A3DCDE-5A33-4E9D-8E66-AA41066E6DC3}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{F9F0F3DE-5AE4-45F1-8A61-30484AAEC5A6}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{BE2E9025-8DB8-430E-BD83-F989B5EF45D1}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{00EDA72F-48BB-431A-8289-56EEE99128CF}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (07/27/2015 01:28:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000065,
Prozess-ID 0x15b0, Anwendungsstartzeit XSManager.exe0.
Error: (07/26/2015 07:50:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x6c61766e,
Prozess-ID 0x1578, Anwendungsstartzeit XSManager.exe0.
Error: (07/26/2015 01:06:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0000005e,
Prozess-ID 0x978, Anwendungsstartzeit XSManager.exe0.
Error: (07/25/2015 07:22:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x54206563,
Prozess-ID 0x9c8, Anwendungsstartzeit XSManager.exe0.
Error: (07/25/2015 06:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung XSManager.exe, Version 0.0.0.0, Zeitstempel 0x5167e246, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0000004c,
Prozess-ID 0xcbc, Anwendungsstartzeit XSManager.exe0.
Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/25/2015 03:24:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/25/2015 03:24:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (07/25/2015 03:21:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CCSSMIDAS-A.AKAMAIHD.NET\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Systemfehler:
=============
Microsoft Office:
=========================
Error: (07/27/2015 01:28:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000050000006515b001d0c7d847a629b4
Error: (07/26/2015 07:50:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000056c61766e157801d0c7aa58aee7c4
Error: (07/26/2015 01:06:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000050000005e97801d0c7799a425f94
Error: (07/25/2015 07:22:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c0000005542065639c801d0c6f94cb0ad12
Error: (07/25/2015 06:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: XSManager.exe0.0.0.05167e246unknown0.0.0.000000000c00000050000004ccbc01d0c6f43c41aec2
Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL
Error: (07/25/2015 03:49:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#S79.RESEARCH.DE.COM\SETTINGS.SOL
Error: (07/25/2015 03:24:41 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL
Error: (07/25/2015 03:24:40 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#AZ685032.VO.MSECND.NET\SETTINGS.SOL
Error: (07/25/2015 03:21:36 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\SANDRA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\LBZQXNMY\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#CCSSMIDAS-A.AKAMAIHD.NET\SETTINGS.SOL
CodeIntegrity Fehler:
===================================
Date: 2015-07-24 21:23:39.648
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 20:05:19.745
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 20:05:19.355
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 20:05:18.981
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 20:05:18.591
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 20:05:18.216
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 20:05:17.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 19:56:03.404
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 19:53:35.170
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-07-24 11:15:10.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\iS3\STOPzilla AntiVirus\Drivers\i386\w2k\SBTIS.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
Percentage of memory in use: 45%
Total physical RAM: 2046.45 MB
Available physical RAM: 1106.8 MB
Total Virtual: 4337.89 MB
Available Virtual: 2445.46 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.31 GB) (Free:124.5 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:117.19 GB) (Free:106.48 GB) NTFS
Drive e: () (Fixed) (Total:153.26 GB) (Free:147.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B74FD3AC)
Partition 1: (Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=153.3 GB) - (Type=07 NTFS)
==================== Ende vom log ============================
Geändert von xXxPhoenixX (27.07.2015 um 13:40 Uhr) Grund: Hey, hier nochmal die Addition, ich hoffe es ist jetzt vollständig :) Vielen Dank |
|
28.07.2015, 07:01
| #6 |
| /// the machine /// TB-Ausbilder | zu hoher Datenverbrauch, Malware Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ --> zu hoher Datenverbrauch, Malware |
|
28.07.2015, 12:04
| #7 |
| | zu hoher Datenverbrauch, Malware Hey, hab mir zuerst den Revo Uninstaller runter geladen und nach der Ask Toolbar gesucht. Die war dort aber nicht zu finden... Dann habe ich Combofix runter geladen und bin, soweit ich konnte, den Anweisungen gefolgt. Ich habe Avira per Task Manager deaktiviert, weil ich nicht wusste, wie ich es sonst ausschalte. Leider hat Combofix einen Neustart gemacht und direkt angefangen, so dass Avira wieder aktiviert wurde.... soweit hat es hoffentlich keine Probleme verursacht^^ Hier ist der Combo Log File : Code:
ATTFilter ComboFix 15-07-23.01 - Sandra 28.07.2015 9:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.902 [GMT 2:00]
ausgeführt von:: c:\users\Sandra\Downloads\ComboFix.exe
AV: Avira Antivirus *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\UNWISE.EXE
c:\users\Sandra\AppData\Local\.#
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\de\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\en\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\en_US\messages-sim.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\en_US\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\es\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\fr\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\it\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_locales\pt_BR\messages.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_metadata\computed_hashes.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\_metadata\verified_contents.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\api-rules.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\app.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\blocked.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\base\search.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\content.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\engines\ask.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\engines\duckduckgo.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\engines\google.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\content\search.css
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Bold.eot
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Bold.woff
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Light.eot
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro-Light.woff
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro.eot
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\fonts\KievitWebPro.woff
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\animated-overlay.gif
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_diagonals-thick_18_b81900_40x40.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_diagonals-thick_20_666666_40x40.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_flat_10_000000_40x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_glass_100_f6f6f6_1x400.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_glass_100_fdf5ce_1x400.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_glass_65_ffffff_1x400.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_gloss-wave_35_f6a828_500x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_highlight-soft_100_eeeeee_1x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-bg_highlight-soft_75_ffe45c_1x100.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_222222_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_228ef1_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_ef8c08_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_ffd27a_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\css\images\ui-icons_ffffff_256x240.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\blocked.html
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\locale.html
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\templates\indexed.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\html\top.html
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\de-DE.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\en-US.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\es-ES.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\fr-FR.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\it-IT.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\i18n\pt-BR.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\abs_avira_umbrella_white.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\absb-attention.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\absb-checks.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\absb-close.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon128.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon16.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon24.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon32.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_icon48.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_logo.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\avira_logo.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_safe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_safe_lg.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_unsafe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\classification_unsafe_lg.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\close-offers-bar.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\close.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_close.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_close_white.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_feedback.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_dark.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_dark.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_light.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_light.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\dash_search_normal.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\expand-arrow.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\info_empty.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\info_full.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\question-mark.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\scroll-down.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\serp_info_safe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\serp_info_unsafe.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\settings-24.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\switch-on.png
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\trackers_icon.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\trackers_icon_nb.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\img\white_check.svg
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\app.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\background.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\blocked.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\content.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\content_start.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\locale.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\search.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\js\bunches\standalone.js
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.10_0\manifest.json
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\000003.log
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\CURRENT
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOCK
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG.old
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\MANIFEST-000001
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage-journal
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage
c:\users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-06-28 bis 2015-07-28 ))))))))))))))))))))))))))))))
.
.
2015-07-28 07:52 . 2015-07-28 07:55 -------- d-----w- c:\users\Sandra\AppData\Local\temp
2015-07-28 07:52 . 2015-07-28 07:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-07-28 07:52 . 2015-07-28 07:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-28 07:52 . 2015-07-28 07:52 -------- d-----w- c:\users\Dean\AppData\Local\temp
2015-07-28 07:30 . 2015-07-28 07:30 -------- d-----w- c:\program files\VS Revo Group
2015-07-28 07:30 . 2015-07-15 01:33 9252608 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E271F09B-5B72-4040-9E44-2ACF6E480572}\mpengine.dll
2015-07-27 22:52 . 2015-07-27 22:53 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-27 22:51 . 2015-07-27 22:51 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2015-07-27 22:51 . 2015-06-18 06:41 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-27 22:51 . 2015-06-18 06:41 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-27 22:51 . 2015-06-18 06:41 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-27 22:38 . 2015-07-27 22:48 -------- d-----w- c:\users\Sandra\AppData\Roaming\ReviverSoft
2015-07-25 06:14 . 2015-07-27 12:36 -------- d-----w- C:\FRST
2015-07-24 21:06 . 2015-07-24 21:06 -------- d-----w- c:\users\Sandra\AppData\Local\FullTiltPoker.eu
2015-07-24 17:52 . 2015-07-24 17:52 -------- d-----w- c:\programdata\Malwarebytes
2015-07-24 15:36 . 2015-07-24 15:37 -------- d-----w- c:\users\Dean\AppData\Roaming\XSManager
2015-07-24 14:27 . 2015-07-24 14:56 -------- d-----w- c:\users\Sandra\AppData\Roaming\SECRV
2015-07-21 11:00 . 2015-07-14 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-07-21 11:00 . 2015-07-14 14:23 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-07-21 10:40 . 2015-07-21 10:40 -------- d-----w- c:\programdata\VIPRE
2015-07-21 10:40 . 2015-07-21 10:40 -------- d-----w- c:\program files\Common Files\AV
2015-07-21 10:11 . 2015-07-24 09:14 -------- d-----w- c:\programdata\STOPzilla!
2015-07-21 10:11 . 2015-07-21 10:11 -------- d-----w- c:\program files\iS3
2015-07-15 11:05 . 2015-06-25 02:57 2066432 ----a-w- c:\windows\system32\win32k.sys
2015-07-15 11:04 . 2015-07-03 16:04 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-07-15 11:04 . 2015-06-17 15:09 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-07-15 11:04 . 2015-06-17 16:50 2264576 ----a-w- c:\windows\system32\msi.dll
2015-07-15 11:03 . 2015-06-12 16:01 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-07-15 11:02 . 2015-05-31 08:11 225792 ----a-w- c:\windows\system32\cewmdm.dll
2015-07-15 11:01 . 2015-06-27 14:21 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 11:01 . 2015-06-27 14:21 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 11:01 . 2015-01-09 00:17 107008 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-07-15 11:01 . 2015-06-27 16:02 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 11:01 . 2015-06-27 16:03 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 11:01 . 2015-06-27 16:02 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 11:01 . 2015-06-27 16:01 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-07-15 11:01 . 2015-06-12 13:13 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-07-09 12:42 . 2015-07-27 23:12 -------- d-----w- c:\program files\AFC Secure Net
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-27 09:50 . 2013-08-06 18:29 136728 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-07-27 09:50 . 2013-08-06 18:29 108448 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-07-24 16:38 . 2014-08-31 16:38 70144 ----a-w- c:\windows\system32\tasks.dll
2015-07-24 15:35 . 2014-09-09 08:03 120320 ----a-w- c:\windows\system32\drivers\cmntnet.sys
2015-07-24 15:35 . 2014-09-09 08:03 107520 ----a-w- c:\windows\system32\drivers\cmnuusbser.sys
2015-07-24 15:35 . 2014-09-09 08:03 103424 ----a-w- c:\windows\system32\drivers\cmnsusbser.sys
2015-07-24 15:35 . 2014-09-09 08:03 52128 ----a-w- c:\windows\system32\drivers\smsbda.sys
2015-07-24 15:35 . 2014-09-09 08:03 19968 ----a-w- c:\windows\system32\drivers\MobileBroadbandDCUsb.sys
2015-07-24 15:35 . 2014-09-09 08:03 134144 ----a-w- c:\windows\system32\drivers\MobileBroadbandDCWwan.sys
2015-07-24 15:35 . 2014-09-09 08:03 118272 ----a-w- c:\windows\system32\drivers\cm_seramd.sys
2015-07-24 15:35 . 2014-09-09 08:03 112640 ----a-w- c:\windows\system32\drivers\cm_net32.sys
2015-07-24 15:35 . 2014-09-09 08:03 108032 ----a-w- c:\windows\system32\drivers\MobileBroadbandDCser.sys
2015-07-24 15:35 . 2014-09-09 08:03 103680 ----a-w- c:\windows\system32\drivers\cm_ser32.sys
2015-07-24 15:35 . 2014-09-09 08:03 133120 ----a-w- c:\windows\system32\drivers\cm_netamd.sys
2015-07-14 19:21 . 2013-03-28 10:00 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-14 19:21 . 2013-03-28 10:00 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-23 11:27 . 2009-10-02 23:33 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-05-21 14:34 . 2013-08-06 18:29 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-05-04 22:50 . 2015-06-10 11:00 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-05-04 22:50 . 2015-06-10 11:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-05-04 22:50 . 2015-06-10 11:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2015-05-04 21:21 . 2015-06-10 11:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2015-04-30 16:03 . 2015-05-13 11:22 279040 ----a-w- c:\windows\system32\schannel.dll
2015-04-30 13:14 . 2015-05-13 11:20 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Amazon Cloud Player"="c:\users\Sandra\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-12-12 3145536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-07-27 782008]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-04 6957600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"Sparhandy_Germany Silverstone ModemListener"="c:\program files\Sparhandy Modem\BackgroundService\ModemListener.exe" [2012-10-29 118784]
"Lightshot"="c:\program files\Skillbrains\lightshot\Lightshot.exe" [2014-11-18 226560]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Facebook Update"="c:\users\Sandra\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"WaitingDog"=c:\windows\StiD1210.exe
"WrtMon.exe"=c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
"WPCUMI"=c:\windows\system32\WpcUmi.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-26 09:04 995144 ----a-w- c:\program files\Google\Chrome\Application\44.0.2403.107\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-28 19:21]
.
2015-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-07-24 15:56]
.
2015-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-07-24 15:56]
.
2015-07-27 c:\windows\Tasks\update-S-1-5-21-891572633-1774761820-252287049-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-09-03 16:44]
.
2015-07-27 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-09-03 16:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://safesearch.avira.com/
uDefault_Search_URL = https://safesearch.avira.com/
mStart Page = https://safesearch.avira.com/
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZDr--M9JXGUna05R2BP17RpXVs30Ualts2GY0E5kZy9bj1-D5FzAOyuCNK0jPtP0NKvweD1kIv8ofmpXIF8jX4EliaRKEeGd2CKEVglZ3Zdzro1Sm3MUs3MQgS4oaZNsGovomPOcVdUJA,,&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Save YouTube Video as MP3
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 193.189.244.206 193.189.244.225
DPF: {E1342154-4889-42B5-BEF6-19237577048F} - hxxp://gamescenter.sat1.de/online2/insaniquarium/oberongamesloader.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
WebBrowser-{9613CB43-EA4C-48B5-878D-13DFE1818EFE} - (no file)
HKCU-Run-LightShot - c:\users\Sandra\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9613CB43-EA4C-48B5-878D-13DFE1818EFE}"=hex:51,66,7a,6c,4c,1d,38,12,2d,c8,00,
92,7e,a4,db,0d,f8,9b,50,9f,e4,df,ca,ea
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b,
9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff,
2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E141F5C3-2619-4996-8AF8-AA0A9439D986}"=hex:51,66,7a,6c,4c,1d,38,12,ad,f6,52,
e5,2b,68,f8,0c,f5,ee,e9,4a,91,67,9d,92
"{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1,
93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7e,34,32,1c,3a,26,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Sparhandy Modem\BackgroundService\ServiceManager.exe
c:\program files\TeamViewer\Version5\TeamViewer_Service.exe
c:\program files\XSManager\WTGService.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-07-28 10:01:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-07-28 08:00
.
Vor Suchlauf: 10 Verzeichnis(se), 133.911.064.576 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 135.091.974.144 Bytes frei
.
- - End Of File - - 19AEFF162B9D549CDD1FDB948D1454FA
5C616939100B85E558DA92B899A0FC36
Vielen Dank noch mal für deine Hilfe, ohne die wäre ich aufgeschmissen  Ach sry, ich meine natürlich KB und nicht MB ^^ Geändert von xXxPhoenixX (28.07.2015 um 11:27 Uhr) |
|
29.07.2015, 06:42
| #8 |
| /// the machine /// TB-Ausbilder | zu hoher Datenverbrauch, Malware Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.08.2015, 09:01
| #9 |
| | zu hoher Datenverbrauch, Malware Hey, ich habe das jetzt ein bissel beobachtet und es ist teilweise besser geworden. D.h. manchmal surfe ich ohne Probleme, dann mach ich 1 std später wieder den PC an und es zieht wieder irgendwas wie verrückt Daten, ohne dass sich die Seite richtig aufbaut. ich habe hier noch die Text Dateien, die du mir geraten hast. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 01.08.2015 Suchlaufzeit: 08:15:44 Protokolldatei: malware.txt Administrator: Ja Version: 2.1.8.1057 Malware-Datenbank: v2015.07.28.06 Rootkit-Datenbank: v2015.07.22.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Sandra Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 418068 Abgelaufene Zeit: 15 Min., 32 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\privoxy.exe, 1528, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070] Module: 1 PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\mgwz.dll, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], Registrierungsschlüssel: 2 PUP.Optional.SecureWeb.A, HKU\S-1-5-21-891572633-1774761820-252287049-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3C24E2B-C820-4492-9B69-11BF7163F998}, In Quarantäne, [e640cb1c98f2a59115b7d5b59072f709], PUP.Optional.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PrivoxyService, In Quarantäne, [66c09e498802fd3997f8c64291729070], Registrierungswerte: 1 PUM.Bad.Proxy, HKU\S-1-5-21-891572633-1774761820-252287049-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, In Quarantäne, [53d362853c4e1d191c2f6d229e6633cd] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 3 PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\content, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], Dateien: 18 Backdoor.Agent.WD, C:\Users\Sandra\AppData\Local\temp\hp_u_232322.exe, In Quarantäne, [919539ae3d4d2511faf26ce34db34eb2], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\amjob.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\checkproxy.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\config.txt, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\default.action, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\default.filter, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\gmff.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\jswchromium.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\jswchromium64.exe, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\mgwz.dll, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\privoxy.exe, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\privoxy.log, Löschen bei Neustart, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\ssnet.dll, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.PrxySvrRST, C:\Program Files\AFC Secure Net\ssnet64.dll, In Quarantäne, [66c09e498802fd3997f8c64291729070], PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\content\load.js, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\content\overlay.xul, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\chrome.manifest, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], PUP.Optional.SecureWeb, C:\Program Files\Mozilla Firefox\distribution\bundles\aa4ced8e2fd071125336d77819b2512b\install.rdf, In Quarantäne, [ca5cbc2b9eec2a0c845c175d8a7b748c], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 29/07/2015 um 11:49:57
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-09.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Sandra - HOUSEFRAU
# Gestarted von : c:\Users\Sandra\Downloads\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\FileCure
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Program Files\Bench
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\GetPrivate
Ordner Gelöscht : C:\Program Files\MediaPlayerplus
Ordner Gelöscht : C:\Program Files\Jelbrus Secure Web
Ordner Gelöscht : C:\Program Files\AFC Secure Net
Ordner Gelöscht : C:\Program Files\Common Files\Tobit
Ordner Gelöscht : C:\Users\Dean\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Dean\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\apn
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Sandra\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\GetPrivate
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\iWin
Ordner Gelöscht : C:\Users\Sandra\AppData\Roaming\Tobit
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_adbpopomabpienjnifocifondadaogpj_0
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\adbpopomabpienjnifocifondadaogpj
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\system32\RegistryHelperLM.ocx
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Temp\uninstaller.exe
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\pozswhr6.default\user.js
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.searchnu.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Sandra\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.movshare.net_0.localstorage
***** [ Geplante Tasks ] *****
Task Gelöscht : update-sys
Task Gelöscht : AFC Secure Net Task
Task Gelöscht : update-S-1-5-21-891572633-1774761820-252287049-1000
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\System\CurrentControlSet\Services\Eventlog\Application\registry helper service
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422255}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425555}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426655}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424455}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Schlüssel Gelöscht : HKCU\Software\Free Video Converter
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\NetMon
Schlüssel Gelöscht : HKCU\Software\Appscion
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Trymedia Systems
Schlüssel Gelöscht : HKLM\SOFTWARE\Reimage
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\SecureWebChannel
Schlüssel Gelöscht : HKU\.DEFAULT\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AC6E9B2A-A7E6-4B17-8A6C-29D519673E12}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\daemon tools toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MediaPlayerplus
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51105;hxxps=127.0.0.1:51105
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16669
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
-\\ Mozilla Firefox v
-\\ Google Chrome v44.0.2403.107
-\\ Chromium v
[C:\Users\Dean\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
[C:\Users\Sandra\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [12583 Bytes] - [29/07/2015 11:41:39]
AdwCleaner[R1].txt - [12643 Bytes] - [29/07/2015 11:48:40]
AdwCleaner[S0].txt - [11516 Bytes] - [29/07/2015 11:49:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11576 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sandra on 29.07.2015 at 13:01:01,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\System32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\ProgramData\Alawar
Successfully deleted: [Folder] C:\ProgramData\AlawarWrapper
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\users\Public\Documents\alawarwrapper
Successfully deleted: [Folder] C:\Users\Sandra\Appdata\Local\newsoft
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\Alawar
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\AlawarEntertainment
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\getrighttogo
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\newsoft
Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\reviversoft
Successfully deleted: [Folder] C:\Users\Sandra\Documents\my pagemanager
Successfully deleted: [Folder] C:\Users\Sandra\Appdata\Local\21942
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\pozswhr6.default\minidumps [141 files]
~~~ Chrome
[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Sandra\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
booedmolknjekdopkepjjeckmjkdpfgl,
flpcjncodpafbgdpnkljologafpionhb
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2015 at 13:06:47,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
01.08.2015, 15:08
| #10 |
| /// the machine /// TB-Ausbilder | zu hoher Datenverbrauch, MalwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu zu hoher Datenverbrauch, Malware |
| allgemein, alter, anderen, anti, beste, entfernen, formatieren, gespeichert, google, hohe, hoher datenverbrauch, interne, internet, kostenlos, links, malware, malware / spyware, nichts, probleme, programme, recovery, scan, stick, upload, verschiedene, virus, wirklich |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
