|
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.02.2016, 20:37 | #46 |
| Trojaner eingefangen? Ich will ungerne alle persönliche Einstellung von Neuem einstellen. Können wir da nicht irgendwie Ad-Aware rüber laufen lassen. |
16.02.2016, 20:48 | #47 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen? Nö, das haut so nicht hin.
__________________Sichere deine Lesezeichen. Die kannst du ins neue Profil wieder importieren.
__________________ |
16.02.2016, 23:25 | #48 |
| Trojaner eingefangen? Ok, mache ich
__________________ |
16.02.2016, 23:27 | #49 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen? dann mach das mal, maggistar
__________________ Logfiles bitte immer in CODE-Tags posten |
16.02.2016, 23:38 | #50 |
| Trojaner eingefangen? Sorry, für meine dumme Zwischenfrage, aber sowas ist nicht gut, oder? Und das, obwohl ich gar nicht den Internet Explorer nutze, oder? Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\current\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG |
16.02.2016, 23:39 | #51 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen? Das hatten wir doch gefixt Taucht das in neuen/aktuellen Logs wieder auf?
__________________ --> Trojaner eingefangen? |
16.02.2016, 23:50 | #52 |
| Trojaner eingefangen? Jaaaa... das war das hier.... Code:
ATTFilter Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG Ist schon etwas anders.. egal.. ignorier das einfach. Das haben wir gefixt und passt. Es ist nämlich so, nachdem ich von einem sauberen System ausging (Hilfe vom TB). Habe ich Sandboxie intstalliert. Und habe "verdächtige Websiten" unter Sandboxie immer wieder geöffnet. Nun lasse ich dort die Programm überprüfen. Von daher, nicht schlimm, kann ja die Sandboxie wieder löschen. |
17.02.2016, 00:17 | #54 |
| Trojaner eingefangen? Ja, ich versuch es halt ein wenig zu verstehen. Die Hintergründe, welch Internet-Gewohnheiten für Malware sorgt. Malwarebytes hat auch schon einige Funde gemeldet, obwohl es im normalen Fall nichts gefunden hat. |
17.02.2016, 00:20 | #55 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen? Sry aber mit so einem Dünnschiss kann ich nix anfangen Wenn da irgendwo Funde sind: Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.02.2016, 15:04 | #56 |
| Trojaner eingefangen? FRST vom Sandboxie System: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016 durchgeführt von DDDDD CCCCCC (Administrator) auf ARBEITSCOMPUTER (16-02-2016 22:59:36) Gestartet von C:\Users\DDDDD CCCCCC\Desktop Geladene Profile: DDDDD CCCCCC & EEEEEE (Verfügbare Profile: DDDDD CCCCCC & EEEEEE & Versuch) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: Chrome) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe (pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe (© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe () C:\Windows\snuvcdsm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe (Mirko Böer) C:\Program Files (x86)\SSS\SimpleScreenshot.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Microsoft Corporation) C:\Sandbox\DDDDD_CCCCCC\DefaultBox\drive\C\Windows\explorer.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-07-22] (AlcorMicro Co., Ltd.) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation) HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-11] (Egis Technology Inc.) HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2011-11-13] () HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2011-01-13] (Sonix Technology Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-29] (Realtek Semiconductor) HKLM\...\Run: [SNUVCDSM] => C:\Windows\snuvcdsm.exe [30080 2011-01-13] () HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1094736 2009-11-02] (Dritek System Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe HKLM-x32\...\Run: [SimpleScreenshot] => C:\Program Files (x86)\SSS\SIMPLESCREENSHOT.EXE [2255360 2008-02-09] (Mirko Böer) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.) HKU\current\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1454864 2016-02-16] (Lavasoft) HKU\current\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) HKU\current\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1454864 2016-02-16] (Lavasoft) HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll [2009-09-11] (Egis Technology Inc.) ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll [2009-09-11] (Egis Technology Inc.) Startup: C:\Users\DDDDD CCCCCC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2014-09-23] ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-16] (Lavasoft Limited) Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-16] (Lavasoft Limited) Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-16] (Lavasoft Limited) Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-16] (Lavasoft Limited) Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-16] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-16] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-16] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-16] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-16] (Lavasoft Limited) Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-16] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{15EF09C9-CEB0-425C-A5AC-002B19B46047}: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{C020751A-5210-47B5-9035-51239104E46C}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{C10DCD24-BF50-4B4B-B20C-22407FC328C8}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\current\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1242904208-471078349-2963378918-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\current\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\current\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941 HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941 URLSearchHook: [S-1-5-21-1242904208-471078349-2963378918-1003] ACHTUNG => Standard URLSearchHook fehlt SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\current -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms} SearchScopes: HKU\current -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms} SearchScopes: HKU\current -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms} SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms} SearchScopes: HKU\S-1-5-21-1242904208-471078349-2963378918-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation) BHO: Kein Name -> {7e0aaab3-ba7d-4a2d-b1e6-4289ce4d1b1e} -> Keine Datei BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation) BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Keine Datei BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Keine Datei Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\DDDDD CCCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\40txp56o.default-1438981183253 FF Homepage: www.darlina.com FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH) FF Plugin HKU\current: @citrixonline.com/appdetectorplugin -> C:\Users\DDDDD CCCCCC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-31] (Citrix Online) FF Plugin HKU\S-1-5-21-1242904208-471078349-2963378918-1000: @citrixonline.com/appdetectorplugin -> C:\Users\DDDDD CCCCCC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-31] (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-11-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-11-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-11-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-11-11] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-11-11] (Apple Inc.) FF SearchPlugin: C:\Users\DDDDD CCCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\40txp56o.default-1438981183253\searchplugins\bing-lavasoft.xml [2016-02-16] FF Extension: Adblock Plus Pop-up Addon - C:\Users\DDDDD CCCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\40txp56o.default-1438981183253\extensions\adblockpopups@jessehakanen.net.xpi [2015-11-22] FF Extension: ADB Helper - C:\Users\DDDDD CCCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\40txp56o.default-1438981183253\Extensions\adbhelper@mozilla.org [2016-02-05] FF Extension: Valence - C:\Users\DDDDD CCCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\40txp56o.default-1438981183253\Extensions\fxdevtools-adapters@mozilla.org [2016-01-22] FF Extension: Mailvelope - C:\Users\DDDDD CCCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\40txp56o.default-1438981183253\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2015-12-08] FF Extension: NoScript - C:\Users\DDDDD CCCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\40txp56o.default-1438981183253\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-02-16] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-02-16] [ist nicht signiert] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.de/ CHR Profile: C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10] CHR Extension: (Google Drive) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-17] CHR Extension: (YouTube) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-17] CHR Extension: (Adblock Plus) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-05] CHR Extension: (Nanny for Google Chrome (TM)) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno [2015-02-21] CHR Extension: (Google-Suche) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23] CHR Extension: (Google Tabellen) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10] CHR Extension: (Google Docs Offline) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-23] CHR Extension: (Tap the Frog) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldjcjhhmnipmkghmjaebikfolffblpg [2015-12-29] CHR Extension: (Google Mail) - C:\Users\DDDDD CCCCCC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ACHTUNG: => Signaturenvergleich konnte nicht durchgeführt werden. Kryptografischer Dienst läuft nicht. S4 AAV UpdateService; C:\Program Files (x86)\Common Files\AAV\aavus.exe [122880 2007-10-04] () S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.) S4 BotkindSyncService; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [182784 2013-10-10] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) S4 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation) S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company) R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-02-16] (Lavasoft Limited) S4 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-11] (Egis Technology Inc.) S4 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11264 2013-01-24] () R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH) S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () S3 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2417376 2016-01-15] (pdfforge GmbH) S3 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-01-15] (pdfforge GmbH) R2 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-01-15] (pdfforge GmbH) R2 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [959248 2015-10-05] (© pdfforge GmbH.) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC) R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2016-02-16] () S4 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [247152 2010-04-27] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-03] () ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2014-01-30] (Softwareentwicklung Remus - ArchiCrypt - ) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2011-01-13] () R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] () S3 ALSysIO; \??\C:\Users\DANIEL~1\AppData\Local\Temp\ALSysIO64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-16 08:07 - 2016-02-16 08:07 - 00000000 ____D C:\ProgramData\pdfforge 2016-02-16 08:05 - 2016-02-16 08:05 - 00000000 ____D C:\Users\DDDDD CCCCCC\AppData\Roaming\PDF Architect 4 2016-02-16 08:00 - 2016-02-16 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 4 2016-02-16 07:59 - 2016-02-16 08:05 - 00000000 ____D C:\Program Files\PDF Architect 4 2016-02-16 07:59 - 2016-02-16 08:05 - 00000000 ____D C:\Program Files (x86)\PDF Architect 4 2016-02-16 07:59 - 2016-02-16 07:59 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\PDF Architect 2016-02-16 07:58 - 2016-02-16 07:58 - 00000000 ____D C:\ProgramData\PDF Architect 4 2016-02-16 07:57 - 2016-02-16 08:14 - 00000000 ____D C:\Program Files\PDFCreator 2016-02-16 07:57 - 2016-02-16 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator 2016-02-16 07:56 - 2016-02-16 08:56 - 00002920 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini 2016-02-16 07:56 - 2016-02-16 08:56 - 00002920 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini 2016-02-16 07:56 - 2016-02-16 07:56 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll 2016-02-16 07:56 - 2016-02-16 07:56 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll 2016-02-16 07:56 - 2016-02-16 07:56 - 00000000 ____D C:\Users\DDDDD CCCCCC\AppData\Roaming\Lavasoft 2016-02-16 07:56 - 2016-02-16 07:56 - 00000000 ____D C:\Users\DDDDD CCCCCC\AppData\Local\Lavasoft 2016-02-16 07:56 - 2016-02-16 07:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2016-02-16 07:55 - 2016-02-16 07:55 - 00000000 ____D C:\ProgramData\Lavasoft 2016-02-16 07:55 - 2016-02-16 07:55 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2016-02-16 07:46 - 2016-02-16 07:46 - 27005440 _____ (pdfforge GmbH) C:\Users\DDDDD CCCCCC\Downloads\PDFCreator-2_2_2-setup.exe 2016-02-15 12:35 - 2016-02-15 12:35 - 00072872 _____ C:\Users\DDDDD CCCCCC\Desktop\Addition2.txt 2016-02-15 12:29 - 2016-02-16 22:58 - 00041219 _____ C:\Users\DDDDD CCCCCC\Desktop\Addition.txt 2016-02-15 12:27 - 2016-02-16 22:59 - 00028125 _____ C:\Users\DDDDD CCCCCC\Desktop\FRST.txt 2016-02-15 12:06 - 2016-02-15 12:07 - 00008386 _____ C:\Users\DDDDD CCCCCC\Desktop\Fixlog.txt 2016-02-14 17:00 - 2016-02-14 17:00 - 00852720 _____ C:\Users\DDDDD CCCCCC\Desktop\SecurityCheck.exe 2016-02-14 01:38 - 2016-02-14 01:38 - 00000318 _____ C:\Users\DDDDD CCCCCC\Desktop\politica e spettacolo.URL 2016-02-12 20:41 - 2016-02-12 20:41 - 00545282 _____ C:\Users\DDDDD CCCCCC\Downloads\DGB_Flugblatt_RZ.pdf 2016-02-12 20:24 - 2016-02-12 20:24 - 01216707 _____ C:\Users\DDDDD CCCCCC\Downloads\afd-flyer_web.pdf 2016-02-12 12:09 - 2016-01-06 20:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-02-12 12:09 - 2016-01-06 20:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-02-12 12:09 - 2016-01-06 19:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-02-12 11:56 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-02-12 11:56 - 2016-02-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-02-12 11:56 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-02-12 11:56 - 2016-02-06 11:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-02-12 11:56 - 2016-02-06 11:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-02-12 11:56 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-02-12 11:56 - 2016-02-06 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-02-12 11:56 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-02-12 11:56 - 2016-02-06 10:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-02-12 11:56 - 2016-02-06 10:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-02-12 11:56 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-02-12 11:56 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-02-12 11:56 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-02-12 11:56 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-02-12 11:55 - 2016-01-22 21:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-02-12 11:55 - 2016-01-22 21:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-02-12 11:55 - 2016-01-22 07:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-02-12 11:55 - 2016-01-22 07:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-02-12 11:55 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-02-12 11:55 - 2016-01-22 07:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-02-12 11:55 - 2016-01-22 07:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-02-12 11:55 - 2016-01-22 07:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-02-12 11:55 - 2016-01-22 07:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-02-12 11:55 - 2016-01-22 07:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-02-12 11:55 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-02-12 11:55 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-02-12 11:55 - 2016-01-22 07:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-02-12 11:55 - 2016-01-22 07:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-02-12 11:55 - 2016-01-22 07:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-02-12 11:55 - 2016-01-22 07:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-02-12 11:55 - 2016-01-22 07:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-02-12 11:55 - 2016-01-22 07:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-02-12 11:55 - 2016-01-22 07:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-02-12 11:55 - 2016-01-22 07:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-02-12 11:55 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-02-12 11:55 - 2016-01-22 07:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-02-12 11:55 - 2016-01-22 07:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-02-12 11:55 - 2016-01-22 07:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-02-12 11:55 - 2016-01-22 07:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-02-12 11:55 - 2016-01-22 07:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-02-12 11:55 - 2016-01-22 07:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-02-12 11:55 - 2016-01-22 06:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-02-12 11:55 - 2016-01-22 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-02-12 11:55 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-02-12 11:55 - 2016-01-22 06:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-02-12 11:55 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-02-12 11:55 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-02-12 11:55 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-02-12 11:55 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-02-12 11:55 - 2016-01-22 06:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-02-12 11:55 - 2016-01-22 06:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-02-12 11:55 - 2016-01-22 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-02-12 11:55 - 2016-01-22 06:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-02-12 11:55 - 2016-01-22 06:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-02-12 11:55 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-02-12 11:55 - 2016-01-22 06:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-02-12 11:55 - 2016-01-22 06:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-02-12 11:55 - 2016-01-22 06:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-02-12 11:55 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-02-12 11:55 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-02-12 11:55 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-02-12 11:55 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-02-12 11:55 - 2016-01-22 06:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-02-12 11:55 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-02-12 11:55 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-02-12 11:55 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-02-12 11:54 - 2016-01-11 20:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-02-12 11:54 - 2016-01-11 20:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-02-12 11:54 - 2016-01-11 20:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-02-12 11:54 - 2016-01-11 19:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-02-12 11:54 - 2016-01-11 19:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-02-12 11:54 - 2016-01-11 19:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-02-12 11:54 - 2016-01-11 19:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-02-12 11:54 - 2016-01-11 19:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-02-12 11:54 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-02-12 11:54 - 2016-01-11 19:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-02-12 11:54 - 2016-01-11 19:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-02-12 11:54 - 2016-01-11 19:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-02-12 11:54 - 2016-01-11 19:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-02-12 11:54 - 2016-01-11 19:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-02-12 11:54 - 2016-01-11 19:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-02-12 11:54 - 2016-01-11 19:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-02-12 11:54 - 2016-01-07 18:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-02-12 11:54 - 2016-01-07 18:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-02-12 11:54 - 2015-12-20 19:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-02-12 11:54 - 2015-12-20 19:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2016-02-12 11:54 - 2015-12-20 15:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-02-12 11:53 - 2016-01-16 20:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-02-12 11:53 - 2016-01-16 19:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-02-12 11:36 - 2016-01-22 07:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-02-12 11:36 - 2016-01-22 07:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-02-12 11:36 - 2016-01-22 07:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-02-12 11:36 - 2016-01-22 07:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-02-12 11:36 - 2016-01-22 07:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-02-12 11:36 - 2016-01-22 07:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2016-02-12 11:36 - 2016-01-22 07:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-02-12 11:35 - 2016-01-22 07:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-02-12 11:35 - 2016-01-22 07:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-02-12 11:35 - 2016-01-22 07:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-02-12 11:35 - 2016-01-22 07:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-02-12 11:35 - 2016-01-22 07:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-02-12 11:35 - 2016-01-22 07:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-02-12 11:34 - 2016-01-22 07:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-02-12 11:34 - 2016-01-22 07:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-02-12 11:34 - 2016-01-22 07:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-02-12 11:34 - 2016-01-22 07:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-02-12 11:34 - 2016-01-22 07:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-02-12 11:34 - 2016-01-22 07:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-02-12 11:34 - 2016-01-22 07:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-02-12 11:34 - 2016-01-22 06:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-02-12 11:33 - 2016-01-22 07:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-02-12 11:33 - 2016-01-22 07:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-02-12 11:33 - 2016-01-22 07:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-02-12 11:33 - 2016-01-22 07:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-02-12 11:33 - 2016-01-22 07:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-02-12 11:33 - 2016-01-22 07:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-02-12 11:33 - 2016-01-22 07:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-02-12 11:33 - 2016-01-22 07:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-02-12 11:33 - 2016-01-22 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-02-12 11:33 - 2016-01-22 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-02-12 11:33 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-02-12 11:33 - 2016-01-22 07:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-02-12 11:33 - 2016-01-22 07:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 07:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-02-12 11:33 - 2016-01-22 07:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-02-12 11:33 - 2016-01-22 07:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-02-12 11:33 - 2016-01-22 07:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-02-12 11:33 - 2016-01-22 07:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-02-12 11:33 - 2016-01-22 07:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-02-12 11:33 - 2016-01-22 07:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-02-12 11:33 - 2016-01-22 07:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-02-12 11:33 - 2016-01-22 07:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-02-12 11:33 - 2016-01-22 07:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-02-12 11:33 - 2016-01-22 07:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-02-12 11:33 - 2016-01-22 07:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-02-12 11:33 - 2016-01-22 07:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 06:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-02-12 11:33 - 2016-01-22 06:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-02-12 11:33 - 2016-01-22 06:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-02-12 11:33 - 2016-01-22 06:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-02-12 11:33 - 2016-01-22 05:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-02-12 11:33 - 2016-01-22 05:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-02-12 11:33 - 2016-01-22 05:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-02-12 11:33 - 2016-01-22 05:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-02-12 11:33 - 2016-01-22 05:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-02-12 11:33 - 2016-01-22 05:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-02-12 11:33 - 2016-01-22 05:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-02-12 11:33 - 2016-01-22 05:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-02-12 11:33 - 2016-01-22 05:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-02-12 11:33 - 2016-01-22 05:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-02-12 11:33 - 2016-01-22 05:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 05:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 05:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-02-12 11:33 - 2016-01-22 05:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-02-12 11:31 - 2016-01-22 07:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-02-12 11:31 - 2016-01-22 07:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-02-12 11:31 - 2016-01-22 07:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-02-12 11:31 - 2016-01-22 07:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-02-12 11:31 - 2016-01-22 07:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-02-12 11:31 - 2016-01-22 06:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-02-12 11:31 - 2016-01-22 06:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-02-11 20:59 - 2016-02-11 20:59 - 00011455 _____ C:\Users\DDDDD CCCCCC\Desktop\Enza.xlsx 2016-02-11 19:16 - 2016-02-11 19:17 - 01609032 _____ (Malwarebytes) C:\Users\DDDDD CCCCCC\Desktop\JRT.exe 2016-02-11 19:06 - 2016-02-11 19:06 - 01508352 _____ C:\Users\DDDDD CCCCCC\Desktop\AdwCleaner_5.033.exe 2016-02-11 13:41 - 2016-02-11 14:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-02-11 13:40 - 2016-02-11 14:34 - 00000000 ____D C:\Users\DDDDD CCCCCC\Desktop\mbar 2016-02-11 13:39 - 2016-02-11 13:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\DDDDD CCCCCC\Downloads\mbar-1.09.3.1001.exe 2016-02-11 10:08 - 2016-02-11 10:08 - 02370560 _____ (Farbar) C:\Users\DDDDD CCCCCC\Desktop\FRST64.exe 2016-02-10 23:19 - 2015-12-16 19:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2016-02-10 23:19 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2016-02-10 23:19 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2016-02-10 23:19 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2016-02-10 23:19 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2016-02-10 23:19 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2016-02-10 23:19 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2016-02-10 23:19 - 2015-12-16 19:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2016-02-10 23:02 - 2016-02-14 19:45 - 00010453 _____ C:\Users\DDDDD CCCCCC\Desktop\Liste devot-Zirkel.xlsx 2016-02-10 22:59 - 2016-01-16 20:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-02-10 22:59 - 2016-01-16 19:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-02-10 22:59 - 2016-01-11 15:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-02-10 22:59 - 2016-01-11 15:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-02-10 22:59 - 2016-01-11 15:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-02-10 22:59 - 2016-01-11 15:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-02-10 22:59 - 2016-01-11 15:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-02-09 15:59 - 2016-02-09 15:59 - 00549492 _____ C:\Users\DDDDD CCCCCC\Downloads\Einladung.pdf 2016-02-09 15:28 - 2016-02-09 15:28 - 00081885 _____ C:\Users\DDDDD CCCCCC\Downloads\Preisliste 1und1 Mobilfunktarife Handy Flat Bundle A.pdf 2016-02-08 20:51 - 2016-02-08 20:51 - 00078325 _____ C:\Users\DDDDD CCCCCC\Downloads\nwb_export_598152.pdf 2016-02-07 12:58 - 2016-02-07 12:58 - 00041310 _____ C:\Users\DDDDD CCCCCC\Desktop\WEB.DE - Ihre Bestellung 0016001689.pdf 2016-02-07 12:38 - 2016-02-07 12:38 - 00015542 _____ C:\Users\DDDDD CCCCCC\Downloads\invoice_RE179244.pdf 2016-02-07 12:33 - 2016-02-07 12:33 - 00071566 _____ C:\Users\DDDDD CCCCCC\Downloads\RG150243879752.pdf 2016-02-06 14:56 - 2016-02-06 14:56 - 00495837 _____ C:\Users\DDDDD CCCCCC\Downloads\01_bildungszeit_merkbl_besch.pdf 2016-02-06 14:47 - 2016-02-06 14:47 - 00106862 _____ C:\Users\DDDDD CCCCCC\Downloads\Bildungszeitgesetz BW.pdf 2016-02-04 10:34 - 2016-02-04 10:34 - 00662455 _____ C:\Users\DDDDD CCCCCC\Downloads\document(3).pdf 2016-02-03 16:30 - 2016-02-03 16:30 - 00000361 _____ C:\Users\DDDDD CCCCCC\Desktop\Gleichheit ind.URL 2016-02-01 21:33 - 2016-02-01 21:33 - 00000138 _____ C:\Users\DDDDD CCCCCC\Desktop\Neue Internetverknüpfung (4).url 2016-02-01 18:47 - 2016-02-01 19:39 - 05755651 _____ C:\Users\DDDDD CCCCCC\Desktop\Unterlagen.pdf 2016-02-01 13:32 - 2016-02-01 13:32 - 00212663 _____ C:\Users\DDDDD CCCCCC\Downloads\Kontoauszug-1517643373-2016-01(1).pdf 2016-02-01 13:31 - 2016-02-01 13:31 - 00171987 _____ C:\Users\DDDDD CCCCCC\Downloads\Kontoauszug-1517643373-2015-04(1).pdf 2016-02-01 11:41 - 2016-02-01 11:41 - 00212663 _____ C:\Users\DDDDD CCCCCC\Downloads\Kontoauszug-1517643373-2016-01.pdf 2016-01-31 21:47 - 2016-01-31 21:47 - 00000152 _____ C:\Users\DDDDD CCCCCC\Desktop\Neue Internetverknüpfung (3).url 2016-01-31 20:39 - 2016-01-31 20:40 - 00001754 _____ C:\Users\DDDDD CCCCCC\Desktop\chrome.exe - Verknüpfung.lnk 2016-01-31 19:15 - 2016-01-31 19:18 - 00002173 _____ C:\Users\Public\Desktop\SteuerSparErklärung 2016.lnk 2016-01-31 19:15 - 2016-01-31 19:18 - 00002173 _____ C:\ProgramData\Desktop\SteuerSparErklärung 2016.lnk 2016-01-31 19:15 - 2016-01-31 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SteuerSparErklärung 2016 2016-01-30 21:04 - 2016-01-30 21:04 - 04382244 _____ C:\Users\DDDDD CCCCCC\Downloads\Broschüre_Infos zum Urlaub.pdf 2016-01-30 17:37 - 2016-01-30 17:37 - 00000122 _____ C:\Users\DDDDD CCCCCC\Desktop\Neue Internetverknüpfung (2).url 2016-01-29 11:03 - 2016-01-29 11:03 - 00044209 _____ C:\Users\DDDDD CCCCCC\Downloads\20160129-102108693-umsatz.CSV 2016-01-27 09:59 - 2016-01-27 09:59 - 00000246 _____ C:\Users\DDDDD CCCCCC\Desktop\Lehrbuch Buchführung und Bilanzsteuerrecht.URL 2016-01-27 09:50 - 2016-01-27 09:50 - 00000246 _____ C:\Users\DDDDD CCCCCC\Desktop\Fallsammlung Bilanzsteuerrecht.URL 2016-01-27 09:50 - 2016-01-27 09:50 - 00000246 _____ C:\Users\DDDDD CCCCCC\Desktop\Fallsammlung Abgabenordnung.URL 2016-01-27 01:36 - 2016-01-27 01:36 - 00000129 _____ C:\Users\DDDDD CCCCCC\Desktop\Neue Internetverknüpfung.url 2016-01-26 12:46 - 2016-01-26 12:46 - 00048886 _____ C:\Users\EEEEEE\Desktop\ueberweisung-2016-01-21-16-06-32.pdf 2016-01-22 08:48 - 2016-01-22 08:48 - 00751922 _____ C:\Users\DDDDD CCCCCC\Downloads\2015_Entwurf_Regierungsprogramm_SPD_BW_2016-2021.pdf 2016-01-21 16:08 - 2016-01-21 16:08 - 00000000 ____D C:\Users\EEEEEE\AppData\Local\CEF 2016-01-21 15:56 - 2016-01-21 15:56 - 00000000 ____D C:\Users\EEEEEE\AppData\Local\GWX 2016-01-20 08:32 - 2016-01-20 08:32 - 00002981 _____ C:\Users\DDDDD CCCCCC\Desktop\Verknüpfung.lnk 2016-01-19 23:27 - 2016-01-19 23:27 - 00134923 _____ C:\Users\DDDDD CCCCCC\Downloads\scheckderbank.pdf 2016-01-19 22:07 - 2016-01-19 22:07 - 00099740 _____ C:\Users\DDDDD CCCCCC\Downloads\Widerufsbelehrung_Warenlieferungen.pdf 2016-01-19 22:06 - 2016-01-19 22:06 - 00094470 _____ C:\Users\DDDDD CCCCCC\Downloads\Kundeninformationen_SparkassenShop.pdf 2016-01-18 18:28 - 2016-01-18 19:14 - 00007238 _____ C:\Users\DDDDD CCCCCC\Downloads\20160118-101768265-umsatz-gelöscht.csv 2016-01-18 17:57 - 2016-01-18 18:28 - 00063492 _____ C:\Users\DDDDD CCCCCC\Downloads\20160118-101768265-umsatz.CSV 2016-01-18 14:10 - 2016-01-18 14:10 - 00543644 _____ C:\Users\DDDDD CCCCCC\Downloads\Kontoauszug_zum_31_12_2015.pdf 2016-01-18 14:10 - 2016-01-18 14:10 - 00008752 _____ C:\Users\DDDDD CCCCCC\Downloads\Kontoabschluss_zum_31_12_2015(1).pdf 2016-01-18 14:10 - 2016-01-18 14:10 - 00008030 _____ C:\Users\DDDDD CCCCCC\Downloads\Kreditkarten-Abrechnung_vom_11_01_2016.pdf 2016-01-18 14:09 - 2016-01-18 14:10 - 00008507 _____ C:\Users\DDDDD CCCCCC\Downloads\Kontoabschluss_zum_31_12_2015.pdf 2016-01-18 14:09 - 2016-01-18 14:09 - 00007994 _____ C:\Users\DDDDD CCCCCC\Downloads\Kreditkarten-Abrechnung_vom_11_12_2015.pdf 2016-01-18 10:40 - 2016-02-02 18:30 - 00010098 _____ C:\Users\DDDDD CCCCCC\Desktop\Leistungsprinzip.xlsx 2016-01-18 10:01 - 2016-01-18 10:01 - 01624924 _____ C:\Users\DDDDD CCCCCC\Downloads\KdU-L-rrach-LK---2014.pdf 2016-01-17 16:37 - 2016-01-17 16:37 - 00000260 _____ C:\Users\DDDDD CCCCCC\Desktop\Einführung.URL 2016-01-17 11:25 - 2016-01-17 11:25 - 00171987 _____ C:\Users\DDDDD CCCCCC\Downloads\Kontoauszug-1517643373-2015-04.pdf 2016-01-17 11:20 - 2016-01-17 11:20 - 00082140 _____ C:\Users\DDDDD CCCCCC\Downloads\Information_20151231.pdf 2016-01-17 11:20 - 2016-01-17 11:20 - 00020978 _____ C:\Users\DDDDD CCCCCC\Downloads\Extra_Konto_5542439421_Kontoauszug_20160105.pdf 2016-01-17 11:01 - 2016-01-17 11:09 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Träume 2016-01-17 10:55 - 2016-01-17 10:58 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Gesundheit 2016-01-17 10:46 - 2016-01-17 10:46 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Alumni 2016-01-17 10:35 - 2016-01-17 10:35 - 00643652 _____ C:\Users\DDDDD CCCCCC\Downloads\ziele-setzen-new.pdf 2016-01-17 10:29 - 2016-01-17 10:29 - 00290897 _____ C:\Users\DDDDD CCCCCC\Downloads\e-books-zeitmanagement.zip 2016-01-17 10:28 - 2016-01-17 10:28 - 00149984 _____ C:\Users\DDDDD CCCCCC\Downloads\Rechnung_BVQEAQJC_1326813.pdf 2016-01-17 09:38 - 2016-01-17 09:38 - 00130313 _____ C:\Users\DDDDD CCCCCC\Downloads\EU-Info_MdEP Peter Simon_Polen_Rechtsstaatlichkeitsmechanismus.pdf 2016-01-17 09:15 - 2016-01-17 09:15 - 00634373 _____ C:\Users\DDDDD CCCCCC\Downloads\Einladung Besuch Peter Simon.pdf ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-02-16 22:59 - 2016-01-15 11:24 - 00000000 ____D C:\FRST 2016-02-16 22:50 - 2012-09-20 04:21 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-16 22:49 - 2015-11-22 00:15 - 00000334 ____H C:\Windows\SbiePst.dat 2016-02-16 22:48 - 2015-11-29 22:25 - 00001800 _____ C:\Windows\Sandboxie.ini 2016-02-16 22:47 - 2015-05-31 13:23 - 00000628 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1242904208-471078349-2963378918-1000.job 2016-02-16 22:34 - 2015-11-10 11:47 - 00000000 ____D C:\Users\DDDDD CCCCCC\Downloads\Mietobjekt Friedrichstraße 2016-02-16 22:12 - 2015-06-08 16:32 - 00000724 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1242904208-471078349-2963378918-1000.job 2016-02-16 21:43 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-16 21:43 - 2009-07-14 05:45 - 00025840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-16 20:43 - 2012-04-07 11:49 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Finanzen 2016-02-16 19:29 - 2012-09-20 04:21 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-16 18:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-16 18:35 - 2009-07-14 05:45 - 00458328 _____ C:\Windows\system32\FNTCACHE.DAT 2016-02-16 07:58 - 2014-08-25 18:18 - 00120200 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2016-02-16 07:50 - 2013-10-05 08:28 - 01604278 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-02-16 07:50 - 2011-11-14 06:34 - 00702664 _____ C:\Windows\system32\perfh007.dat 2016-02-16 07:50 - 2011-11-14 06:34 - 00151424 _____ C:\Windows\system32\perfc007.dat 2016-02-16 07:50 - 2009-07-14 06:13 - 01604278 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-16 07:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-02-15 13:54 - 2012-03-11 02:08 - 00000000 ____D C:\Program Files (x86)\Java 2016-02-15 12:06 - 2011-11-13 23:28 - 00000000 ____D C:\Program Files (x86)\SIW 2016-02-15 12:06 - 2011-11-13 22:46 - 00000000 ____D C:\Users\DDDDD CCCCCC 2016-02-14 23:38 - 2014-03-23 17:23 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Benutzerdefinierte Office-Vorlagen 2016-02-14 17:57 - 2012-03-25 11:40 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Steuerfälle 2016-02-13 04:42 - 2015-08-07 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-13 04:37 - 2014-05-03 07:02 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-02-13 04:37 - 2009-11-05 01:26 - 00000000 ____D C:\Program Files\Windows Journal 2016-02-13 04:36 - 2014-12-12 20:57 - 00000000 ____D C:\Windows\system32\appraiser 2016-02-13 04:19 - 2014-03-28 22:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2016-02-13 04:13 - 2013-07-13 08:36 - 00000000 ____D C:\Windows\system32\MRT 2016-02-13 03:56 - 2011-11-18 19:58 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-02-13 03:46 - 2009-07-14 03:34 - 00000648 _____ C:\Windows\win.ini 2016-02-12 19:15 - 2011-12-01 21:23 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2016-02-12 19:14 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-02-12 19:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2016-02-12 19:09 - 2009-11-05 04:22 - 00000000 ____D C:\Program Files\Microsoft Office 2016-02-12 10:53 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-02-11 19:06 - 2016-01-15 11:10 - 00000000 ____D C:\AdwCleaner 2016-02-11 13:40 - 2014-08-05 14:08 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-02-10 18:46 - 2015-08-02 16:38 - 00002168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-10 18:41 - 2015-06-08 16:32 - 00003786 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1242904208-471078349-2963378918-1000 2016-02-10 18:41 - 2015-05-31 13:23 - 00003690 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1242904208-471078349-2963378918-1000 2016-02-09 16:56 - 2012-01-01 09:33 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\SZ 2016-02-03 07:45 - 2011-11-13 23:22 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-02-03 07:45 - 2011-11-13 23:22 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-01-31 20:39 - 2014-08-07 20:56 - 03520000 ___SH C:\Users\DDDDD CCCCCC\Desktop\Thumbs.db 2016-01-31 19:14 - 2012-03-25 11:26 - 00000000 ____D C:\Program Files (x86)\Akademische Arbeitsgemeinschaft 2016-01-29 14:01 - 2012-09-22 17:08 - 00000000 ____D C:\Users\DDDDD CCCCCC\AppData\Local\O&O 2016-01-29 11:05 - 2015-08-02 11:00 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Amato CCCCCC 2016-01-26 13:28 - 2015-08-02 11:16 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Politik 2016-01-25 18:58 - 2014-08-05 14:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-21 16:08 - 2012-04-06 13:40 - 00000000 ____D C:\Users\EEEEEE\AppData\Local\Adobe 2016-01-21 16:00 - 2015-04-22 10:39 - 00000000 __SHD C:\Users\EEEEEE\AppData\Local\EmieBrowserModeList 2016-01-21 16:00 - 2014-05-28 13:32 - 00000000 __SHD C:\Users\EEEEEE\AppData\Local\EmieUserList 2016-01-21 16:00 - 2014-05-28 13:32 - 00000000 __SHD C:\Users\EEEEEE\AppData\Local\EmieSiteList 2016-01-21 15:59 - 2015-04-22 10:38 - 00000000 __SHD C:\Users\EEEEEE\AppData\LocalLow\EmieBrowserModeList 2016-01-21 15:59 - 2014-05-28 13:52 - 00000000 __SHD C:\Users\EEEEEE\AppData\LocalLow\EmieUserList 2016-01-21 15:59 - 2014-05-28 13:24 - 00000000 __SHD C:\Users\EEEEEE\AppData\LocalLow\EmieSiteList 2016-01-21 15:56 - 2015-04-22 10:37 - 00002211 _____ C:\Users\EEEEEE\Desktop\Google Chrome.lnk 2016-01-21 15:56 - 2012-03-30 17:59 - 00000000 ____D C:\Users\EEEEEE\AppData\Roaming\SimpleScreenshot 2016-01-19 18:11 - 2016-01-14 04:17 - 00000000 ____D C:\Users\DDDDD CCCCCC\Desktop\CoAsScIt 2016-01-18 13:18 - 2015-12-21 18:24 - 00339588 _____ C:\Users\DDDDD CCCCCC\Documents\Ausbildungszeugnis Noller.pdf 2016-01-17 11:09 - 2015-09-26 18:43 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Karriere 2016-01-17 11:00 - 2012-06-16 16:38 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Selbstmanagement 2016-01-17 10:56 - 2015-10-27 13:07 - 00000000 ____D C:\Users\DDDDD CCCCCC\Documents\Bewerbungen 2015 2016-01-17 08:49 - 2014-09-23 18:09 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-28 07:10 - 2014-07-23 21:30 - 14159872 _____ () C:\Users\DDDDD CCCCCC\AppData\Roaming\Sandra.mdb 2015-01-30 20:51 - 2016-01-14 04:21 - 0000600 _____ () C:\Users\DDDDD CCCCCC\AppData\Roaming\winscp.rnd 2012-04-20 18:28 - 2014-07-07 01:20 - 0006656 _____ () C:\Users\DDDDD CCCCCC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-22 21:07 - 2014-09-22 21:07 - 0001482 _____ () C:\Users\DDDDD CCCCCC\AppData\Local\RecConfig.xml 2016-01-12 11:40 - 2016-01-12 11:40 - 0008232 _____ () C:\Users\DDDDD CCCCCC\AppData\Local\recently-used.xbel 2013-08-12 21:15 - 2015-11-30 09:23 - 0007603 _____ () C:\Users\DDDDD CCCCCC\AppData\Local\Resmon.ResmonCfg 2012-03-31 10:26 - 2012-03-31 10:26 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-11-13 22:53 - 2011-11-13 22:57 - 0008282 _____ () C:\ProgramData\ArcadeDeluxe3.log 2014-09-22 19:19 - 2014-10-06 19:45 - 0008737 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => MD5 ist legitim C:\Windows\system32\wininit.exe => MD5 ist legitim C:\Windows\SysWOW64\wininit.exe => MD5 ist legitim C:\Windows\explorer.exe => MD5 ist legitim C:\Windows\SysWOW64\explorer.exe [2016-02-12 11:31] - [2016-01-22 06:12] - 2973184 ____A (Microsoft Corporation) 2A156D5EBF221EF2A6AE7CE452324DAC C:\Windows\system32\svchost.exe => MD5 ist legitim C:\Windows\SysWOW64\svchost.exe => MD5 ist legitim C:\Windows\system32\services.exe => MD5 ist legitim C:\Windows\system32\User32.dll [2015-12-10 08:23] - [2015-11-10 19:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A C:\Windows\SysWOW64\User32.dll [2015-12-10 08:23] - [2015-11-10 19:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722 C:\Windows\system32\userinit.exe => MD5 ist legitim C:\Windows\SysWOW64\userinit.exe => MD5 ist legitim C:\Windows\system32\rpcss.dll => MD5 ist legitim C:\Windows\system32\dnsapi.dll => MD5 ist legitim C:\Windows\SysWOW64\dnsapi.dll => MD5 ist legitim C:\Windows\system32\Drivers\volsnap.sys => MD5 ist legitim ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden. LastRegBack: 2016-02-09 01:45 ==================== Ende von FRST.txt ============================ |
17.02.2016, 15:08 | #57 |
| Trojaner eingefangen? Additional vom Sandboxie: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-02-2016 durchgeführt von DDDDD CCCCC (2016-02-16 23:00:26) Gestartet von C:\Users\DDDDD CCCCC\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2011-11-13 21:46:57) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1242904208-471078349-2963378918-500 - Administrator - Disabled) DDDDD CCCCC (S-1-5-21-1242904208-471078349-2963378918-1000 - Administrator - Enabled) => C:\Users\DDDDD CCCCC EEEEE (S-1-5-21-1242904208-471078349-2963378918-1003 - Limited - Enabled) => C:\Users\EEEEE Gast (S-1-5-21-1242904208-471078349-2963378918-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1242904208-471078349-2963378918-1002 - Limited - Enabled) Versuch (S-1-5-21-1242904208-471078349-2963378918-1004 - Administrator - Enabled) => C:\Users\Versuch ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH) AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky) Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7112 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 3.0.7112 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.29 - NewTech Infosystems) Acer Crystal Eye webcam Ver:1.1.124.1120 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.124.1120 - Chicony Electronics Co.,Ltd.) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.) Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.2009.1217 - Acer Incorporated) Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.103 - Adobe Systems Incorporated) Akamai NetSession Interface (HKU\current\...\Akamai) (Version: - Akamai Technologies, Inc) Akamai NetSession Interface (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Akamai) (Version: - Akamai Technologies, Inc) Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DBCE1208-433D-4D3E-A26A-CB1B5E71A8F5}) (Version: 1.4.17.35005 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.4.17.35005 - Alcor Micro Corp.) Hidden Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media) AllDup 3.4.24 (HKLM-x32\...\AllDup_is1) (Version: 3.4.24 - Michael Thummerer Software Design) Alle meine Passworte 4.13 (HKLM\...\AllemeinePassworte) (Version: - Mirko Böer) Allway Sync version 12.16.9 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1105 - Alps Electric) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) Apple Application Support (32-Bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) ATI Catalyst Install Manager (HKLM\...\{11F38253-8940-FFDA-D131-B14120C357E4}) (Version: 3.0.754.0 - ATI Technologies, Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Avi2Dvd 0.6.4 (HKLM-x32\...\Avi2Dvd) (Version: 0.6.4 - TrustFm) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Backup Manager Basic (x32 Version: 2.0.0.29 - NewTech Infosystems) Hidden BatteryCare 0.9.10.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.10.0 - Filipe Lourenço) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.03 - Broadcom Corporation) Canon MP160 Benutzerregistrierung (HKLM-x32\...\Canon MP160 Benutzerregistrierung) (Version: - ) ccc-core-static (x32 Version: 2009.1209.2335.42329 - Ihr Firmenname) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP) Chandler 1.0.3 (HKLM-x32\...\Chandler) (Version: 1.0.3 - Open Source Applications Foundation) Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) Citrix Online Launcher (HKLM-x32\...\{6740FE60-43C1-4D15-8C4A-001624134B14}) (Version: 1.0.312 - Citrix) CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version: - ) Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media) Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) EinsteinBrainTrainer (remove only) (HKLM-x32\...\EinsteinBrainTrainer) (Version: - ) Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.) Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.) Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - ) Fiat eco:Drive (HKLM-x32\...\com.fiat.convergence.385E4263E7379A5D22A7076E99B02868EFF10711.1) (Version: 2.0.2 - Fiat Group Automobiles) Fiat eco:Drive (x32 Version: 2.0.2 - Fiat Group Automobiles) Hidden First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation) Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.) Free DVD Video Burner version 3.0.4.426 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: - DVDVideoSoft Limited.) Free System Utilities (HKLM-x32\...\{ad2818b3-1616-4ec8-855d-be6936103e5a}) (Version: 1.1.0.70 - Covus Freemium GmbH) Free SystemUtilities (x32 Version: 1.1.0.70 - Covus Freemium GmbH) Hidden Free YouTube Download version 3.1.37.918 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.37.918 - DVDVideoSoft Ltd.) FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - ) FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version: - ) FRITZ!Box-Fernzugang einrichten (HKLM-x32\...\{EFADD989-D9F2-49F6-A280-675951CC78D3}) (Version: 1.0.3 - AVM Berlin) FrostWire 5.3.5 (HKLM-x32\...\FrostWire 5) (Version: 5.3.5.0 - FrostWire Team) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden GoToMeeting 7.11.1.4419 (HKU\current\...\GoToMeeting) (Version: 7.11.1.4419 - CitrixOnline) GoToMeeting 7.11.1.4419 (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\GoToMeeting) (Version: 7.11.1.4419 - CitrixOnline) Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media) Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation) iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.) Join Air (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - ZTE Corporation) Kassenbuch (HKLM-x32\...\{29531C6B-7B64-4C53-B54A-6C8AB5DE2159}) (Version: 1.0.0 - Office Consult GmbH) K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - ) Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation) Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden MediaHuman YouTube to MP3 Converter Version 3.3 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.3 - ) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 (KB971118) (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971118)) (Version: - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 Language Pack - DEU) (Version: - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation) MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek) Mozilla Firefox 44.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 de)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger) MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.) No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC) Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden O&O Defrag Free Edition (HKLM\...\{C10CAF82-9D36-4D9A-9DC0-C4549F06B519}) (Version: 14.1.431 - O&O Software GmbH) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH) PDF Architect 4 Create Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 Edit Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF Architect 4 View Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden PDF24 Creator 6.8.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.2.2 - pdfforge) pomodairo (HKLM-x32\...\{EEBEA077-AB92-5083-ECB1-C15BD842D00B}) (Version: 1.9 - UNKNOWN) QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.) Random Dresser (HKLM-x32\...\RandomDresser) (Version: - ) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.) RescueTime 2.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com) Restorer2000 3.3 (HKLM-x32\...\Restorer2000_is1) (Version: 3.3 - Bitmart Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC) SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Shutdown Manager (HKLM-x32\...\{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1) (Version: 2.0.7 - Daniel Höllig) SimpleScreenshot 1.40 (HKLM-x32\...\SimpleScreenshot) (Version: - ) SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware) SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\current\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) Spotify (HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.2.2 - Steganos Software GmbH) Steuer-Spar-Erklärung 2008 (HKLM-x32\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft) Steuer-Spar-Erklärung 2009 (HKLM-x32\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag) Steuer-Spar-Erklärung 2010 (HKLM-x32\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.15 - Akademische Arbeitsgemeinschaft Verlag) Steuer-Spar-Erklärung 2011 (HKLM-x32\...\{9F5FD796-86F0-4360-85F8-D54C0F5411EB}) (Version: 16.18 - Akademische Arbeitsgemeinschaft Verlag) Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.15.11 - Wolters Kluwer Deutschland GmbH) Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.11.11 - Wolters Kluwer Deutschland GmbH) SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.14.99 - Akademische Arbeitsgemeinschaft) SteuerSparErklärung 2015 (HKLM-x32\...\{312C0E08-8F94-4536-AAF6-3413F784AC5F}) (Version: 20.38.173 - Akademische Arbeitsgemeinschaft) SteuerSparErklärung 2016 (HKLM-x32\...\{D331D50C-C578-423B-8BC7-94D3133CE315}) (Version: 21.26.65 - Akademische Arbeitsgemeinschaft) Streamripper (Remove only) (HKLM-x32\...\Streamripper) (Version: - ) Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) Time Stamp (HKLM-x32\...\Time Stamp_is1) (Version: - 3.23.2010-0313) TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.0.0 - TP-LINK) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1 - TrueCrypt Foundation) Tunatic (HKLM-x32\...\Tunatic) (Version: - ) Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod) Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) Web Companion (HKLM-x32\...\{d609bf40-fd0b-4de8-9230-41a8d877aea6}) (Version: 2.2.1337.2613 - Lavasoft) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WinPatrol (HKLM\...\{6E575124-6D34-4E65-9375-7D69468A6089}) (Version: 30.9 - BillP Studios) WinRAR 5.10 Beta 4 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH) Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi)) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - ) Zuzahlungsrechner (HKLM-x32\...\{B2C69E77-F209-4B63-8676-4F32B27E162B}) (Version: 3.6.0 - sfr-software-fuers-heim) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {07BC3985-36A5-4D99-B27B-E38C5729B2B2} - kein Dateipfad Task: {0A17BE20-076C-42DA-8F99-A26025333D5F} - System32\Tasks\HP AR Program Upload - c77186144c9e4d9887733fcbfeb43c949342edc65b3a40a69306946f2a856eae => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {0CAEEB6B-A216-4E04-9EA6-AC310639FD8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {1C03E9C3-4B4B-4ACB-A8AB-17B2C42F6D36} - System32\Tasks\HP AR Program Upload - 86702d7e2b234fe0ac4104c075da5675aa9e3e32525c4609a8c1d9652126c508 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {26DA7882-781D-4FC9-B1A5-5F5B1F7227FE} - System32\Tasks\{6A246FB0-E753-4188-9543-22389AB30F4E} => pcalua.exe -a "C:\Users\DDDDD CCCCC\Downloads\Chandler_win_1.0.3.exe" -d "C:\Users\DDDDD CCCCC\Downloads" Task: {38C51694-B081-4739-8E17-069D4A49D4D4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {3EB7AAE6-60CB-4B78-8975-457682CF3EA5} - System32\Tasks\{75A20F51-DAD0-4F5F-919E-84B2AB233F5B} => C:\Windows\system32\msiexec.exe [2015-06-15] (Microsoft Corporation) Task: {40978C8B-1D20-43E6-89F1-B1BA719E581E} - System32\Tasks\HP AR Program Upload - 80a8e838e6934cd8b655baa83b9a353e1c06edcb6d694a43b472cfefd87bcfc5 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {47C46238-A6C4-4C4B-BE85-E6E1425608CB} - System32\Tasks\{144D2C4F-2583-452B-AC74-C64839CF03CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller" -c -hunter Task: {49723E02-558F-4E12-BD48-8ACD6598EC43} - System32\Tasks\HP AR Program Upload - 854d1af6a1324f42910f1f8b74b2b3f41fb51fedf01b43d1a63e88c9a6f21790 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {49CBC918-8A2A-4609-8FE1-B10598EED4E9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {4F5054A0-9B45-41CD-A1AF-E8E908EA051B} - kein Dateipfad Task: {52FE82CE-EC2E-4802-BCC3-4E0421151CFC} - System32\Tasks\{F3B963CB-BFF7-43C8-ADEF-9881996EFE34} => C:\Windows\system32\msiexec.exe [2015-06-15] (Microsoft Corporation) Task: {5A42985A-DC32-4FE1-8210-CA09F67316FC} - System32\Tasks\HPCustPartic.exe_{96420065-3C4E-4B3E-96DB-DB0760F51DDD} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {5B5D6CC7-9FA7-4441-9A09-8A3C4EA669FD} - System32\Tasks\{9B880EC1-DC3B-45D7-A7BB-4E131A7A884F} => pcalua.exe -a "C:\Users\DDDDD CCCCC\Downloads\esetsmartinstaller_enu.exe" -d "C:\Program Files (x86)\Mozilla Firefox" Task: {5E36E04E-9103-452F-BCAB-F7A97A181BA9} - kein Dateipfad Task: {64866665-2887-4986-B09C-B82DCDF4F6A3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {6E788608-033F-4B40-8A06-04D8B880BF59} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {6F61F570-5E3C-435D-A94A-B946F777D874} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {739C86AB-D488-4894-A94A-E1C873D935C4} - System32\Tasks\{239C0599-E784-4910-B228-5D5AB8D346A6} => pcalua.exe -a "C:\Users\DDDDD CCCCC\Downloads\HiJackThis204.exe" -d "C:\Program Files (x86)\Mozilla Firefox" Task: {786DB5A0-25AD-4CDC-BB7E-97656C616113} - System32\Tasks\HP AR Program Upload - 1f34e1c96e2441c2954c4ee9bad5d9a7c0a8147dcd0a401485574ee6cc4342d5 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {792B72B2-C51B-4379-B2AA-007529DB50F0} - System32\Tasks\{8D77E667-A31C-4EB4-B209-1E559B732CBC} => pcalua.exe -a "C:\Program Files (x86)\Canon\IJEREG\MP160\UNINST.EXE" Task: {7AEAE564-35D2-434E-8BC2-12BF5BC672DE} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {7EED0456-B087-4708-8496-6474B917CECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {92533B9B-37E7-4E54-B7DE-F8B0B255CFEE} - System32\Tasks\{4781B96F-C3F4-45CF-AB6F-C64C9AD3E88D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{319D91C6-3D44-436C-9F79-36C0D22372DC}\setup.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK" -c -runfromtemp -removeonly Task: {A1D835EF-9220-45A2-811E-2CA5B38166BF} - System32\Tasks\hpUrlLauncher.exe_{4AF7A75F-FDE8-41B8-80D9-5C3EBC32D019} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe Task: {A2488771-C70F-410B-ACC7-0C57087007C2} - System32\Tasks\HP AR Program Upload - 35705e1cf9504357848dc302c9669a5caa95e00a3e9f4a8d9f6ab1f8a3caa919 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {A8E85CF5-280D-463A-87FA-085DDBCDF6B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {AF156AF7-2B72-4B10-B090-D2D798801847} - kein Dateipfad Task: {B608EBAA-A759-44B4-B758-5C039701BB1D} - System32\Tasks\G2MUpdateTask-S-1-5-21-1242904208-471078349-2963378918-1000 => C:\Users\DDDDD CCCCC\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe [2016-02-10] (Citrix Online, a division of Citrix Systems, Inc.) Task: {B7A342C6-6ABF-492E-9250-2C92CB583846} - System32\Tasks\{A2A68590-5CAE-4C98-8B98-D18CC5E4C073} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -c -runfromtemp -l0x407 -removeonly Task: {BBBF9E37-C1CD-4CF0-A783-CE021D6D2928} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd) Task: {CEC1E5A2-A76F-44EE-9FEE-28EAFF802B43} - kein Dateipfad Task: {D3C8250E-FAC7-4C67-A7FE-89F284D7F2B0} - System32\Tasks\G2MUploadTask-S-1-5-21-1242904208-471078349-2963378918-1000 => C:\Users\DDDDD CCCCC\AppData\Local\Citrix\GoToMeeting\4419\g2mupload.exe [2016-02-10] (Citrix Online, a division of Citrix Systems, Inc.) Task: {E36CA599-B047-467B-99AF-5E380AFECE05} - System32\Tasks\{AC797CD7-B058-4AC8-84B2-B2307D6AFF9B} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe Task: {E85DBE85-E344-4E48-A05A-ACF97445121F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {F108FC97-F5B0-4510-9C8E-EB2E8F5AE0EA} - System32\Tasks\HP AR Program Upload - aa75a83ba0e54f469f9229056b3523d0eb35faeb3e174ec898b456f50bbc2c60 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {F30712C0-5F79-4616-BFEE-8D27E1822469} - System32\Tasks\{581487AC-8AAF-40E1-A997-6B8519F0C5EC} => C:\Program Files (x86)\Chandler1.0.3\chandler.exe Task: {FC0397BA-8222-41E7-836D-453BA55E74DB} - System32\Tasks\{2E665153-C229-4C02-9699-2F4EF08B1807} => pcalua.exe -a C:\Users\DANIEL~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Program Files (x86)\Mozilla Firefox" (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1242904208-471078349-2963378918-1000.job => C:\Users\DDDDD CCCCC\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1242904208-471078349-2963378918-1000.job => C:\Users\DDDDD CCCCC\AppData\Local\Citrix\GoToMeeting\4419\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2011-01-13 09:04 - 2011-01-13 09:04 - 00030080 _____ () C:\Windows\snuvcdsm.exe 2011-11-13 22:52 - 2011-11-13 22:51 - 00200704 _____ () C:\Windows\PLFSetI.exe 2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-11-13 21:44 - 2011-11-13 21:44 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-12-28 14:38 - 2014-04-22 19:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00118032 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00049936 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00275216 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll 2016-02-16 07:55 - 2016-02-16 07:55 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7865 mehr Seiten. IE trusted site: HKU\current\...\localhost -> localhost IE trusted site: HKU\current\...\google.com -> hxxps://www.google.com IE trusted site: HKU\current\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\current\...\007guard.com -> install.007guard.com IE restricted site: HKU\current\...\008i.com -> 008i.com IE restricted site: HKU\current\...\008k.com -> www.008k.com IE restricted site: HKU\current\...\00hq.com -> www.00hq.com IE restricted site: HKU\current\...\010402.com -> 010402.com IE restricted site: HKU\current\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\current\...\01i.info -> 01i.info IE restricted site: HKU\current\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\current\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\current\...\0411dd.com -> 0411dd.com IE restricted site: HKU\current\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\current\...\05p.com -> 05p.com IE restricted site: HKU\current\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\current\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\current\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\current\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\current\...\0calories.net -> 0calories.net IE restricted site: HKU\current\...\0cj.net -> 0cj.net IE restricted site: HKU\current\...\0scan.com -> www.0scan.com IE restricted site: HKU\current\...\1-2005-search.com -> www.1-2005-search.com Da befinden sich 12656 mehr Seiten. IE trusted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\sklavenzentrale.com -> hxxps://www.sklavenzentrale.com IE trusted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\webcompanion.com -> hxxp://webcompanion.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1242904208-471078349-2963378918-1000\...\1-2005-search.com -> www.1-2005-search.com Da befinden sich 12656 mehr Seiten. ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-11-28 15:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\current\Control Panel\Desktop\\Wallpaper -> C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-1242904208-471078349-2963378918-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DDDDD CCCCC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\Services: AAV UpdateService => 2 MSCONFIG\Services: AcrSch2Svc => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AgereModemAudio => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Avira.ServiceHost => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: BotkindSyncService => 2 MSCONFIG\Services: ePowerSvc => 2 MSCONFIG\Services: FoxitCloudUpdateService => 2 MSCONFIG\Services: Greg_Service => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: IAANTMON => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NoIPDUCService4 => 2 MSCONFIG\Services: NTI IScheduleSvc => 2 MSCONFIG\Services: NTIBackupSvc => 3 MSCONFIG\Services: NTISchedulerSvc => 2 MSCONFIG\Services: PassThru Service => 2 MSCONFIG\Services: PDF Architect Helper Service => 2 MSCONFIG\Services: PDF Architect Service => 2 MSCONFIG\Services: RS_Service => 2 MSCONFIG\Services: SandraAgentSrv => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TeamViewer9 => 2 MSCONFIG\Services: TomTomHOMEService => 2 MSCONFIG\Services: TurboBoost => 3 MSCONFIG\Services: UNS => 2 MSCONFIG\Services: Updater Service => 2 MSCONFIG\Services: YahooAUService => 2 MSCONFIG\startupfolder: C:^Users^DDDDD CCCCC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: adm_tray.exe => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe MSCONFIG\startupreg: APSDaemon => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe MSCONFIG\startupreg: Eraser => "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart MSCONFIG\startupreg: HP Photosmart 5520 series (NET) => "C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN45U712HT0602:NW" -scfn "HP Photosmart 5520 series (NET)" -AutoStart 1 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [TCP Query User{2701F01B-8DB1-44D8-BAEF-2FF0B9F93EDD}C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{3A7E9C3E-D4C7-48C7-A391-916DE6E2496B}C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe FirewallRules: [TCP Query User{429D326F-119D-42DE-9528-91755511646A}C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe FirewallRules: [TCP Query User{46F06FB8-4B9E-4BF0-83DC-FBA66CDC6D60}C:\program files (x86)\frostwire 5\frostwire.exe] => (Allow) C:\program files (x86)\frostwire 5\frostwire.exe FirewallRules: [TCP Query User{7704F62E-74F8-4D12-9FE4-7EA6AE97FDA0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [TCP Query User{789C5BCF-BF2A-4E31-88CF-D6EFB5B1DF6D}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [TCP Query User{8FFE3C7D-5A93-4B41-B0F4-E325ED17CCDB}C:\program files (x86)\fontforge\bin\xming-6.9.0.31\xming.exe] => (Allow) C:\program files (x86)\fontforge\bin\xming-6.9.0.31\xming.exe FirewallRules: [TCP Query User{A2F9BF40-3393-4EC2-8DA0-420EF01F5993}C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{A54A0D33-DF2F-49CB-8495-80AD34FE8F06}C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{F6B32B8C-EC0E-4B28-9287-B8C519D8E6A4}C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe FirewallRules: [TCP Query User{FCCC8F95-3F2A-4B10-875F-AD388712025D}C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{01EB00A5-90E5-4670-977B-0F28C0908837}C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{10A2E470-BCA4-476F-82B8-E7D160C7559D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{19975A45-5B6C-42AC-9064-EA0F0A265577}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{377BF4C2-21A9-4FB1-8FE0-09E6115EA045}C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicatorcom.exe FirewallRules: [UDP Query User{626DC18D-4E5B-4E02-B6A7-6EC7BF6BD3BD}C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{7EE6B8EC-3BFF-4024-A5E1-9CA0CBE1D3CD}C:\program files (x86)\frostwire 5\frostwire.exe] => (Allow) C:\program files (x86)\frostwire 5\frostwire.exe FirewallRules: [UDP Query User{ABF40A86-7B5D-4716-8585-0AF97F15FF48}C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe FirewallRules: [UDP Query User{BC63BC49-AEE1-4951-9DDE-0DFBE64087D7}C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E6C65721-F9E0-49EA-9A8D-95FFA2AEFC72}C:\program files (x86)\fontforge\bin\xming-6.9.0.31\xming.exe] => (Allow) C:\program files (x86)\fontforge\bin\xming-6.9.0.31\xming.exe FirewallRules: [UDP Query User{E75C2282-F4D3-4F6F-8301-ECCEDDF36668}C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\DDDDD CCCCC\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{E9C7FC32-FF19-44FD-8635-A3BA8CD46B37}C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe FirewallRules: [{0FF02937-71C3-4FD9-943E-5B8F638932CA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{14725361-11B8-4940-8660-7136E5159A03}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{15C2C52F-DF67-4663-808F-3E4D9859AAA1}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{2DD2C0FC-3533-4461-8312-FDD2047234E5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2F8384AD-2F6B-4B31-88C7-53EF69725ADE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{303F0A3A-B115-44F8-8751-D8EB368F329B}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS25D4\HPDiagnosticCoreUI.exe FirewallRules: [{3C4BA469-7267-437B-AD8B-7AC77EE65F1E}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS2F8C\HPDiagnosticCoreUI.exe FirewallRules: [{3F81BC3A-0F0F-43D7-982C-DFA12A366C07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{48226463-F9DD-4B9B-83E7-3D5304D1B9CF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{532791CB-D66E-4800-8AAD-BA957B3BEA69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{585AA0A3-FEAB-49EE-8D2A-6EE98CD9E875}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5C8B7C06-3841-4840-BD0D-313E742A4244}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{61231B20-AE19-4104-BD42-59E5E8484A82}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{69093685-5CA7-470B-9A69-A7A5F4C06DEB}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS552E\hppiw.exe FirewallRules: [{6CDC8BAB-AF8D-4FA9-A2AF-7859D699AA25}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{6F272B60-B08E-4EF7-B0BC-884D722D3E80}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\WNt500x64\RpcSandraSrv.exe FirewallRules: [{6F8DFB34-DB3F-4955-A97D-7BEE7F52E424}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS2F8C\HPDiagnosticCoreUI.exe FirewallRules: [{73717DCA-EC2F-4602-B416-A92D4B1B99DF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{7668C84C-C1E4-403B-BB83-EB4AACFA5A62}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{8217D1D4-D0FD-41BB-8663-23F689A06660}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS25D4\HPDiagnosticCoreUI.exe FirewallRules: [{8667E163-0B78-401F-9C11-97AA00BD7EBB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8EA0D240-4A70-4039-AAD5-A14B13CCED5D}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS470A\HPDiagnosticCoreUI.exe FirewallRules: [{917F6B0F-9BD5-4274-90B7-1CF9BEA30EAA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{96F570C0-0D0E-4C28-8C4B-8A038047177F}] => (Allow) LPort=1688 FirewallRules: [{990EDDAD-40E9-4250-BA29-DCCBCC8822FB}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{9CADF699-7FBE-4AE5-9A2C-2FCA5D49FE6B}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS552E\hppiw.exe FirewallRules: [{9DD0BC8F-FCCD-4949-B7C6-8657BE07FF54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AC5B506A-A443-46A1-B62C-1EAA0BF2ACBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AF2AF2CB-3771-44A7-88BC-A02A46E0F5AA}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS470A\HPDiagnosticCoreUI.exe FirewallRules: [{B7E6E726-5025-494C-875B-C2B48E3DBB88}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{CC26E933-124D-4250-A618-B0269C603F01}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2a\RpcAgentSrv.exe FirewallRules: [{CECC61E8-3278-4175-9AF4-BDF8D8327F6D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{D3D7C14B-0E57-4219-AC78-23797316D1C4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{DA8B6329-656C-4DE8-B608-C1A7725A364E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DB0EC775-61B3-4D33-BF1B-DDD3C08A593F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E14B1E9F-BDF7-48D5-A58D-69D940C69E9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E23214BB-2D94-46BF-A2F2-593E6E4C3AE1}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe FirewallRules: [{E5A8989A-886D-4ED6-9C7B-03A297C01F04}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS1D89\hppiw.exe FirewallRules: [{F274E59B-CCB4-4F79-904E-924A6A34FDD0}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{F5E55556-ECA7-40D3-B2F0-570593F1B3F5}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Local\Temp\7zS1D89\hppiw.exe FirewallRules: [{F9EDFF34-0567-4CEA-BF90-323AAFB5D000}] => (Allow) C:\Users\DDDDD CCCCC\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{FA096118-978C-4F2F-AEEA-A2BDCBF1345A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{FBC51609-58D2-41C3-8088-D41B714E1DD7}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe ==================== Wiederherstellungspunkte ========================= Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI. ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Systemfehler: ============= ==================== Speicherinformationen =========================== Prozessor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Prozentuale Nutzung des RAM: 64% Installierter physikalischer RAM: 3956.5 MB Verfügbarer physikalischer RAM: 1386.14 MB Summe virtueller Speicher: 7911.21 MB Verfügbarer virtueller Speicher: 5056.33 MB ==================== Laufwerke ================================ Drive c: (ACER) (Fixed) (Total:290.05 GB) (Free:69.43 GB) NTFS Drive d: (DATA) (Fixed) (Total:290.4 GB) (Free:289.36 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 6D48B855) Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=290.4 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ============================ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 16.02.2016 Suchlaufzeit: 23:22 Protokolldatei: Malwarebytes Anti-Malware_Sandy.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2016.02.16.06 Rootkit-Datenbank: v2016.02.08.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: DDDDD CCCCCCC Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 482193 Abgelaufene Zeit: 44 Min., 33 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 2 PUP.Optional.Hicosmea, HKCU\SOFTWARE\CLASSES\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}, , [8cdae0815d3cae88ba4c5c70bf44fe02], PUP.Optional.Conduit, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [491d124f980155e1c813c11816edac54], Registrierungswerte: 2 PUP.Optional.Conduit, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURL, http://www.bing.com/search?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}, , [491d124f980155e1c813c11816edac54] PUP.Optional.Conduit, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}, , [5c0ae67b73265cdaab30eaefc340dd23] Registrierungsdaten: 1 PUP.Optional.Conduit, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.bing.com/?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941, Gut: (www.google.com), Schlecht: (http://www.bing.com/?pc=COSP&ptag=D021616-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941),,[ec7a77ead0c9c571f0591ec99f6540c0] Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
17.02.2016, 15:21 | #58 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen? das ist doch nur Reste-Müll in der Registry. Sinnigerweise musst du die Funde auch entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
18.02.2016, 08:55 | #59 |
| Trojaner eingefangen? Ist es eigentlich normal, das ESET so lange braucht? Ich lass das nämlich auch grad auf Sandboxie laufen. Und es bleibt schon seit ne ganze Weile auf 39 %, läuft aber, was die Dateien angeht. Gesamtdauer der Prüfung: 20:39:44 Also ich habe ESET laufen lassen (im Sandboxie). Und da scheint er infizierter zu sein. Aber das ist nicht so wichtig. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=19554 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-07 11:14:15 # local_time=2014-08-08 01:14:15 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 14959 151952429 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 42233 159083105 0 0 # scanned=265 # found=1 # cleaned=0 # scan_time=55 sh=C84182A0079B88D923BF936CC788C5B4B46AF482 ft=1 fh=ce39f3e3774c393e vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$R7TUY4P.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=19835 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-08-26 05:27:21 # local_time=2014-08-26 07:27:21 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 49001 153530015 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 37433 160660691 0 0 # scanned=265829 # found=11 # cleaned=0 # scan_time=31318 sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe" sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\.frostwire5\updates\frostwire-5.6.2.windows.exe" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Downloads\PDFCreator-1_7_3_setup(1).exe" sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Downloads\PDFCreator-1_7_3_setup.exe" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\EEEEE\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=21329 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2014-11-30 10:05:21 # local_time=2014-11-30 11:05:21 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 68538 161841095 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 137883 168971771 0 0 # scanned=201326 # found=11 # cleaned=0 # scan_time=41366 sh=BD2752141740654CD9FA4FC44BC5874D57B3642E ft=1 fh=5cdb06fd3465f210 vn="Variante von Win32/InstallCore.RA evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1242904208-471078349-2963378918-1000\$RIJ9WQK.exe" sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe" sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\.frostwire5\updates\frostwire-5.6.2.windows.exe" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=D3950C59BE2BD5572C4BD63ACED4443CC7E41579 ft=0 fh=0000000000000000 vn="Variante von WMA/TrojanDownloader.GetCodec.gen Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\EEEEE\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=22329 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-02-06 12:14:42 # local_time=2015-02-06 01:14:42 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 20269 167680856 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 20163 174811532 0 0 # scanned=309128 # found=58 # cleaned=0 # scan_time=12586 sh=1B9445EF3BD4D79AF91C32CB60F5BE9161F8B2EB ft=1 fh=2be33240f1c467c0 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\mybestofferstoday_widget.exe.vir" sh=816B192DE1364CFFC89107738057FF671D635B9C ft=1 fh=4adc5297c803b826 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=378B85C2B314BE9C44F853F3F5988F6835984B74 ft=1 fh=ce49ebd9eb2bc48e vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir" sh=3A409A328F4652D94BEE9D043E81DACF196E7DBD ft=1 fh=237d68fa70f7d8fc vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir" sh=DC9B213AE23010EEFE29B3C18C11248334CCDA1F ft=1 fh=bdea575b52a6fe95 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=1153CC7084A7DD1DDC36CAEDB8C586498BA88E4B ft=1 fh=2ead2e1a342ba75e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir" sh=CCB85D18513F5ACCFEDA574B270B482829C64F2C ft=1 fh=e2e2ab3683b2c444 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir" sh=2B924EF9E9738396D8FEFFD7F393FDC1926ACB8E ft=1 fh=4db8efae5a044c81 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir" sh=09C3C95516BF1A320F48BDCBB3579762F997721A ft=1 fh=89cf0c8724a77af8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir" sh=4E9900A77AF999BEF32D6B304219ACDB149978F8 ft=1 fh=8fdbb58d928290a9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir" sh=1BB5AC385EB6B2BF403790D191E80B35387404DD ft=1 fh=5b1c558bf768d504 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir" sh=2C8C3D72943E9F8EBF7FCF0E0D70D66F823B8F49 ft=1 fh=ad3082de8668fb4a vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir" sh=7C58FA8408975F221BF93238F67AD1B96859EE9C ft=1 fh=8ed56cb492085512 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll.vir" sh=7C58FA8408975F221BF93238F67AD1B96859EE9C ft=1 fh=8ed56cb492085512 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\2vSp3hYxFkuiwN.x64.dll.vir" sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb\content.js.vir" sh=ADA9FE6B3255D8E5CC8ABC05094FE8F3C5CEC2E5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb\Z.js.vir" sh=DFB26192F2AC7F0D034024989839F63542D4F40A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com\extensionData\plugins\91.js.vir" sh=DFB26192F2AC7F0D034024989839F63542D4F40A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\91.js.vir" sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net\content\bg.js.vir" sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu\content\bg.js.vir" sh=5C2AF274C2BB1CC81F0D36C71F94C7004D46FEB2 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir" sh=F2251A7A386675FE43902ADC0525D33672C8BB84 ft=1 fh=e069b17bc5bd2e6a vn="Win32/VOPackage.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\VOPackage\VOPackage.exe.vir" sh=D3D71D4E9157031CF4E36D72F0DFB2170530223A ft=1 fh=3aa89bd270bdbd1e vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\PROGRAM Files\COMMON files\System\SysMenu.dll.xBAD" sh=3C4DBE5B2797E189DB67FE266CE84BE90B3AEB58 ft=1 fh=c24890e54943dc65 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe.xBAD" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\FMLW.xBAD" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\MLSC.xBAD" sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\NWAUR.xBAD" sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\UHTQPK.xBAD" sh=5A4C8C7391C5F7A7D85C1C86AD9A9DFDC1B5994C ft=1 fh=461d9be2f02a5bb1 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Common Files\System\SysMenu64.dll" sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe" sh=F90B3223684DEAAE59E0D371CCA318834695FEBE ft=1 fh=e2bb850c8e277c01 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\SIW\siw.exe" sh=A8B41A00A882E5DF634641E3513CF5B7456918B8 ft=1 fh=3b340c1a45bfd8b7 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a\3e7d90a7-d362-46a9-a145-3ee08200dffd.dll.vir" sh=4E043603B90EE544A5B36BE8E8B04CB84313F624 ft=1 fh=de082fb1cb22794f vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\74ac0708-eebd-4d53-83f6-7f4779f2f294.dll.vir" sh=4E043603B90EE544A5B36BE8E8B04CB84313F624 ft=1 fh=de082fb1cb22794f vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\878e2246-8f7a-48fe-89f9-845dc6abbab7.dll.vir" sh=A8B41A00A882E5DF634641E3513CF5B7456918B8 ft=1 fh=3b340c1a45bfd8b7 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Acer\38307773-d954-48f2-8127-93df0ea63e4a.dll.vir" sh=126D4F1D231AB4D5906103610A520ADD20CCAB75 ft=1 fh=2c9d015a54b3c263 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Acer\ed55547d-8d98-4039-96d9-00407eb30671.dll.vir" sh=126D4F1D231AB4D5906103610A520ADD20CCAB75 ft=1 fh=2c9d015a54b3c263 vn="Variante von Win32/Toolbar.CrossRider.BM evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671\ca846dc2-84dd-4e20-94fa-902a5cafe3c0.dll.vir" sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\extensions\obdejhodejngcbmkiddfjkieejekbfil\242\content.js.vir" sh=2BD44CFD0C6A2225FCF4370A79C3DA169BAAC900 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\extensions\obdejhodejngcbmkiddfjkieejekbfil\242\GuJbTt1.js.vir" sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\EEEEE\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\content\bg.js.vir" sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\EEEEE\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\content\bg.js.vir" sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\content\bg.js.vir" sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\content\bg.js.vir" sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\.frostwire5\updates\frostwire-5.6.2.windows.exe" sh=705EBCEF56D051A6D6D6356F237201A8448026E0 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\96D59457AFA822A33B5B5ED391A55E16768E6472" sh=37AEC73BCA6A4AD82D0DA871ECD72CD8B8A73904 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4" sh=D6092490B8B905B9058227DF77C38386F2E22BAA ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=D3950C59BE2BD5572C4BD63ACED4443CC7E41579 ft=0 fh=0000000000000000 vn="Variante von WMA/TrojanDownloader.GetCodec.gen Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll" sh=EE170263EA037C877EE979B8863D2EBA5D86D318 ft=1 fh=7109b40decc7c204 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\EEEEE\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe" sh=A8BF6CBF1947DF4A1E73B0A6670CBBCB4BD87E21 ft=1 fh=215be700359ffcb7 vn="Variante von Win32/Adware.PicColor.C Anwendung" ac=I fn="C:\Windows\System32\ColorMedia.dll" sh=A8BF6CBF1947DF4A1E73B0A6670CBBCB4BD87E21 ft=1 fh=215be700359ffcb7 vn="Variante von Win32/Adware.PicColor.C Anwendung" ac=I fn="C:\Windows\SysWOW64\ColorMedia.dll" esets_scanner_update returned -1 esets_gle=1 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2015-08-07 09:30:18 # local_time=2015-08-07 11:30:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25178 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=updated # utc_time=2015-08-07 09:33:13 # local_time=2015-08-07 11:33:13 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=25178 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-07 11:51:36 # local_time=2015-08-08 01:51:36 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 9610 190621346 0 0 # scanned=325651 # found=57 # cleaned=57 # scan_time=8302 sh=1B9445EF3BD4D79AF91C32CB60F5BE9161F8B2EB ft=1 fh=2be33240f1c467c0 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mbot_de_481\mybestofferstoday_widget.exe.vir" sh=816B192DE1364CFFC89107738057FF671D635B9C ft=1 fh=4adc5297c803b826 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir" sh=378B85C2B314BE9C44F853F3F5988F6835984B74 ft=1 fh=ce49ebd9eb2bc48e vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir" sh=3A409A328F4652D94BEE9D043E81DACF196E7DBD ft=1 fh=237d68fa70f7d8fc vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir" sh=DC9B213AE23010EEFE29B3C18C11248334CCDA1F ft=1 fh=bdea575b52a6fe95 vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir" sh=1153CC7084A7DD1DDC36CAEDB8C586498BA88E4B ft=1 fh=2ead2e1a342ba75e vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir" sh=CCB85D18513F5ACCFEDA574B270B482829C64F2C ft=1 fh=e2e2ab3683b2c444 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir" sh=2B924EF9E9738396D8FEFFD7F393FDC1926ACB8E ft=1 fh=4db8efae5a044c81 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir" sh=09C3C95516BF1A320F48BDCBB3579762F997721A ft=1 fh=89cf0c8724a77af8 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir" sh=4E9900A77AF999BEF32D6B304219ACDB149978F8 ft=1 fh=8fdbb58d928290a9 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir" sh=1BB5AC385EB6B2BF403790D191E80B35387404DD ft=1 fh=5b1c558bf768d504 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir" sh=2C8C3D72943E9F8EBF7FCF0E0D70D66F823B8F49 ft=1 fh=ad3082de8668fb4a vn="Variante von Win32/Conduit.SearchProtect.Y evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir" sh=7C58FA8408975F221BF93238F67AD1B96859EE9C ft=1 fh=8ed56cb492085512 vn="Variante von Win64/Adware.MultiPlug.I Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\unissales\9vFbOLvEX4RE1d.x64.dll.vir" sh=7C58FA8408975F221BF93238F67AD1B96859EE9C ft=1 fh=8ed56cb492085512 vn="Variante von Win64/Adware.MultiPlug.I Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\2vSp3hYxFkuiwN.x64.dll.vir" sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb\content.js.vir" sh=ADA9FE6B3255D8E5CC8ABC05094FE8F3C5CEC2E5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\hakphkngdipbpbhaokjpjfdbiipknffb\Z.js.vir" sh=C28D6F91FD875DD0C2DB97F25BBAF791F5D1F88E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com\chrome\content\core\c0cdefe7de1a56a2409f82e5fabc5a1e.js.vir" sh=DFB26192F2AC7F0D034024989839F63542D4F40A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com\extensionData\plugins\91.js.vir" sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\21.js.vir" sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\28.js.vir" sh=DFB26192F2AC7F0D034024989839F63542D4F40A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com\extensionData\plugins\91.js.vir" sh=728D952AC1492F8331E2ED29921D5DDB8658697A ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\fftoolbar2014@etech.com\chrome\content\toolbar.js.vir" sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\wq@P.net\content\bg.js.vir" sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\Za7@Ky.edu\content\bg.js.vir" sh=5C2AF274C2BB1CC81F0D36C71F94C7004D46FEB2 ft=0 fh=0000000000000000 vn="JS/ShopperPro.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir" sh=4CF9EF4D739C2F8A1F3909A2720274527EC29E1F ft=1 fh=c71c001143f2d9bd vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\omiga-plus\UninstallManager.exe.vir" sh=05FC70FCA7CCDB54CE3D6778AEADB58A32431BB2 ft=1 fh=704d2e4b074cd8f4 vn="Win32/Adware.ConvertAd.AQ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\VOPackage\Uninstall.exe.vir" sh=F2251A7A386675FE43902ADC0525D33672C8BB84 ft=1 fh=e069b17bc5bd2e6a vn="Variante von Win32/Adware.ConvertAd.KZ.gen Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\VOPackage\VOPackage.exe.vir" sh=2B4568A6B72ABCA0C07398E1C34B402D27FD324F ft=1 fh=cdbeb0c3ff7c0f92 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\abengine.dll.vir" sh=D3D71D4E9157031CF4E36D72F0DFB2170530223A ft=1 fh=3aa89bd270bdbd1e vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\PROGRAM Files\COMMON files\System\SysMenu.dll.xBAD" sh=5A4C8C7391C5F7A7D85C1C86AD9A9DFDC1B5994C ft=1 fh=461d9be2f02a5bb1 vn="Variante von Win32/SBWatchman.D evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\PROGRAM Files\COMMON files\System\SysMenu64.dll.xBAD" sh=3C4DBE5B2797E189DB67FE266CE84BE90B3AEB58 ft=1 fh=c24890e54943dc65 vn="Variante von Win32/SpeedBit.F evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Installer\Install_24189\DCytdieamo_amodc_setup.exe.xBAD" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Neuer Ordner (3)\Neuer Ordner1\alte Dateien\Tresor alter Computer\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll.xBAD" sh=D3950C59BE2BD5572C4BD63ACED4443CC7E41579 ft=0 fh=0000000000000000 vn="Variante von WMA/TrojanDownloader.GetCodec.gen Trojaner (Gesäubert - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\USB Stick\usb\Neuer Ordner\Dance\The Prodigy - One Love.mp3.xBAD" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll.xBAD" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_neueDateien\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll.xBAD" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-203.dll.xBAD" sh=79DAA2D7105B23CAC0BF465C44407C9FCC122DDF ft=1 fh=ddae22fb65275801 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Documents\Neuer Ordner\Neuer Ordner (3)\Neuer Ordner (2)\Datensicherung_Tower_Sicherung_2\Desktop\Neuer Ordner (5)\backups\backup-20101226-175451-491.dll.xBAD" sh=EE170263EA037C877EE979B8863D2EBA5D86D318 ft=1 fh=7109b40decc7c204 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe.xBAD" sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Users\EEEEE\Downloads\cbsidlm-tr1_13-Free_Audio_Cutter-ORG-75444480.exe.xBAD" sh=A8BF6CBF1947DF4A1E73B0A6670CBBCB4BD87E21 ft=1 fh=215be700359ffcb7 vn="Variante von Win32/Packed.Komodia.A verdächtige Datei (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\FRST\Quarantine\C\Windows\SysWOW64\ColorMedia.dll.xBAD" sh=A8B41A00A882E5DF634641E3513CF5B7456918B8 ft=1 fh=3b340c1a45bfd8b7 vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\38307773-d954-48f2-8127-93df0ea63e4a\3e7d90a7-d362-46a9-a145-3ee08200dffd.dll.vir" sh=4E043603B90EE544A5B36BE8E8B04CB84313F624 ft=1 fh=de082fb1cb22794f vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\74ac0708-eebd-4d53-83f6-7f4779f2f294.dll.vir" sh=4E043603B90EE544A5B36BE8E8B04CB84313F624 ft=1 fh=de082fb1cb22794f vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\878e2246-8f7a-48fe-89f9-845dc6abbab7\878e2246-8f7a-48fe-89f9-845dc6abbab7.dll.vir" sh=A8B41A00A882E5DF634641E3513CF5B7456918B8 ft=1 fh=3b340c1a45bfd8b7 vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Acer\38307773-d954-48f2-8127-93df0ea63e4a.dll.vir" sh=126D4F1D231AB4D5906103610A520ADD20CCAB75 ft=1 fh=2c9d015a54b3c263 vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Acer\ed55547d-8d98-4039-96d9-00407eb30671.dll.vir" sh=126D4F1D231AB4D5906103610A520ADD20CCAB75 ft=1 fh=2c9d015a54b3c263 vn="Variante von Win64/Toolbar.Crossrider.P evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Program Files (x86)\ed55547d-8d98-4039-96d9-00407eb30671\ca846dc2-84dd-4e20-94fa-902a5cafe3c0.dll.vir" sh=45007D7AB67E22EE003593B44A645083DC6E2EC6 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\extensions\obdejhodejngcbmkiddfjkieejekbfil\242\content.js.vir" sh=2BD44CFD0C6A2225FCF4370A79C3DA169BAAC900 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Google\Chrome\User Data\default\extensions\obdejhodejngcbmkiddfjkieejekbfil\242\GuJbTt1.js.vir" sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\EEEEE\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\wq@P.net\content\bg.js.vir" sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\EEEEE\AppData\Roaming\Mozilla\Firefox\Profiles\ilhln8u2.default\extensions\staged\Za7@Ky.edu\content\bg.js.vir" sh=C76B47C2CB45A525A1E2719CDDB762A3E7BCF4A5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\wq@P.net\content\bg.js.vir" sh=95EA88F56230BC4ABC15D3710649133932317B34 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\r7teyr0l.default-1417873282698\extensions\staged\Za7@Ky.edu\content\bg.js.vir" sh=8893580829AE06F0CAC42303D43E1B73841EE19B ft=1 fh=2031adc57d10f162 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DDDDD CCCCC\AppData\Roaming\BitTorrent\BitTorrent.exe" sh=8893580829AE06F0CAC42303D43E1B73841EE19B ft=1 fh=2031adc57d10f162 vn="Variante von Win32/AdkDLLWrapper.A evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\DDDDD CCCCC\AppData\Roaming\BitTorrent\updates\7.9.2_31638.exe" sh=99A82A44935AA55E948FBACA5443C0D588ECEB1C ft=1 fh=c1378d07850f9ccb vn="Variante von Win64/Agent.BR Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\dot3ui64.exe" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2015-08-08 06:30:34 # local_time=2015-08-08 08:30:34 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2015-08-08 01:11:56 # local_time=2015-08-08 03:11:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 25187 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=updated # utc_time=2015-08-08 01:13:18 # local_time=2015-08-08 03:13:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=25187 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-08 01:17:53 # local_time=2015-08-08 03:17:53 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 56102 190669723 0 0 # scanned=18061 # found=6 # cleaned=0 # scan_time=274 sh=1BD5660EBB60AF8FC5CE6CE41E6E55D69EF48633 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4.xBAD" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\FMLW.xBAD" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\MLSC.xBAD" sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\NWAUR.xBAD" sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\UHTQPK.xBAD" sh=D6092490B8B905B9058227DF77C38386F2E22BAA ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip.xBAD" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2015-08-08 01:18:46 # local_time=2015-08-08 03:18:46 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download esets_scanner_update returned -1 esets_gle=53251 Update Finalize Updated modules version: 25187 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=updated # utc_time=2015-08-08 01:19:03 # local_time=2015-08-08 03:19:03 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=25187 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-08-08 04:44:30 # local_time=2015-08-08 06:44:30 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 68499 190682120 0 0 # scanned=335351 # found=10 # cleaned=0 # scan_time=12326 sh=1BD5660EBB60AF8FC5CE6CE41E6E55D69EF48633 ft=0 fh=0000000000000000 vn="JS/Kryptik.I Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Local\Mozilla\Firefox\Profiles\ax92hz4x.default-1417957171376\cache2\entries\BB425C587980B0FCFA063FF796BB36E3D76613A4.xBAD" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\FMLW.xBAD" sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\MLSC.xBAD" sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\NWAUR.xBAD" sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\UHTQPK.xBAD" sh=D6092490B8B905B9058227DF77C38386F2E22BAA ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\AppData\Roaming\Booster-Web\jid1-U7omKQ6kQfxMaQ@jetpack.zip.xBAD" sh=76595B98CEA0CD39E47CEBA9F12AE154DFCBF36A ft=0 fh=0000000000000000 vn="Variante von Android/Agent.KW Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\6699.apk" sh=6F07761C3535E234CB4CE675545DA2B86F932E6D ft=0 fh=0000000000000000 vn="Android/AdDisplay.Dowgin.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\7879.apk" sh=5EBE903452CB921A8FCCC07ADEC8B5797AE7903A ft=0 fh=0000000000000000 vn="Variante von Android/Agent.KW Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\un\7343.apk" sh=A3237ED7B0323377ACDCE02E94D12CB17F793ED0 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Installer\73825f.msi" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2015-10-19 12:54:45 # local_time=2015-10-19 02:54:45 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26857 Update Init Update Download Update Finalize Updated modules version: 26869 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2016-02-12 11:57:42 # local_time=2016-02-12 12:57:42 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=updated # utc_time=2016-02-12 12:24:52 # local_time=2016-02-12 01:24:52 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Updated modules version: 28096 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=28096 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-02-12 02:34:47 # local_time=2016-02-12 03:34:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 21070 206917537 0 0 # scanned=258294 # found=6 # cleaned=0 # scan_time=7794 sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=76595B98CEA0CD39E47CEBA9F12AE154DFCBF36A ft=0 fh=0000000000000000 vn="Variante von Android/Agent.GZ Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\6699.apk" sh=6F07761C3535E234CB4CE675545DA2B86F932E6D ft=0 fh=0000000000000000 vn="Android/AdDisplay.Dowgin.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\7879.apk" sh=5EBE903452CB921A8FCCC07ADEC8B5797AE7903A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanDropper.Agent.BP Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\un\7343.apk" ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2016-02-12 10:01:11 # local_time=2016-02-12 11:01:11 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=updated # utc_time=2016-02-12 10:03:09 # local_time=2016-02-12 11:03:09 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Updated modules version: 28105 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=restart # utc_time=2016-02-13 03:35:36 # local_time=2016-02-13 04:35:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 47472 206964386 0 0 # scanned=387646 # found=7 # cleaned=0 # scan_time=19946 sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=76595B98CEA0CD39E47CEBA9F12AE154DFCBF36A ft=0 fh=0000000000000000 vn="Variante von Android/Agent.GZ Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\6699.apk" sh=6F07761C3535E234CB4CE675545DA2B86F932E6D ft=0 fh=0000000000000000 vn="Android/AdDisplay.Dowgin.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\7879.apk" sh=5EBE903452CB921A8FCCC07ADEC8B5797AE7903A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanDropper.Agent.BP Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\un\7343.apk" sh=C08135D45341B114244DE3B8FEA1D337F541421F ft=1 fh=345664347e01a2fc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Downloads\SimpleScreenshot - CHIP-Installer.exe" Update Init Update Download Update Finalize Updated modules version: 28117 Update Init Update Download Update Finalize Updated modules version: 28135 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=init # utc_time=2016-02-16 11:09:07 # local_time=2016-02-17 12:09:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 28164 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # end=updated # utc_time=2016-02-16 11:13:45 # local_time=2016-02-17 12:13:45 (+0100, Mitteleuropäische Zeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=58449cc18ee8504882955fd4081431d5 # engine=28164 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2016-02-18 03:19:41 # local_time=2016-02-18 04:19:41 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 109992 207395431 0 0 # scanned=1751152 # found=36 # cleaned=0 # scan_time=14755 sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Documents and Settings\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Documents and Settings\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Documents and Settings\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Documents and Settings\DDDDD CCCCC\Downloads\PDFCreator-2_2_2-setup.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Dokumente und Einstellungen\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Dokumente und Einstellungen\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Dokumente und Einstellungen\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Dokumente und Einstellungen\DDDDD CCCCC\Downloads\PDFCreator-2_2_2-setup.exe" sh=76595B98CEA0CD39E47CEBA9F12AE154DFCBF36A ft=0 fh=0000000000000000 vn="Variante von Android/Agent.GZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\6699.apk.xBAD" sh=6F07761C3535E234CB4CE675545DA2B86F932E6D ft=0 fh=0000000000000000 vn="Android/AdDisplay.Dowgin.AT evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\7879.apk.xBAD" sh=5EBE903452CB921A8FCCC07ADEC8B5797AE7903A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanDropper.Agent.BP Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\un\7343.apk.xBAD" sh=C08135D45341B114244DE3B8FEA1D337F541421F ft=1 fh=345664347e01a2fc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\DDDDD CCCCC\Downloads\SimpleScreenshot - CHIP-Installer.exe.xBAD" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Documents and Settings\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Documents and Settings\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Documents and Settings\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Documents and Settings\DDDDD CCCCC\Downloads\PDFCreator-2_2_2-setup.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Dokumente und Einstellungen\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Dokumente und Einstellungen\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Dokumente und Einstellungen\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Dokumente und Einstellungen\DDDDD CCCCC\Downloads\PDFCreator-2_2_2-setup.exe" sh=76595B98CEA0CD39E47CEBA9F12AE154DFCBF36A ft=0 fh=0000000000000000 vn="Variante von Android/Agent.GZ Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\6699.apk.xBAD" sh=6F07761C3535E234CB4CE675545DA2B86F932E6D ft=0 fh=0000000000000000 vn="Android/AdDisplay.Dowgin.AT evtl. unerwünschte Anwendung" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\fp\7879.apk.xBAD" sh=5EBE903452CB921A8FCCC07ADEC8B5797AE7903A ft=0 fh=0000000000000000 vn="Variante von Android/TrojanDropper.Agent.BP Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\FRST\Quarantine\C\Users\DDDDD CCCCC\Desktop\Desktop\Tablett\Android\data\un\7343.apk.xBAD" sh=C08135D45341B114244DE3B8FEA1D337F541421F ft=1 fh=345664347e01a2fc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\FRST\Quarantine\C\Users\DDDDD CCCCC\Downloads\SimpleScreenshot - CHIP-Installer.exe.xBAD" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\drive\C\Users\DDDDD CCCCC\Downloads\PDFCreator-2_2_2-setup.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\user\current\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\user\current\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\user\current\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Sandbox\DDDDD_CCCCC\DefaultBox\user\current\Downloads\PDFCreator-2_2_2-setup.exe" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.2.Directors.Cut.German.2005.DVDRiP.XviD-CRiTiCAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.III.UNRATED.DiRECTORS.CUT.German.Dubbed.2006.DVDRiP.XviD-LizardsGods\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="LNK/Agent.CH Trojaner" ac=I fn="C:\Users\DDDDD CCCCC\Desktop\Desktop\Neuer Ordner (4)\aufräumen, was geht\Ordner\Ziele\Jahresplanung 2013\alte Dateien\alte Dateien\Tresor alter Computer\Downloads\[www.byte.to].Saw.IV.German.DVDRip.XviD-CRUCiAL\GRATISDownload JETZT 3 GigabyteMusik.Video.Games.url" sh=148BC745CB91B9DFDD09FF955DCE01CA6DC10F5A ft=1 fh=cce6864c1bf4fbda vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\DDDDD CCCCC\Downloads\PDFCreator-2_2_2-setup.exe" Die Lesezeichen sind gerettet. Mit der Funktion: "Bereinigungung" hätte es glaube ich auch funktioniert. Web Companion ist allerdings immer noch installiert. Kann ich es einfach deinstallieren? |
18.02.2016, 09:02 | #60 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner eingefangen? Lade Dir bitte von hier Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojaner eingefangen? |
compu, ebook, eingefangen, gefangen, gen, glaube, heute, immer wieder, keine rückmeldung, komische, konnte, lautsprecher, leute, nichts, notebook, nutze, rückmeldung, starte, starthilfe, tagen, troja, trojaner, trojaner eingefangen, virus, windows |