Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Interpol/BKA Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.11.2013, 11:12   #1
Sevikar
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Hallo Trojaner Board Team,
Ich habe mir ebenfalls, auf meinem HAuptprofil einen Interpol/BKA Trojaner eingefangen, der mich auffordert ihnen Geld für die Freischaltung zu überweisen.
Nun bin ich auf eure Hilfe angewiesen und hoffe dass ihr mir helft, diesen Trojaner wieder loszuwerden.

Ich habe es schon mit der Systemwiederherstellung versucht, ebenfalls mit dem Menü Computer Reparieren, bevor ich auf eure Seite gestoßen bin.

Ich bin wirklich nahe der Verzweiflung.

Vielen dank schon mal im vorraus.
Mit freundlichen Grüßen
Sevikar

Alt 10.11.2013, 14:14   #2
aharonov
/// TB-Ausbilder
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Hallo Sevikar,

mach bitte einen FRST-Scan aus den Reperaturoptionen:


Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 10.11.2013, 17:35   #3
Sevikar
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Hallo arahonov,
Ich habe nun gemacht, wie du es beschrieben hast, nur heisst es ich müsse meine ziffern kürzen, was mache ich nun?

Upps da waren wohl die Finger wieder etwas zu schnell, aharonov meinte ich natürlich

[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Marian (administrator) on MARIAN-PC on 10-11-2013 17:17:53
Running from C:\Users\Marian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
(COMPANYVERS_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
() C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE
(UASSOFT.COM) C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\loggingserver.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\vsnpstd3.exe
() C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(MindSpark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe
() C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [548936 2013-06-20] ()
HKCU\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKCU\...\Run: [AROReminder] - C:\Program Files (x86)\ARO 2012\ARO.exe [2552688 2012-01-06] (Support.com, Inc.)
HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-09-28] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-07-25] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [WireLessMouse] - C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [44784 2013-06-20] (MindSpark)
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-06-20] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Advanced System Protector_startup] - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6588272 2013-10-04] (Systweak)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ehfhbnb.lnk
ShortcutTarget: ehfhbnb.lnk -> C:\PROGRA~3\bnbhfhe.dss (Microsoft Corporation)
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\Marian\AppData\Local\Temp\is-AICRO.tmp\ATR1.exe (No File)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YY^de&ptb=3E691828-DB1F-4F05-A0AD-C49C38B1BB36&si=swissconverter
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={C7116042-2B71-4C80-BFFE-E86FA1FF8655}&mid=3ec46191475447d1b322012ea3c047ad-0b9adabb025698a8169125cb2314e36b1a36cd1e&lang=de&ds=AVG&pr=pr&d=2012-02-07 17:01:19&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A605BB24-9ADB-4A20-B8F8-0D382B77C032} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=13153&src=kw&q={searchTerms}&locale=&apn_ptnrs=S2&apn_dtid=YYYYYYYYDE&apn_uid=5ce01b61-567e-401f-817d-e548de49ef94&apn_sauid=D0B93AB2-0E19-4D61-83E6-B922CB5CBF14
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120212154438.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120212154438.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.0.9\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.0.0.9\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.1\ViProtocol.dll (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default
FF user.js: detected! => C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\user.js
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: metaCrawler
FF Homepage: hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0AtCyEtA0EyC0CyByCyEtDtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=64302556&ir=
FF Keyword.URL: hxxp://isearch.avg.com/search?pid=avg&sg=0&cid=%7Bbeda745e-ab48-4d1d-84d2-1c35f6f66353%7D&mid=3ec46191475447d1b322012ea3c047ad-0b9adabb025698a8169125cb2314e36b1a36cd1e&ds=AVG&coid=&v=17.0.0.9&lang=de&pr=pr&d=2012-02-07%2017%3A01%3A19&sap=ku&q=
FF NetworkProxy: "type", 0
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\metaCrawler.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: FromDocToPDF - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\65ffxtbr@FromDocToPDF_65.com
FF Extension: metacrawler.com - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\ffxtlbr@metacrawler.com
FF Extension: Support.com Toolbar - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\toolbar@ask.com
FF Extension: MetaCrawler New Tab - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{60364604-8b4c-42f4-a2ca-a76ca7b61b37}
FF Extension: ICQ Toolbar - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DownloadHelper - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: BonanzaDeals - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF Extension: ciuvo-extension - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.0.0.9
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin

Chrome:
=======
CHR RestoreOnStartup: "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefi xUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Drive) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (AVG Safe Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0
CHR Extension: (Gmail) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.0.0.9\avg.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-10] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-10] (BonanzaDeals)
R2 FromDocToPDF_65Service; C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-06-20] (COMPANYVERS_NAME)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-07-25] ()
R2 ICQ Service; C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE [247872 2012-03-20] ()
R2 KMWDSERVICE; C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [208896 2007-02-28] (UASSOFT.COM)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2011-10-18] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-02-18] ()
R2 vToolbarUpdater17.0.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [1734680 2013-09-28] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-09-28] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-10 17:02 - 2013-11-10 17:02 - 01957562 _____ (Farbar) C:\Users\Marian\Downloads\FRST64(1).exe
2013-11-10 11:04 - 2013-11-10 11:04 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-10 10:58 - 2013-11-10 10:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-11-10 10:53 - 2013-11-10 10:53 - 00074856 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:53 - 2013-11-10 10:53 - 00000000 ____D C:\Users\Gast\AppData\Roaming\AVG2012
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Roxio
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Leadertech
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell Touch Zone
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Local\Dell
2013-11-10 10:51 - 2013-11-10 10:52 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:51 - 2013-11-10 10:52 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-10 10:51 - 2013-11-10 10:51 - 00001379 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-10 10:49 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast
2013-11-10 10:49 - 2013-11-10 10:49 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:01 - 00000000 ____D C:\Users\Gast\AppData\Local\SoftThinks
2013-11-10 10:49 - 2013-01-30 16:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\TuneUp Software
2013-11-10 10:49 - 2011-11-22 21:07 - 00000000 ___RD C:\Users\Gast\Desktop\Spiele spielen
2013-11-10 10:49 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-10 10:49 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-10 10:26 - 2013-11-10 10:26 - 00028309 _____ C:\Users\Marian\Downloads\Addition.txt
2013-11-10 10:25 - 2013-11-10 10:25 - 00000000 ____D C:\FRST
2013-11-10 10:24 - 2013-11-10 10:24 - 01957098 _____ (Farbar) C:\Users\Marian\Downloads\FRST64.exe
2013-11-10 10:18 - 2013-11-10 10:18 - 00702960 _____ C:\Users\Marian\Downloads\DownloadAcceleratorSetup.exe
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DivX
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files\DivX
2013-11-10 10:13 - 2013-11-10 10:51 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-10 10:13 - 2013-11-10 10:13 - 00001089 _____ C:\Users\Marian\Desktop\MyPC Backup.lnk
2013-11-10 10:13 - 2013-11-10 10:13 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-10 10:12 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-10 10:12 - 2013-11-10 10:12 - 00001203 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-11-10 10:12 - 2013-11-10 10:12 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Users\Marian\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\ProgramData\Systweak
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-11-10 10:12 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-11-10 10:11 - 2013-11-10 10:14 - 00000000 ____D C:\ProgramData\DivX
2013-11-10 10:11 - 2013-11-10 10:13 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Systweak
2013-11-10 10:11 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-10 10:11 - 2013-11-10 10:11 - 00715038 _____ C:\Windows\unins000.exe
2013-11-10 10:11 - 2013-11-10 10:11 - 00001992 _____ C:\Windows\unins000.dat
2013-11-10 10:11 - 2013-11-10 10:11 - 00001052 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\MetaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\LavFilters
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DigitalSite
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\CDXReader
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Local\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\metaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-10 10:11 - 2013-09-17 11:25 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-11-10 10:11 - 2012-02-26 16:47 - 00079360 _____ C:\Windows\SysWOW64\ff_vfw.dll
2013-11-10 10:11 - 2012-01-09 20:45 - 00178688 _____ C:\Windows\SysWOW64\unrar.dll
2013-11-10 10:11 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2013-11-10 10:11 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-11-10 10:11 - 2011-05-30 14:42 - 00255488 _____ C:\Windows\system32\xvidvfw.dll
2013-11-10 10:11 - 2011-05-30 14:42 - 00240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2013-11-10 10:11 - 2011-05-23 10:52 - 00153088 _____ C:\Windows\SysWOW64\xvid.ax
2013-11-10 10:11 - 2011-05-23 08:49 - 00173568 _____ C:\Windows\system32\xvid.ax
2013-11-10 10:11 - 2011-05-23 08:46 - 00645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2013-11-10 10:11 - 2011-05-23 08:45 - 00696832 _____ C:\Windows\system32\xvidcore.dll
2013-11-10 10:07 - 2013-11-10 10:07 - 00702672 _____ C:\Users\Marian\Downloads\UltimateCodec.exe
2013-11-10 10:01 - 2013-11-10 17:13 - 00000279 _____ C:\ProgramData\ehfhbnb.reg
2013-11-09 17:56 - 2013-11-09 18:02 - 00000990 _____ C:\Users\Public\Desktop\Spielkiste.lnk
2013-11-09 17:56 - 2013-11-09 17:56 - 00000000 ____D C:\Program Files (x86)\Einfach_Spielen
2013-11-09 17:55 - 2013-11-09 18:02 - 00002342 _____ C:\Users\Public\Desktop\Fluch des Goldes spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001465 _____ C:\Users\Public\Desktop\Moorhuhn Invasion spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001436 _____ C:\Users\Public\Desktop\Moorhuhn Directors Cut spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 3 spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001364 _____ C:\Users\Public\Desktop\Schatzjäger spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001453 _____ C:\Users\Public\Desktop\Moorhuhn Piraten spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Winter spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Remake spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001435 _____ C:\Users\Public\Desktop\Moorhuhn Atlantis spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 2 spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001418 _____ C:\Users\Public\Desktop\Schatz des Pharao spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001404 _____ C:\Users\Public\Desktop\Moorhuhn Wanted spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001390 _____ C:\Users\Public\Desktop\Die original Moorhuhnjagd.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001369 _____ C:\Users\Public\Desktop\Moorhuhn X spielen.lnk
2013-11-09 17:53 - 2013-11-09 18:02 - 00002401 _____ C:\Users\Public\Desktop\Moorhuhn Kart Extra spielen.lnk
2013-11-09 17:53 - 2013-11-09 18:02 - 00001429 _____ C:\Users\Public\Desktop\Moorhuhn Kart Thunder spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Kart 3 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001411 _____ C:\Users\Public\Desktop\Moorhuhn Kart 2 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001390 _____ C:\Users\Public\Desktop\Moorhuhn Kart spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 3 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 2 spielen.lnk
2013-11-09 15:27 - 2013-11-10 17:13 - 95025368 ____T C:\ProgramData\ehfhbnb.bxx
2013-11-09 15:27 - 2013-11-10 17:13 - 00000000 _____ C:\ProgramData\ehfhbnb.fvv
2013-11-09 15:27 - 2013-11-09 15:27 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\bnbhfhe.dss
2013-11-09 15:27 - 2013-11-09 15:27 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\ehfhbnb.pss
2013-11-04 20:31 - 2013-11-04 20:31 - 00000000 ____D C:\Users\Marian\AppData\Local\techland
2013-11-04 20:30 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-04 20:30 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-04 20:30 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-04 20:22 - 2013-11-04 20:22 - 00000222 _____ C:\Users\Marian\Desktop\Call of Juarez Gunslinger.url
2013-11-04 20:22 - 2013-11-04 20:22 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-04 19:46 - 2013-11-10 17:14 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-04 19:46 - 2013-11-04 19:46 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-10-12 14:08 - 2013-10-12 14:09 - 01643276 _____ C:\Users\Marian\Documents\hihäpljo.xps

==================== One Month Modified Files and Folders =======

2013-11-10 17:17 - 2010-11-21 07:50 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-10 17:17 - 2010-11-21 07:50 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-10 17:17 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-10 17:14 - 2013-11-04 19:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-10 17:14 - 2013-06-03 15:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-10 17:14 - 2012-12-22 11:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-10 17:14 - 2011-11-22 21:20 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-10 17:14 - 2011-11-22 21:20 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-10 17:14 - 2011-11-22 20:51 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-10 17:13 - 2013-11-10 10:01 - 00000279 _____ C:\ProgramData\ehfhbnb.reg
2013-11-10 17:13 - 2013-11-09 15:27 - 95025368 ____T C:\ProgramData\ehfhbnb.bxx
2013-11-10 17:13 - 2013-11-09 15:27 - 00000000 _____ C:\ProgramData\ehfhbnb.fvv
2013-11-10 17:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-10 17:12 - 2009-07-14 05:51 - 00122730 _____ C:\Windows\setupact.log
2013-11-10 17:07 - 2011-11-22 20:27 - 01278820 _____ C:\Windows\WindowsUpdate.log
2013-11-10 17:05 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-10 17:05 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-10 17:02 - 2013-11-10 17:02 - 01957562 _____ (Farbar) C:\Users\Marian\Downloads\FRST64(1).exe
2013-11-10 12:44 - 2012-12-22 11:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-10 11:04 - 2013-11-10 11:04 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-10 10:58 - 2013-11-10 10:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-11-10 10:56 - 2012-02-07 17:00 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-11-10 10:53 - 2013-11-10 10:53 - 00074856 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:53 - 2013-11-10 10:53 - 00000000 ____D C:\Users\Gast\AppData\Roaming\AVG2012
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Roxio
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Leadertech
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell Touch Zone
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Local\Dell
2013-11-10 10:52 - 2013-11-10 10:51 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:52 - 2013-11-10 10:51 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-10 10:51 - 2013-11-10 10:51 - 00001379 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-10 10:51 - 2013-11-10 10:49 - 00000000 ____D C:\Users\Gast
2013-11-10 10:51 - 2013-11-10 10:13 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-10 10:50 - 2009-07-14 05:45 - 00334320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-10 10:49 - 2013-11-10 10:49 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-10 10:35 - 2010-08-06 05:15 - 00000000 ____D C:\Users\Marian\Desktop\USB Musik
2013-11-10 10:34 - 2012-02-06 17:21 - 00074856 _____ C:\Users\Marian\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:26 - 2013-11-10 10:26 - 00028309 _____ C:\Users\Marian\Downloads\Addition.txt
2013-11-10 10:25 - 2013-11-10 10:25 - 00000000 ____D C:\FRST
2013-11-10 10:24 - 2013-11-10 10:24 - 01957098 _____ (Farbar) C:\Users\Marian\Downloads\FRST64.exe
2013-11-10 10:18 - 2013-11-10 10:18 - 00702960 _____ C:\Users\Marian\Downloads\DownloadAcceleratorSetup.exe
2013-11-10 10:17 - 2012-02-06 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DivX
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files\DivX
2013-11-10 10:14 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-10 10:14 - 2013-11-10 10:11 - 00000000 ____D C:\ProgramData\DivX
2013-11-10 10:13 - 2013-11-10 10:13 - 00001089 _____ C:\Users\Marian\Desktop\MyPC Backup.lnk
2013-11-10 10:13 - 2013-11-10 10:13 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-10 10:13 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Systweak
2013-11-10 10:13 - 2012-02-06 17:22 - 00000000 ___RD C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:12 - 2013-11-10 10:12 - 00001203 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-11-10 10:12 - 2013-11-10 10:12 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Users\Marian\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\ProgramData\Systweak
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-11-10 10:12 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-10 10:11 - 2013-11-10 10:11 - 00715038 _____ C:\Windows\unins000.exe
2013-11-10 10:11 - 2013-11-10 10:11 - 00001992 _____ C:\Windows\unins000.dat
2013-11-10 10:11 - 2013-11-10 10:11 - 00001052 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\MetaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\LavFilters
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DigitalSite
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\CDXReader
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Local\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\metaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-10 10:07 - 2013-11-10 10:07 - 00702672 _____ C:\Users\Marian\Downloads\UltimateCodec.exe
2013-11-10 10:01 - 2013-11-10 10:49 - 00000000 ____D C:\Users\Gast\AppData\Local\SoftThinks
2013-11-09 18:02 - 2013-11-09 17:56 - 00000990 _____ C:\Users\Public\Desktop\Spielkiste.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00002342 _____ C:\Users\Public\Desktop\Fluch des Goldes spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001465 _____ C:\Users\Public\Desktop\Moorhuhn Invasion spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001436 _____ C:\Users\Public\Desktop\Moorhuhn Directors Cut spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001364 _____ C:\Users\Public\Desktop\Schatzjäger spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001453 _____ C:\Users\Public\Desktop\Moorhuhn Piraten spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Winter spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Remake spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001435 _____ C:\Users\Public\Desktop\Moorhuhn Atlantis spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 2 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001418 _____ C:\Users\Public\Desktop\Schatz des Pharao spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001404 _____ C:\Users\Public\Desktop\Moorhuhn Wanted spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001390 _____ C:\Users\Public\Desktop\Die original Moorhuhnjagd.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001369 _____ C:\Users\Public\Desktop\Moorhuhn X spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:53 - 00002401 _____ C:\Users\Public\Desktop\Moorhuhn Kart Extra spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:53 - 00001429 _____ C:\Users\Public\Desktop\Moorhuhn Kart Thunder spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Kart 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001411 _____ C:\Users\Public\Desktop\Moorhuhn Kart 2 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001390 _____ C:\Users\Public\Desktop\Moorhuhn Kart spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 2 spielen.lnk
2013-11-09 17:58 - 2011-11-22 21:00 - 00412483 _____ C:\Windows\DirectX.log
2013-11-09 17:56 - 2013-11-09 17:56 - 00000000 ____D C:\Program Files (x86)\Einfach_Spielen
2013-11-09 17:54 - 2012-07-25 16:21 - 00000000 ____D C:\Users\Marian\Desktop\Frauen Bilder
2013-11-09 17:52 - 2013-06-19 18:18 - 00000000 ____D C:\Program Files (x86)\Phenomedia
2013-11-09 17:52 - 2011-11-22 20:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-09 15:27 - 2013-11-09 15:27 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\bnbhfhe.dss
2013-11-09 15:27 - 2013-11-09 15:27 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\ehfhbnb.pss
2013-11-09 14:19 - 2013-05-22 17:01 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-11-04 20:31 - 2013-11-04 20:31 - 00000000 ____D C:\Users\Marian\AppData\Local\techland
2013-11-04 20:22 - 2013-11-04 20:22 - 00000222 _____ C:\Users\Marian\Desktop\Call of Juarez Gunslinger.url
2013-11-04 20:22 - 2013-11-04 20:22 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-04 19:46 - 2013-11-04 19:46 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-03 10:49 - 2012-02-07 17:23 - 00000000 ____D C:\Users\Marian\Documents\FIFA 11
2013-10-29 19:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-29 19:25 - 2011-11-22 21:13 - 00000000 ____D C:\ProgramData\Sonic
2013-10-29 16:32 - 2012-03-17 09:30 - 00000000 ____D C:\Users\Marian\dwhelper
2013-10-18 15:48 - 2012-12-22 11:13 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 15:39 - 2012-12-22 11:12 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-16 15:39 - 2012-12-22 11:12 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 14:09 - 2013-10-12 14:08 - 01643276 _____ C:\Users\Marian\Documents\hihäpljo.xps
__________________

Alt 10.11.2013, 17:37   #4
Sevikar
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Code:
ATTFilter
Files to move or delete:
====================
C:\ProgramData\bnbhfhe.dss
C:\ProgramData\ehfhbnb.reg


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Marian\AppData\Local\Temp\AskSLib.dll
C:\Users\Marian\AppData\Local\Temp\AutoRun.exe
C:\Users\Marian\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Marian\AppData\Local\Temp\avguidx.dll
C:\Users\Marian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marian\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Marian\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Marian\AppData\Local\Temp\EAD10.exe
C:\Users\Marian\AppData\Local\Temp\EAD1006.exe
C:\Users\Marian\AppData\Local\Temp\EAD1016.exe
C:\Users\Marian\AppData\Local\Temp\EAD1017.exe
C:\Users\Marian\AppData\Local\Temp\EAD1026.exe
C:\Users\Marian\AppData\Local\Temp\EAD1035.exe
C:\Users\Marian\AppData\Local\Temp\EAD1054.exe
C:\Users\Marian\AppData\Local\Temp\EAD1074.exe
C:\Users\Marian\AppData\Local\Temp\EAD109.exe
C:\Users\Marian\AppData\Local\Temp\EAD1093.exe
C:\Users\Marian\AppData\Local\Temp\EAD10A.exe
C:\Users\Marian\AppData\Local\Temp\EAD1110.exe
C:\Users\Marian\AppData\Local\Temp\EAD112F.exe
C:\Users\Marian\AppData\Local\Temp\EAD116D.exe
C:\Users\Marian\AppData\Local\Temp\EAD118.exe
C:\Users\Marian\AppData\Local\Temp\EAD11CB.exe
C:\Users\Marian\AppData\Local\Temp\EAD11CC.exe
C:\Users\Marian\AppData\Local\Temp\EAD11FA.exe
C:\Users\Marian\AppData\Local\Temp\EAD1228.exe
C:\Users\Marian\AppData\Local\Temp\EAD1238.exe
C:\Users\Marian\AppData\Local\Temp\EAD1248.exe
C:\Users\Marian\AppData\Local\Temp\EAD128.exe
C:\Users\Marian\AppData\Local\Temp\EAD12B5.exe
C:\Users\Marian\AppData\Local\Temp\EAD12F3.exe
C:\Users\Marian\AppData\Local\Temp\EAD1332.exe
C:\Users\Marian\AppData\Local\Temp\EAD1341.exe
C:\Users\Marian\AppData\Local\Temp\EAD1342.exe
C:\Users\Marian\AppData\Local\Temp\EAD1380.exe
C:\Users\Marian\AppData\Local\Temp\EAD140C.exe
C:\Users\Marian\AppData\Local\Temp\EAD141C.exe
C:\Users\Marian\AppData\Local\Temp\EAD142B.exe
C:\Users\Marian\AppData\Local\Temp\EAD144A.exe
C:\Users\Marian\AppData\Local\Temp\EAD144B.exe
C:\Users\Marian\AppData\Local\Temp\EAD1479.exe
C:\Users\Marian\AppData\Local\Temp\EAD1525.exe
C:\Users\Marian\AppData\Local\Temp\EAD1554.exe
C:\Users\Marian\AppData\Local\Temp\EAD15E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD15FF.exe
C:\Users\Marian\AppData\Local\Temp\EAD1600.exe
C:\Users\Marian\AppData\Local\Temp\EAD162E.exe
C:\Users\Marian\AppData\Local\Temp\EAD168C.exe
C:\Users\Marian\AppData\Local\Temp\EAD16CA.exe
C:\Users\Marian\AppData\Local\Temp\EAD16F9.exe
C:\Users\Marian\AppData\Local\Temp\EAD1718.exe
C:\Users\Marian\AppData\Local\Temp\EAD1728.exe
C:\Users\Marian\AppData\Local\Temp\EAD1737.exe
C:\Users\Marian\AppData\Local\Temp\EAD1776.exe
C:\Users\Marian\AppData\Local\Temp\EAD17C4.exe
C:\Users\Marian\AppData\Local\Temp\EAD17D3.exe
C:\Users\Marian\AppData\Local\Temp\EAD17E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD17E4.exe
C:\Users\Marian\AppData\Local\Temp\EAD17F2.exe
C:\Users\Marian\AppData\Local\Temp\EAD1812.exe
C:\Users\Marian\AppData\Local\Temp\EAD1850.exe
C:\Users\Marian\AppData\Local\Temp\EAD1851.exe
C:\Users\Marian\AppData\Local\Temp\EAD187F.exe
C:\Users\Marian\AppData\Local\Temp\EAD189E.exe
C:\Users\Marian\AppData\Local\Temp\EAD18DC.exe
C:\Users\Marian\AppData\Local\Temp\EAD18EC.exe
C:\Users\Marian\AppData\Local\Temp\EAD1988.exe
C:\Users\Marian\AppData\Local\Temp\EAD19B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD19B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD19B9.exe
C:\Users\Marian\AppData\Local\Temp\EAD19C6.exe
C:\Users\Marian\AppData\Local\Temp\EAD1A53.exe
C:\Users\Marian\AppData\Local\Temp\EAD1AA1.exe
C:\Users\Marian\AppData\Local\Temp\EAD1AB0.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B0E.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B1E.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B4C.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B6C.exe
C:\Users\Marian\AppData\Local\Temp\EAD1BAA.exe
C:\Users\Marian\AppData\Local\Temp\EAD1BBA.exe
C:\Users\Marian\AppData\Local\Temp\EAD1BD9.exe
C:\Users\Marian\AppData\Local\Temp\EAD1C36.exe
C:\Users\Marian\AppData\Local\Temp\EAD1C46.exe
C:\Users\Marian\AppData\Local\Temp\EAD1C56.exe
C:\Users\Marian\AppData\Local\Temp\EAD1CC3.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D01.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D11.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D20.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D40.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D4F.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D50.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D6E.exe
C:\Users\Marian\AppData\Local\Temp\EAD1E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD1E87.exe
C:\Users\Marian\AppData\Local\Temp\EAD1E97.exe
C:\Users\Marian\AppData\Local\Temp\EAD1EC6.exe
C:\Users\Marian\AppData\Local\Temp\EAD1EE5.exe
C:\Users\Marian\AppData\Local\Temp\EAD1EF4.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F33.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F52.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F71.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F72.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F90.exe
C:\Users\Marian\AppData\Local\Temp\EAD1FDE.exe
C:\Users\Marian\AppData\Local\Temp\EAD1FEE.exe
C:\Users\Marian\AppData\Local\Temp\EAD1FFE.exe
C:\Users\Marian\AppData\Local\Temp\EAD200D.exe
C:\Users\Marian\AppData\Local\Temp\EAD206B.exe
C:\Users\Marian\AppData\Local\Temp\EAD209A.exe
C:\Users\Marian\AppData\Local\Temp\EAD20B9.exe
C:\Users\Marian\AppData\Local\Temp\EAD20BA.exe
C:\Users\Marian\AppData\Local\Temp\EAD20D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD2155.exe
C:\Users\Marian\AppData\Local\Temp\EAD2184.exe
C:\Users\Marian\AppData\Local\Temp\EAD2193.exe
C:\Users\Marian\AppData\Local\Temp\EAD21A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD2210.exe
C:\Users\Marian\AppData\Local\Temp\EAD222F.exe
C:\Users\Marian\AppData\Local\Temp\EAD225E.exe
C:\Users\Marian\AppData\Local\Temp\EAD22BC.exe
C:\Users\Marian\AppData\Local\Temp\EAD22FA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2319.exe
C:\Users\Marian\AppData\Local\Temp\EAD2386.exe
C:\Users\Marian\AppData\Local\Temp\EAD23A6.exe
C:\Users\Marian\AppData\Local\Temp\EAD23B5.exe
C:\Users\Marian\AppData\Local\Temp\EAD23B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD23D4.exe
C:\Users\Marian\AppData\Local\Temp\EAD23D5.exe
C:\Users\Marian\AppData\Local\Temp\EAD2403.exe
C:\Users\Marian\AppData\Local\Temp\EAD2422.exe
C:\Users\Marian\AppData\Local\Temp\EAD24DE.exe
C:\Users\Marian\AppData\Local\Temp\EAD250C.exe
C:\Users\Marian\AppData\Local\Temp\EAD250D.exe
C:\Users\Marian\AppData\Local\Temp\EAD251C.exe
C:\Users\Marian\AppData\Local\Temp\EAD252C.exe
C:\Users\Marian\AppData\Local\Temp\EAD253B.exe
C:\Users\Marian\AppData\Local\Temp\EAD254B.exe
C:\Users\Marian\AppData\Local\Temp\EAD255A.exe
C:\Users\Marian\AppData\Local\Temp\EAD255B.exe
C:\Users\Marian\AppData\Local\Temp\EAD25A8.exe
C:\Users\Marian\AppData\Local\Temp\EAD260.exe
C:\Users\Marian\AppData\Local\Temp\EAD2606.exe
C:\Users\Marian\AppData\Local\Temp\EAD2625.exe
C:\Users\Marian\AppData\Local\Temp\EAD2644.exe
C:\Users\Marian\AppData\Local\Temp\EAD2645.exe
C:\Users\Marian\AppData\Local\Temp\EAD2664.exe
C:\Users\Marian\AppData\Local\Temp\EAD2692.exe
C:\Users\Marian\AppData\Local\Temp\EAD26B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD26D1.exe
C:\Users\Marian\AppData\Local\Temp\EAD26E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD276D.exe
C:\Users\Marian\AppData\Local\Temp\EAD277C.exe
C:\Users\Marian\AppData\Local\Temp\EAD278C.exe
C:\Users\Marian\AppData\Local\Temp\EAD27DA.exe
C:\Users\Marian\AppData\Local\Temp\EAD27F.exe
C:\Users\Marian\AppData\Local\Temp\EAD2876.exe
C:\Users\Marian\AppData\Local\Temp\EAD2877.exe
C:\Users\Marian\AppData\Local\Temp\EAD28B4.exe
C:\Users\Marian\AppData\Local\Temp\EAD28E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD2931.exe
C:\Users\Marian\AppData\Local\Temp\EAD2941.exe
C:\Users\Marian\AppData\Local\Temp\EAD2942.exe
C:\Users\Marian\AppData\Local\Temp\EAD2950.exe
C:\Users\Marian\AppData\Local\Temp\EAD2960.exe
C:\Users\Marian\AppData\Local\Temp\EAD2961.exe
C:\Users\Marian\AppData\Local\Temp\EAD2970.exe
C:\Users\Marian\AppData\Local\Temp\EAD297F.exe
C:\Users\Marian\AppData\Local\Temp\EAD29CD.exe
C:\Users\Marian\AppData\Local\Temp\EAD29DD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A0C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A0D.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A3A.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A5A.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A79.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A88.exe
C:\Users\Marian\AppData\Local\Temp\EAD2AA8.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B15.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B16.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B63.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B92.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C1E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C1F.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C2E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C4D.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C4E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C5C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C8B.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C8C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C8D.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CAA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CBA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CCA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CCB.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CCC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D08.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D18.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D19.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D37.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D38.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D56.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D66.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D67.exe
C:\Users\Marian\AppData\Local\Temp\EAD2DB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD2DD3.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E11.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E50.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E51.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E8E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EAD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EBD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EBE.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EDC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EDD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EFB.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F1A.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F49.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F88.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F97.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FA7.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FB6.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FC6.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FC7.exe
C:\Users\Marian\AppData\Local\Temp\EAD3004.exe
C:\Users\Marian\AppData\Local\Temp\EAD3014.exe
C:\Users\Marian\AppData\Local\Temp\EAD3072.exe
C:\Users\Marian\AppData\Local\Temp\EAD3073.exe
C:\Users\Marian\AppData\Local\Temp\EAD30B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C1.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C2.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD30CF.exe
C:\Users\Marian\AppData\Local\Temp\EAD30D0.exe
C:\Users\Marian\AppData\Local\Temp\EAD30DF.exe
C:\Users\Marian\AppData\Local\Temp\EAD30FE.exe
C:\Users\Marian\AppData\Local\Temp\EAD311D.exe
C:\Users\Marian\AppData\Local\Temp\EAD314C.exe
C:\Users\Marian\AppData\Local\Temp\EAD31AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD31AB.exe
C:\Users\Marian\AppData\Local\Temp\EAD31B.exe
C:\Users\Marian\AppData\Local\Temp\EAD31C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD31D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD31D9.exe
C:\Users\Marian\AppData\Local\Temp\EAD3249.exe
C:\Users\Marian\AppData\Local\Temp\EAD3274.exe
C:\Users\Marian\AppData\Local\Temp\EAD3275.exe
C:\Users\Marian\AppData\Local\Temp\EAD3276.exe
C:\Users\Marian\AppData\Local\Temp\EAD3294.exe
C:\Users\Marian\AppData\Local\Temp\EAD32A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD32B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD3330.exe
C:\Users\Marian\AppData\Local\Temp\EAD3331.exe
C:\Users\Marian\AppData\Local\Temp\EAD334F.exe
C:\Users\Marian\AppData\Local\Temp\EAD3350.exe
C:\Users\Marian\AppData\Local\Temp\EAD33AC.exe
C:\Users\Marian\AppData\Local\Temp\EAD33DB.exe
C:\Users\Marian\AppData\Local\Temp\EAD340A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3439.exe
C:\Users\Marian\AppData\Local\Temp\EAD343A.exe
C:\Users\Marian\AppData\Local\Temp\EAD343B.exe
C:\Users\Marian\AppData\Local\Temp\EAD3448.exe
C:\Users\Marian\AppData\Local\Temp\EAD3449.exe
C:\Users\Marian\AppData\Local\Temp\EAD3458.exe
C:\Users\Marian\AppData\Local\Temp\EAD3459.exe
C:\Users\Marian\AppData\Local\Temp\EAD34B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD34C5.exe
C:\Users\Marian\AppData\Local\Temp\EAD34D5.exe
C:\Users\Marian\AppData\Local\Temp\EAD3532.exe
C:\Users\Marian\AppData\Local\Temp\EAD3571.exe
C:\Users\Marian\AppData\Local\Temp\EAD35AF.exe
C:\Users\Marian\AppData\Local\Temp\EAD363C.exe
C:\Users\Marian\AppData\Local\Temp\EAD368A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3699.exe
C:\Users\Marian\AppData\Local\Temp\EAD369A.exe
C:\Users\Marian\AppData\Local\Temp\EAD369B.exe
C:\Users\Marian\AppData\Local\Temp\EAD36D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD3716.exe
C:\Users\Marian\AppData\Local\Temp\EAD3726.exe
C:\Users\Marian\AppData\Local\Temp\EAD3727.exe
C:\Users\Marian\AppData\Local\Temp\EAD3745.exe
C:\Users\Marian\AppData\Local\Temp\EAD3754.exe
C:\Users\Marian\AppData\Local\Temp\EAD379.exe
C:\Users\Marian\AppData\Local\Temp\EAD37B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD381F.exe
C:\Users\Marian\AppData\Local\Temp\EAD383E.exe
C:\Users\Marian\AppData\Local\Temp\EAD383F.exe
C:\Users\Marian\AppData\Local\Temp\EAD389C.exe
C:\Users\Marian\AppData\Local\Temp\EAD38EA.exe
C:\Users\Marian\AppData\Local\Temp\EAD3957.exe
C:\Users\Marian\AppData\Local\Temp\EAD3958.exe
C:\Users\Marian\AppData\Local\Temp\EAD3967.exe
C:\Users\Marian\AppData\Local\Temp\EAD3986.exe
C:\Users\Marian\AppData\Local\Temp\EAD39C4.exe
C:\Users\Marian\AppData\Local\Temp\EAD39C5.exe
C:\Users\Marian\AppData\Local\Temp\EAD3A03.exe
C:\Users\Marian\AppData\Local\Temp\EAD3A41.exe
C:\Users\Marian\AppData\Local\Temp\EAD3A70.exe
C:\Users\Marian\AppData\Local\Temp\EAD3AED.exe
C:\Users\Marian\AppData\Local\Temp\EAD3AFC.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B3B.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B4A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B5A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B5B.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B79.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B98.exe
C:\Users\Marian\AppData\Local\Temp\EAD3BA8.exe
C:\Users\Marian\AppData\Local\Temp\EAD3BD7.exe
C:\Users\Marian\AppData\Local\Temp\EAD3BD8.exe
C:\Users\Marian\AppData\Local\Temp\EAD3C06.exe
C:\Users\Marian\AppData\Local\Temp\EAD3C34.exe
C:\Users\Marian\AppData\Local\Temp\EAD3C73.exe
C:\Users\Marian\AppData\Local\Temp\EAD3CA2.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D0F.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D2E.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D3E.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D6.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD3DE9.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E37.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E47.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E76.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E85.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E86.exe
C:\Users\Marian\AppData\Local\Temp\EAD3EA4.exe
C:\Users\Marian\AppData\Local\Temp\EAD3EB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD3ED4.exe
C:\Users\Marian\AppData\Local\Temp\EAD3F21.exe
C:\Users\Marian\AppData\Local\Temp\EAD3F31.exe
C:\Users\Marian\AppData\Local\Temp\EAD3FAE.exe
C:\Users\Marian\AppData\Local\Temp\EAD3FDC.exe
C:\Users\Marian\AppData\Local\Temp\EAD3FEC.exe
C:\Users\Marian\AppData\Local\Temp\EAD4059.exe
C:\Users\Marian\AppData\Local\Temp\EAD4078.exe
C:\Users\Marian\AppData\Local\Temp\EAD4098.exe
C:\Users\Marian\AppData\Local\Temp\EAD40B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD40B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD4105.exe
C:\Users\Marian\AppData\Local\Temp\EAD4124.exe
C:\Users\Marian\AppData\Local\Temp\EAD4134.exe
C:\Users\Marian\AppData\Local\Temp\EAD415.exe
C:\Users\Marian\AppData\Local\Temp\EAD4153.exe
C:\Users\Marian\AppData\Local\Temp\EAD4162.exe
C:\Users\Marian\AppData\Local\Temp\EAD4182.exe
C:\Users\Marian\AppData\Local\Temp\EAD41B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD41B1.exe
C:\Users\Marian\AppData\Local\Temp\EAD41B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD41C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD41D0.exe
C:\Users\Marian\AppData\Local\Temp\EAD41D1.exe
C:\Users\Marian\AppData\Local\Temp\EAD41DF.exe
C:\Users\Marian\AppData\Local\Temp\EAD41FE.exe
C:\Users\Marian\AppData\Local\Temp\EAD429A.exe
C:\Users\Marian\AppData\Local\Temp\EAD42BA.exe
C:\Users\Marian\AppData\Local\Temp\EAD42C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD42E8.exe
C:\Users\Marian\AppData\Local\Temp\EAD4308.exe
C:\Users\Marian\AppData\Local\Temp\EAD434.exe
C:\Users\Marian\AppData\Local\Temp\EAD435.exe
C:\Users\Marian\AppData\Local\Temp\EAD4375.exe
C:\Users\Marian\AppData\Local\Temp\EAD43B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD43B4.exe
C:\Users\Marian\AppData\Local\Temp\EAD43E2.exe
C:\Users\Marian\AppData\Local\Temp\EAD444.exe
C:\Users\Marian\AppData\Local\Temp\EAD445.exe
C:\Users\Marian\AppData\Local\Temp\EAD445F.exe
C:\Users\Marian\AppData\Local\Temp\EAD449D.exe
C:\Users\Marian\AppData\Local\Temp\EAD44AD.exe
C:\Users\Marian\AppData\Local\Temp\EAD44AE.exe
C:\Users\Marian\AppData\Local\Temp\EAD44BC.exe
C:\Users\Marian\AppData\Local\Temp\EAD44CC.exe
C:\Users\Marian\AppData\Local\Temp\EAD450A.exe
C:\Users\Marian\AppData\Local\Temp\EAD452A.exe
C:\Users\Marian\AppData\Local\Temp\EAD452B.exe
C:\Users\Marian\AppData\Local\Temp\EAD453.exe
C:\Users\Marian\AppData\Local\Temp\EAD4597.exe
C:\Users\Marian\AppData\Local\Temp\EAD45E5.exe
C:\Users\Marian\AppData\Local\Temp\EAD4614.exe
C:\Users\Marian\AppData\Local\Temp\EAD463.exe
C:\Users\Marian\AppData\Local\Temp\EAD4633.exe
C:\Users\Marian\AppData\Local\Temp\EAD4634.exe
C:\Users\Marian\AppData\Local\Temp\EAD46A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD46DE.exe
C:\Users\Marian\AppData\Local\Temp\EAD472.exe
C:\Users\Marian\AppData\Local\Temp\EAD473C.exe
C:\Users\Marian\AppData\Local\Temp\EAD475B.exe
C:\Users\Marian\AppData\Local\Temp\EAD476B.exe
C:\Users\Marian\AppData\Local\Temp\EAD478A.exe
C:\Users\Marian\AppData\Local\Temp\EAD4807.exe
C:\Users\Marian\AppData\Local\Temp\EAD482.exe
C:\Users\Marian\AppData\Local\Temp\EAD4826.exe
C:\Users\Marian\AppData\Local\Temp\EAD4836.exe
C:\Users\Marian\AppData\Local\Temp\EAD4845.exe
C:\Users\Marian\AppData\Local\Temp\EAD4884.exe
C:\Users\Marian\AppData\Local\Temp\EAD4910.exe
C:\Users\Marian\AppData\Local\Temp\EAD495E.exe
C:\Users\Marian\AppData\Local\Temp\EAD496E.exe
C:\Users\Marian\AppData\Local\Temp\EAD499C.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A19.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A1A.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A29.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A48.exe
C:\Users\Marian\AppData\Local\Temp\EAD4AA6.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B1.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B13.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B61.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B90.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BAF.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BBE.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BBF.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BC0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BCE.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BED.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BFD.exe
C:\Users\Marian\AppData\Local\Temp\EAD4C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4C99.exe
C:\Users\Marian\AppData\Local\Temp\EAD4CC8.exe
C:\Users\Marian\AppData\Local\Temp\EAD4CE7.exe
C:\Users\Marian\AppData\Local\Temp\EAD4D44.exe
C:\Users\Marian\AppData\Local\Temp\EAD4D54.exe
C:\Users\Marian\AppData\Local\Temp\EAD4D64.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DC1.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DF0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DF1.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DF2.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E00.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E2E.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E2F.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E8C.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EBB.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EBC.exe
C:\Users\Marian\AppData\Local\Temp\EAD4ECA.exe
C:\Users\Marian\AppData\Local\Temp\EAD4ECB.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EDA.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EEA.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EEB.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EF.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F18.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F38.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F47.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F66.exe
C:\Users\Marian\AppData\Local\Temp\EAD4FA5.exe
C:\Users\Marian\AppData\Local\Temp\EAD4FB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD5002.exe
C:\Users\Marian\AppData\Local\Temp\EAD5022.exe
C:\Users\Marian\AppData\Local\Temp\EAD5050.exe
C:\Users\Marian\AppData\Local\Temp\EAD509E.exe
C:\Users\Marian\AppData\Local\Temp\EAD50CD.exe
C:\Users\Marian\AppData\Local\Temp\EAD50EC.exe
C:\Users\Marian\AppData\Local\Temp\EAD50FC.exe
C:\Users\Marian\AppData\Local\Temp\EAD510C.exe
C:\Users\Marian\AppData\Local\Temp\EAD511B.exe
C:\Users\Marian\AppData\Local\Temp\EAD513A.exe
C:\Users\Marian\AppData\Local\Temp\EAD5169.exe
C:\Users\Marian\AppData\Local\Temp\EAD5188.exe
C:\Users\Marian\AppData\Local\Temp\EAD51A8.exe
C:\Users\Marian\AppData\Local\Temp\EAD51B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD51B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD51E6.exe
C:\Users\Marian\AppData\Local\Temp\EAD5205.exe
C:\Users\Marian\AppData\Local\Temp\EAD5282.exe
C:\Users\Marian\AppData\Local\Temp\EAD5292.exe
C:\Users\Marian\AppData\Local\Temp\EAD52A1.exe
C:\Users\Marian\AppData\Local\Temp\EAD52E.exe
C:\Users\Marian\AppData\Local\Temp\EAD52E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD52EF.exe
C:\Users\Marian\AppData\Local\Temp\EAD52F.exe
C:\Users\Marian\AppData\Local\Temp\EAD52F0.exe
C:\Users\Marian\AppData\Local\Temp\EAD531E.exe
C:\Users\Marian\AppData\Local\Temp\EAD534D.exe
C:\Users\Marian\AppData\Local\Temp\EAD535C.exe
C:\Users\Marian\AppData\Local\Temp\EAD535D.exe
C:\Users\Marian\AppData\Local\Temp\EAD537C.exe
C:\Users\Marian\AppData\Local\Temp\EAD539B.exe
C:\Users\Marian\AppData\Local\Temp\EAD53AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD53D.exe
C:\Users\Marian\AppData\Local\Temp\EAD53D9.exe
C:\Users\Marian\AppData\Local\Temp\EAD53E9.exe
C:\Users\Marian\AppData\Local\Temp\EAD5408.exe
C:\Users\Marian\AppData\Local\Temp\EAD5418.exe
C:\Users\Marian\AppData\Local\Temp\EAD5419.exe
C:\Users\Marian\AppData\Local\Temp\EAD5427.exe
C:\Users\Marian\AppData\Local\Temp\EAD5466.exe
C:\Users\Marian\AppData\Local\Temp\EAD54C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD5550.exe
C:\Users\Marian\AppData\Local\Temp\EAD556F.exe
C:\Users\Marian\AppData\Local\Temp\EAD558E.exe
C:\Users\Marian\AppData\Local\Temp\EAD55AD.exe
C:\Users\Marian\AppData\Local\Temp\EAD55DC.exe
C:\Users\Marian\AppData\Local\Temp\EAD55FB.exe
C:\Users\Marian\AppData\Local\Temp\EAD562A.exe
C:\Users\Marian\AppData\Local\Temp\EAD5678.exe
C:\Users\Marian\AppData\Local\Temp\EAD5679.exe
C:\Users\Marian\AppData\Local\Temp\EAD5697.exe
C:\Users\Marian\AppData\Local\Temp\EAD5698.exe
C:\Users\Marian\AppData\Local\Temp\EAD56C6.exe
C:\Users\Marian\AppData\Local\Temp\EAD56F5.exe
C:\Users\Marian\AppData\Local\Temp\EAD5704.exe
C:\Users\Marian\AppData\Local\Temp\EAD5743.exe
C:\Users\Marian\AppData\Local\Temp\EAD5772.exe
C:\Users\Marian\AppData\Local\Temp\EAD57B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD57EE.exe
C:\Users\Marian\AppData\Local\Temp\EAD57FE.exe
C:\Users\Marian\AppData\Local\Temp\EAD582D.exe
C:\Users\Marian\AppData\Local\Temp\EAD584C.exe
C:\Users\Marian\AppData\Local\Temp\EAD588A.exe
C:\Users\Marian\AppData\Local\Temp\EAD589A.exe
C:\Users\Marian\AppData\Local\Temp\EAD58C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD5907.exe
C:\Users\Marian\AppData\Local\Temp\EAD5908.exe
C:\Users\Marian\AppData\Local\Temp\EAD5965.exe
C:\Users\Marian\AppData\Local\Temp\EAD5994.exe
C:\Users\Marian\AppData\Local\Temp\EAD59A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD59A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD59B.exe
C:\Users\Marian\AppData\Local\Temp\EAD59C2.exe
C:\Users\Marian\AppData\Local\Temp\EAD59C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A01.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A30.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A3F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A40.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A4F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A6E.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A8D.exe
C:\Users\Marian\AppData\Local\Temp\EAD5AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5AB.exe
C:\Users\Marian\AppData\Local\Temp\EAD5B39.exe
C:\Users\Marian\AppData\Local\Temp\EAD5B58.exe
C:\Users\Marian\AppData\Local\Temp\EAD5B59.exe
C:\Users\Marian\AppData\Local\Temp\EAD5BC5.exe
C:\Users\Marian\AppData\Local\Temp\EAD5C32.exe
C:\Users\Marian\AppData\Local\Temp\EAD5C71.exe
C:\Users\Marian\AppData\Local\Temp\EAD5C80.exe
C:\Users\Marian\AppData\Local\Temp\EAD5D2C.exe
C:\Users\Marian\AppData\Local\Temp\EAD5D4B.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DA9.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DC8.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DD8.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DF7.exe
C:\Users\Marian\AppData\Local\Temp\EAD5EC2.exe
C:\Users\Marian\AppData\Local\Temp\EAD5ED1.exe
C:\Users\Marian\AppData\Local\Temp\EAD5ED2.exe
C:\Users\Marian\AppData\Local\Temp\EAD5EE1.exe
C:\Users\Marian\AppData\Local\Temp\EAD5EF0.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F1F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F20.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F2F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F3E.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F5E.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F7D.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F9C.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FCB.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FDA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FEA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FFA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FFB.exe
C:\Users\Marian\AppData\Local\Temp\EAD6009.exe
C:\Users\Marian\AppData\Local\Temp\EAD6028.exe
C:\Users\Marian\AppData\Local\Temp\EAD6057.exe
C:\Users\Marian\AppData\Local\Temp\EAD6076.exe
C:\Users\Marian\AppData\Local\Temp\EAD6132.exe
C:\Users\Marian\AppData\Local\Temp\EAD6151.exe
C:\Users\Marian\AppData\Local\Temp\EAD6160.exe
C:\Users\Marian\AppData\Local\Temp\EAD61FC.exe
C:\Users\Marian\AppData\Local\Temp\EAD621C.exe
C:\Users\Marian\AppData\Local\Temp\EAD626A.exe
C:\Users\Marian\AppData\Local\Temp\EAD626B.exe
C:\Users\Marian\AppData\Local\Temp\EAD627.exe
C:\Users\Marian\AppData\Local\Temp\EAD6298.exe
C:\Users\Marian\AppData\Local\Temp\EAD62B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD62D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD62E6.exe
C:\Users\Marian\AppData\Local\Temp\EAD62F6.exe
C:\Users\Marian\AppData\Local\Temp\EAD6306.exe
C:\Users\Marian\AppData\Local\Temp\EAD6307.exe
C:\Users\Marian\AppData\Local\Temp\EAD6325.exe
C:\Users\Marian\AppData\Local\Temp\EAD6354.exe
C:\Users\Marian\AppData\Local\Temp\EAD637.exe
C:\Users\Marian\AppData\Local\Temp\EAD63A2.exe
C:\Users\Marian\AppData\Local\Temp\EAD63E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD63E1.exe
C:\Users\Marian\AppData\Local\Temp\EAD63F0.exe
C:\Users\Marian\AppData\Local\Temp\EAD63FF.exe
C:\Users\Marian\AppData\Local\Temp\EAD641E.exe
C:\Users\Marian\AppData\Local\Temp\EAD647C.exe
C:\Users\Marian\AppData\Local\Temp\EAD649B.exe
C:\Users\Marian\AppData\Local\Temp\EAD64CA.exe
C:\Users\Marian\AppData\Local\Temp\EAD6518.exe
C:\Users\Marian\AppData\Local\Temp\EAD6537.exe
C:\Users\Marian\AppData\Local\Temp\EAD6566.exe
C:\Users\Marian\AppData\Local\Temp\EAD6595.exe
C:\Users\Marian\AppData\Local\Temp\EAD6596.exe
C:\Users\Marian\AppData\Local\Temp\EAD65A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD6612.exe
C:\Users\Marian\AppData\Local\Temp\EAD6631.exe
C:\Users\Marian\AppData\Local\Temp\EAD6632.exe
C:\Users\Marian\AppData\Local\Temp\EAD666.exe
C:\Users\Marian\AppData\Local\Temp\EAD667F.exe
C:\Users\Marian\AppData\Local\Temp\EAD672A.exe
C:\Users\Marian\AppData\Local\Temp\EAD673A.exe
C:\Users\Marian\AppData\Local\Temp\EAD6759.exe
C:\Users\Marian\AppData\Local\Temp\EAD6769.exe
C:\Users\Marian\AppData\Local\Temp\EAD6788.exe
C:\Users\Marian\AppData\Local\Temp\EAD6789.exe
C:\Users\Marian\AppData\Local\Temp\EAD678A.exe
C:\Users\Marian\AppData\Local\Temp\EAD67B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD67C6.exe
C:\Users\Marian\AppData\Local\Temp\EAD6805.exe
C:\Users\Marian\AppData\Local\Temp\EAD6806.exe
C:\Users\Marian\AppData\Local\Temp\EAD6824.exe
C:\Users\Marian\AppData\Local\Temp\EAD685.exe
C:\Users\Marian\AppData\Local\Temp\EAD686.exe
C:\Users\Marian\AppData\Local\Temp\EAD6862.exe
C:\Users\Marian\AppData\Local\Temp\EAD687.exe
C:\Users\Marian\AppData\Local\Temp\EAD6891.exe
C:\Users\Marian\AppData\Local\Temp\EAD68B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD68B1.exe
C:\Users\Marian\AppData\Local\Temp\EAD68EF.exe
C:\Users\Marian\AppData\Local\Temp\EAD695C.exe
C:\Users\Marian\AppData\Local\Temp\EAD697B.exe
C:\Users\Marian\AppData\Local\Temp\EAD698B.exe
C:\Users\Marian\AppData\Local\Temp\EAD698C.exe
C:\Users\Marian\AppData\Local\Temp\EAD69AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD69C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD69F8.exe
C:\Users\Marian\AppData\Local\Temp\EAD6A65.exe
C:\Users\Marian\AppData\Local\Temp\EAD6AE2.exe
C:\Users\Marian\AppData\Local\Temp\EAD6AF2.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B11.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B4.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B40.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B41.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B5F.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B60.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B6E.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B9D.exe
C:\Users\Marian\AppData\Local\Temp\EAD6BAD.exe
C:\Users\Marian\AppData\Local\Temp\EAD6BEB.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C39.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C78.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C79.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D04.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D23.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D81.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D90.exe
C:\Users\Marian\AppData\Local\Temp\EAD6DBF.exe
C:\Users\Marian\AppData\Local\Temp\EAD6E2D.exe
C:\Users\Marian\AppData\Local\Temp\EAD6E3C.exe
C:\Users\Marian\AppData\Local\Temp\EAD6EB9.exe
C:\Users\Marian\AppData\Local\Temp\EAD6EC9.exe
C:\Users\Marian\AppData\Local\Temp\EAD6ECA.exe
C:\Users\Marian\AppData\Local\Temp\EAD6EE8.exe
C:\Users\Marian\AppData\Local\Temp\EAD6F26.exe
C:\Users\Marian\AppData\Local\Temp\EAD6F27.exe
C:\Users\Marian\AppData\Local\Temp\EAD6FB3.exe
C:\Users\Marian\AppData\Local\Temp\EAD6FD2.exe
C:\Users\Marian\AppData\Local\Temp\EAD705E.exe
C:\Users\Marian\AppData\Local\Temp\EAD706E.exe
C:\Users\Marian\AppData\Local\Temp\EAD70EB.exe
C:\Users\Marian\AppData\Local\Temp\EAD710A.exe
C:\Users\Marian\AppData\Local\Temp\EAD710B.exe
C:\Users\Marian\AppData\Local\Temp\EAD711.exe
C:\Users\Marian\AppData\Local\Temp\EAD7119.exe
C:\Users\Marian\AppData\Local\Temp\EAD7148.exe
C:\Users\Marian\AppData\Local\Temp\EAD7158.exe
C:\Users\Marian\AppData\Local\Temp\EAD7177.exe
C:\Users\Marian\AppData\Local\Temp\EAD71E4.exe
C:\Users\Marian\AppData\Local\Temp\EAD721.exe
C:\Users\Marian\AppData\Local\Temp\EAD7280.exe
C:\Users\Marian\AppData\Local\Temp\EAD72AF.exe
C:\Users\Marian\AppData\Local\Temp\EAD733B.exe
C:\Users\Marian\AppData\Local\Temp\EAD734B.exe
C:\Users\Marian\AppData\Local\Temp\EAD736A.exe
C:\Users\Marian\AppData\Local\Temp\EAD73A9.exe
C:\Users\Marian\AppData\Local\Temp\EAD73B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD73D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD7416.exe
C:\Users\Marian\AppData\Local\Temp\EAD7445.exe
C:\Users\Marian\AppData\Local\Temp\EAD7454.exe
C:\Users\Marian\AppData\Local\Temp\EAD74B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD755D.exe
C:\Users\Marian\AppData\Local\Temp\EAD75F.exe
C:\Users\Marian\AppData\Local\Temp\EAD75F9.exe
C:\Users\Marian\AppData\Local\Temp\EAD75FA.exe
C:\Users\Marian\AppData\Local\Temp\EAD7638.exe
C:\Users\Marian\AppData\Local\Temp\EAD7647.exe
C:\Users\Marian\AppData\Local\Temp\EAD7667.exe
C:\Users\Marian\AppData\Local\Temp\EAD76B5.exe
C:\Users\Marian\AppData\Local\Temp\EAD76B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD76E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD7741.exe
C:\Users\Marian\AppData\Local\Temp\EAD7760.exe
C:\Users\Marian\AppData\Local\Temp\EAD77E.exe
C:\Users\Marian\AppData\Local\Temp\EAD783B.exe
C:\Users\Marian\AppData\Local\Temp\EAD7879.exe
C:\Users\Marian\AppData\Local\Temp\EAD7915.exe
C:\Users\Marian\AppData\Local\Temp\EAD7953.exe
C:\Users\Marian\AppData\Local\Temp\EAD7992.exe
C:\Users\Marian\AppData\Local\Temp\EAD79FF.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A3D.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A6C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A7D.exe
C:\Users\Marian\AppData\Local\Temp\EAD7AAB.exe
C:\Users\Marian\AppData\Local\Temp\EAD7ABA.exe
C:\Users\Marian\AppData\Local\Temp\EAD7ABB.exe
C:\Users\Marian\AppData\Local\Temp\EAD7ABC.exe
C:\Users\Marian\AppData\Local\Temp\EAD7B37.exe
C:\Users\Marian\AppData\Local\Temp\EAD7B47.exe
C:\Users\Marian\AppData\Local\Temp\EAD7B85.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BB5.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BD3.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BD4.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BF2.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C21.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C5F.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C6F.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C8E.exe
C:\Users\Marian\AppData\Local\Temp\EAD7CEC.exe
C:\Users\Marian\AppData\Local\Temp\EAD7D59.exe
C:\Users\Marian\AppData\Local\Temp\EAD7D78.exe
C:\Users\Marian\AppData\Local\Temp\EAD7DC.exe
C:\Users\Marian\AppData\Local\Temp\EAD7E05.exe
C:\Users\Marian\AppData\Local\Temp\EAD7E53.exe
C:\Users\Marian\AppData\Local\Temp\EAD7EB0.exe
C:\Users\Marian\AppData\Local\Temp\EAD7F5C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7F6B.exe
C:\Users\Marian\AppData\Local\Temp\EAD7FF8.exe
C:\Users\Marian\AppData\Local\Temp\EAD8055.exe
C:\Users\Marian\AppData\Local\Temp\EAD8075.exe
C:\Users\Marian\AppData\Local\Temp\EAD8094.exe
C:\Users\Marian\AppData\Local\Temp\EAD80B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD80D2.exe
C:\Users\Marian\AppData\Local\Temp\EAD80D3.exe
C:\Users\Marian\AppData\Local\Temp\EAD8130.exe
C:\Users\Marian\AppData\Local\Temp\EAD813F.exe
C:\Users\Marian\AppData\Local\Temp\EAD814F.exe
C:\Users\Marian\AppData\Local\Temp\EAD8239.exe
C:\Users\Marian\AppData\Local\Temp\EAD82B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD82B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD82F4.exe
C:\Users\Marian\AppData\Local\Temp\EAD8313.exe
C:\Users\Marian\AppData\Local\Temp\EAD8323.exe
C:\Users\Marian\AppData\Local\Temp\EAD8333.exe
C:\Users\Marian\AppData\Local\Temp\EAD8334.exe
C:\Users\Marian\AppData\Local\Temp\EAD8361.exe
C:\Users\Marian\AppData\Local\Temp\EAD8371.exe
C:\Users\Marian\AppData\Local\Temp\EAD83A.exe
C:\Users\Marian\AppData\Local\Temp\EAD83B.exe
C:\Users\Marian\AppData\Local\Temp\EAD83CF.exe
C:\Users\Marian\AppData\Local\Temp\EAD83D0.exe
C:\Users\Marian\AppData\Local\Temp\EAD844B.exe
C:\Users\Marian\AppData\Local\Temp\EAD846B.exe
C:\Users\Marian\AppData\Local\Temp\EAD8564.exe
C:\Users\Marian\AppData\Local\Temp\EAD85A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD85A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD85B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD8600.exe
C:\Users\Marian\AppData\Local\Temp\EAD8610.exe
C:\Users\Marian\AppData\Local\Temp\EAD863F.exe
C:\Users\Marian\AppData\Local\Temp\EAD868.exe
C:\Users\Marian\AppData\Local\Temp\EAD86EA.exe
C:\Users\Marian\AppData\Local\Temp\EAD8709.exe
C:\Users\Marian\AppData\Local\Temp\EAD8757.exe
C:\Users\Marian\AppData\Local\Temp\EAD87F3.exe
C:\Users\Marian\AppData\Local\Temp\EAD8832.exe
C:\Users\Marian\AppData\Local\Temp\EAD8841.exe
C:\Users\Marian\AppData\Local\Temp\EAD8870.exe
C:\Users\Marian\AppData\Local\Temp\EAD8871.exe
C:\Users\Marian\AppData\Local\Temp\EAD8872.exe
C:\Users\Marian\AppData\Local\Temp\EAD88CE.exe
C:\Users\Marian\AppData\Local\Temp\EAD891C.exe
C:\Users\Marian\AppData\Local\Temp\EAD894B.exe
C:\Users\Marian\AppData\Local\Temp\EAD897.exe
C:\Users\Marian\AppData\Local\Temp\EAD8989.exe
C:\Users\Marian\AppData\Local\Temp\EAD89A8.exe
C:\Users\Marian\AppData\Local\Temp\EAD89C7.exe
C:\Users\Marian\AppData\Local\Temp\EAD89D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD89D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD89F6.exe
C:\Users\Marian\AppData\Local\Temp\EAD8A92.exe
C:\Users\Marian\AppData\Local\Temp\EAD8A93.exe
C:\Users\Marian\AppData\Local\Temp\EAD8AF0.exe
C:\Users\Marian\AppData\Local\Temp\EAD8AF1.exe
C:\Users\Marian\AppData\Local\Temp\EAD8B0F.exe
C:\Users\Marian\AppData\Local\Temp\EAD8B7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD8B8C.exe
C:\Users\Marian\AppData\Local\Temp\EAD8BBB.exe
C:\Users\Marian\AppData\Local\Temp\EAD8BBC.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C28.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C57.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C58.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C59.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C66.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C85.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CA5.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CC4.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CD3.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CD4.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D31.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D41.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D50.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D7F.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E0B.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E2B.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E3A.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E5.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E98.exe
C:\Users\Marian\AppData\Local\Temp\EAD8EC7.exe
C:\Users\Marian\AppData\Local\Temp\EAD8F05.exe
C:\Users\Marian\AppData\Local\Temp\EAD8F15.exe
C:\Users\Marian\AppData\Local\Temp\EAD8F24.exe
C:\Users\Marian\AppData\Local\Temp\EAD8FD0.exe
C:\Users\Marian\AppData\Local\Temp\EAD8FFF.exe
C:\Users\Marian\AppData\Local\Temp\EAD9000.exe
C:\Users\Marian\AppData\Local\Temp\EAD900E.exe
C:\Users\Marian\AppData\Local\Temp\EAD905C.exe
C:\Users\Marian\AppData\Local\Temp\EAD906C.exe
C:\Users\Marian\AppData\Local\Temp\EAD90F8.exe
C:\Users\Marian\AppData\Local\Temp\EAD9117.exe
C:\Users\Marian\AppData\Local\Temp\EAD9137.exe
C:\Users\Marian\AppData\Local\Temp\EAD9138.exe
C:\Users\Marian\AppData\Local\Temp\EAD914.exe
C:\Users\Marian\AppData\Local\Temp\EAD9156.exe
C:\Users\Marian\AppData\Local\Temp\EAD9165.exe
C:\Users\Marian\AppData\Local\Temp\EAD91A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD91A5.exe
C:\Users\Marian\AppData\Local\Temp\EAD924.exe
C:\Users\Marian\AppData\Local\Temp\EAD928E.exe
C:\Users\Marian\AppData\Local\Temp\EAD929D.exe
C:\Users\Marian\AppData\Local\Temp\EAD932A.exe
C:\Users\Marian\AppData\Local\Temp\EAD933.exe
C:\Users\Marian\AppData\Local\Temp\EAD9349.exe
C:\Users\Marian\AppData\Local\Temp\EAD934A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9359.exe
C:\Users\Marian\AppData\Local\Temp\EAD9368.exe
C:\Users\Marian\AppData\Local\Temp\EAD9397.exe
C:\Users\Marian\AppData\Local\Temp\EAD9404.exe
C:\Users\Marian\AppData\Local\Temp\EAD9405.exe
C:\Users\Marian\AppData\Local\Temp\EAD9423.exe
C:\Users\Marian\AppData\Local\Temp\EAD9471.exe
C:\Users\Marian\AppData\Local\Temp\EAD9491.exe
C:\Users\Marian\AppData\Local\Temp\EAD94A0.exe
C:\Users\Marian\AppData\Local\Temp\EAD94BF.exe
C:\Users\Marian\AppData\Local\Temp\EAD94C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD94CF.exe
C:\Users\Marian\AppData\Local\Temp\EAD94EE.exe
C:\Users\Marian\AppData\Local\Temp\EAD952.exe
C:\Users\Marian\AppData\Local\Temp\EAD955B.exe
C:\Users\Marian\AppData\Local\Temp\EAD958A.exe
C:\Users\Marian\AppData\Local\Temp\EAD958B.exe
C:\Users\Marian\AppData\Local\Temp\EAD959A.exe
C:\Users\Marian\AppData\Local\Temp\EAD95C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD95E8.exe
C:\Users\Marian\AppData\Local\Temp\EAD95E9.exe
C:\Users\Marian\AppData\Local\Temp\EAD9617.exe
C:\Users\Marian\AppData\Local\Temp\EAD962.exe
C:\Users\Marian\AppData\Local\Temp\EAD9626.exe
C:\Users\Marian\AppData\Local\Temp\EAD9636.exe
C:\Users\Marian\AppData\Local\Temp\EAD9637.exe
C:\Users\Marian\AppData\Local\Temp\EAD96B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD96D2.exe
C:\Users\Marian\AppData\Local\Temp\EAD9710.exe
C:\Users\Marian\AppData\Local\Temp\EAD972.exe
C:\Users\Marian\AppData\Local\Temp\EAD974F.exe
C:\Users\Marian\AppData\Local\Temp\EAD977D.exe
C:\Users\Marian\AppData\Local\Temp\EAD978D.exe
C:\Users\Marian\AppData\Local\Temp\EAD97BC.exe
C:\Users\Marian\AppData\Local\Temp\EAD97DB.exe
C:\Users\Marian\AppData\Local\Temp\EAD980A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9819.exe
C:\Users\Marian\AppData\Local\Temp\EAD9839.exe
C:\Users\Marian\AppData\Local\Temp\EAD9858.exe
C:\Users\Marian\AppData\Local\Temp\EAD9877.exe
C:\Users\Marian\AppData\Local\Temp\EAD9961.exe
C:\Users\Marian\AppData\Local\Temp\EAD9971.exe
C:\Users\Marian\AppData\Local\Temp\EAD999F.exe
C:\Users\Marian\AppData\Local\Temp\EAD99DE.exe
C:\Users\Marian\AppData\Local\Temp\EAD99ED.exe
C:\Users\Marian\AppData\Local\Temp\EAD9A7A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9B54.exe
C:\Users\Marian\AppData\Local\Temp\EAD9B55.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C0F.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C1.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C10.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C3E.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C3F.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C5D.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C7D.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C9C.exe
C:\Users\Marian\AppData\Local\Temp\EAD9CCB.exe
C:\Users\Marian\AppData\Local\Temp\EAD9CF9.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D38.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D39.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D76.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D86.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D87.exe
C:\Users\Marian\AppData\Local\Temp\EAD9DE3.exe
C:\Users\Marian\AppData\Local\Temp\EAD9DF3.exe
C:\Users\Marian\AppData\Local\Temp\EAD9E12.exe
C:\Users\Marian\AppData\Local\Temp\EAD9E9F.exe
C:\Users\Marian\AppData\Local\Temp\EAD9ECD.exe
C:\Users\Marian\AppData\Local\Temp\EAD9F2B.exe
C:\Users\Marian\AppData\Local\Temp\EAD9F5A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9F89.exe
C:\Users\Marian\AppData\Local\Temp\EAD9FA8.exe
C:\Users\Marian\AppData\Local\Temp\EAD9FD7.exe
C:\Users\Marian\AppData\Local\Temp\EADA025.exe
C:\Users\Marian\AppData\Local\Temp\EADA10F.exe
C:\Users\Marian\AppData\Local\Temp\EADA13D.exe
C:\Users\Marian\AppData\Local\Temp\EADA16C.exe
C:\Users\Marian\AppData\Local\Temp\EADA17C.exe
C:\Users\Marian\AppData\Local\Temp\EADA19B.exe
C:\Users\Marian\AppData\Local\Temp\EADA1D.exe
C:\Users\Marian\AppData\Local\Temp\EADA1D9.exe
C:\Users\Marian\AppData\Local\Temp\EADA218.exe
C:\Users\Marian\AppData\Local\Temp\EADA285.exe
C:\Users\Marian\AppData\Local\Temp\EADA295.exe
C:\Users\Marian\AppData\Local\Temp\EADA2F2.exe
C:\Users\Marian\AppData\Local\Temp\EADA350.exe
C:\Users\Marian\AppData\Local\Temp\EADA3BD.exe
C:\Users\Marian\AppData\Local\Temp\EADA3EC.exe
C:\Users\Marian\AppData\Local\Temp\EADA43A.exe
C:\Users\Marian\AppData\Local\Temp\EADA459.exe
C:\Users\Marian\AppData\Local\Temp\EADA4D6.exe
C:\Users\Marian\AppData\Local\Temp\EADA4E5.exe
C:\Users\Marian\AppData\Local\Temp\EADA533.exe
C:\Users\Marian\AppData\Local\Temp\EADA572.exe
C:\Users\Marian\AppData\Local\Temp\EADA5B0.exe
C:\Users\Marian\AppData\Local\Temp\EADA68B.exe
C:\Users\Marian\AppData\Local\Temp\EADA811.exe
C:\Users\Marian\AppData\Local\Temp\EADA929.exe
C:\Users\Marian\AppData\Local\Temp\EADA9B6.exe
C:\Users\Marian\AppData\Local\Temp\EADA9B7.exe
C:\Users\Marian\AppData\Local\Temp\EADA9F4.exe
C:\Users\Marian\AppData\Local\Temp\EADAA33.exe
C:\Users\Marian\AppData\Local\Temp\EADAA34.exe
C:\Users\Marian\AppData\Local\Temp\EADAAA.exe
C:\Users\Marian\AppData\Local\Temp\EADAABF.exe
C:\Users\Marian\AppData\Local\Temp\EADAAC0.exe
C:\Users\Marian\AppData\Local\Temp\EADAB.exe
C:\Users\Marian\AppData\Local\Temp\EADAB8A.exe
C:\Users\Marian\AppData\Local\Temp\EADAB99.exe
C:\Users\Marian\AppData\Local\Temp\EADAC16.exe
C:\Users\Marian\AppData\Local\Temp\EADAC45.exe
C:\Users\Marian\AppData\Local\Temp\EADAC55.exe
C:\Users\Marian\AppData\Local\Temp\EADAC93.exe
C:\Users\Marian\AppData\Local\Temp\EADAD00.exe
C:\Users\Marian\AppData\Local\Temp\EADAD01.exe
C:\Users\Marian\AppData\Local\Temp\EADAD2F.exe
C:\Users\Marian\AppData\Local\Temp\EADAD3F.exe
C:\Users\Marian\AppData\Local\Temp\EADAD8.exe
C:\Users\Marian\AppData\Local\Temp\EADAD8D.exe
C:\Users\Marian\AppData\Local\Temp\EADAD9C.exe
C:\Users\Marian\AppData\Local\Temp\EADAE19.exe
C:\Users\Marian\AppData\Local\Temp\EADAE48.exe
C:\Users\Marian\AppData\Local\Temp\EADAEA6.exe
C:\Users\Marian\AppData\Local\Temp\EADAEE4.exe
C:\Users\Marian\AppData\Local\Temp\EADAF41.exe
C:\Users\Marian\AppData\Local\Temp\EADAF51.exe
C:\Users\Marian\AppData\Local\Temp\EADAF9F.exe
C:\Users\Marian\AppData\Local\Temp\EADAFAF.exe
C:\Users\Marian\AppData\Local\Temp\EADAFED.exe
C:\Users\Marian\AppData\Local\Temp\EADB079.exe
C:\Users\Marian\AppData\Local\Temp\EADB0A8.exe
C:\Users\Marian\AppData\Local\Temp\EADB0D7.exe
C:\Users\Marian\AppData\Local\Temp\EADB0F6.exe
C:\Users\Marian\AppData\Local\Temp\EADB0F7.exe
C:\Users\Marian\AppData\Local\Temp\EADB135.exe
C:\Users\Marian\AppData\Local\Temp\EADB144.exe
C:\Users\Marian\AppData\Local\Temp\EADB145.exe
C:\Users\Marian\AppData\Local\Temp\EADB17.exe
C:\Users\Marian\AppData\Local\Temp\EADB1D1.exe
C:\Users\Marian\AppData\Local\Temp\EADB1F0.exe
C:\Users\Marian\AppData\Local\Temp\EADB27C.exe
C:\Users\Marian\AppData\Local\Temp\EADB28C.exe
C:\Users\Marian\AppData\Local\Temp\EADB309.exe
C:\Users\Marian\AppData\Local\Temp\EADB319.exe
C:\Users\Marian\AppData\Local\Temp\EADB337.exe
C:\Users\Marian\AppData\Local\Temp\EADB338.exe
C:\Users\Marian\AppData\Local\Temp\EADB402.exe
C:\Users\Marian\AppData\Local\Temp\EADB47F.exe
C:\Users\Marian\AppData\Local\Temp\EADB4AE.exe
C:\Users\Marian\AppData\Local\Temp\EADB4AF.exe
C:\Users\Marian\AppData\Local\Temp\EADB51B.exe
C:\Users\Marian\AppData\Local\Temp\EADB53A.exe
C:\Users\Marian\AppData\Local\Temp\EADB598.exe
C:\Users\Marian\AppData\Local\Temp\EADB5C7.exe
C:\Users\Marian\AppData\Local\Temp\EADB643.exe
C:\Users\Marian\AppData\Local\Temp\EADB65.exe
C:\Users\Marian\AppData\Local\Temp\EADB6D0.exe
C:\Users\Marian\AppData\Local\Temp\EADB6D1.exe
C:\Users\Marian\AppData\Local\Temp\EADB73D.exe
C:\Users\Marian\AppData\Local\Temp\EADB76C.exe
C:\Users\Marian\AppData\Local\Temp\EADB84.exe
C:\Users\Marian\AppData\Local\Temp\EADB85.exe
C:\Users\Marian\AppData\Local\Temp\EADB865.exe
C:\Users\Marian\AppData\Local\Temp\EADB866.exe
C:\Users\Marian\AppData\Local\Temp\EADB894.exe
C:\Users\Marian\AppData\Local\Temp\EADB8C3.exe
C:\Users\Marian\AppData\Local\Temp\EADB95F.exe
C:\Users\Marian\AppData\Local\Temp\EADB96F.exe
C:\Users\Marian\AppData\Local\Temp\EADB99D.exe
C:\Users\Marian\AppData\Local\Temp\EADB9FB.exe
C:\Users\Marian\AppData\Local\Temp\EADBA3.exe
C:\Users\Marian\AppData\Local\Temp\EADBA59.exe
C:\Users\Marian\AppData\Local\Temp\EADBA68.exe
C:\Users\Marian\AppData\Local\Temp\EADBA78.exe
C:\Users\Marian\AppData\Local\Temp\EADBAB6.exe
C:\Users\Marian\AppData\Local\Temp\EADBB14.exe
C:\Users\Marian\AppData\Local\Temp\EADBB91.exe
C:\Users\Marian\AppData\Local\Temp\EADBB92.exe
C:\Users\Marian\AppData\Local\Temp\EADBBA0.exe
C:\Users\Marian\AppData\Local\Temp\EADBBFE.exe
C:\Users\Marian\AppData\Local\Temp\EADBC0D.exe
C:\Users\Marian\AppData\Local\Temp\EADBCA9.exe
C:\Users\Marian\AppData\Local\Temp\EADBCB9.exe
C:\Users\Marian\AppData\Local\Temp\EADBD07.exe
C:\Users\Marian\AppData\Local\Temp\EADBD08.exe
C:\Users\Marian\AppData\Local\Temp\EADBD26.exe
C:\Users\Marian\AppData\Local\Temp\EADBD74.exe
C:\Users\Marian\AppData\Local\Temp\EADBD75.exe
C:\Users\Marian\AppData\Local\Temp\EADBDA3.exe
C:\Users\Marian\AppData\Local\Temp\EADBDF1.exe
C:\Users\Marian\AppData\Local\Temp\EADBE10.exe
C:\Users\Marian\AppData\Local\Temp\EADBE11.exe
C:\Users\Marian\AppData\Local\Temp\EADBE2F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE3F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE6E.exe
C:\Users\Marian\AppData\Local\Temp\EADBE6F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE9D.exe
C:\Users\Marian\AppData\Local\Temp\EADBF0A.exe
C:\Users\Marian\AppData\Local\Temp\EADBF0B.exe
C:\Users\Marian\AppData\Local\Temp\EADBF1.exe
C:\Users\Marian\AppData\Local\Temp\EADBF29.exe
C:\Users\Marian\AppData\Local\Temp\EADBF48.exe
C:\Users\Marian\AppData\Local\Temp\EADBF67.exe
C:\Users\Marian\AppData\Local\Temp\EADBF87.exe
C:\Users\Marian\AppData\Local\Temp\EADBF96.exe
C:\Users\Marian\AppData\Local\Temp\EADBFC5.exe
C:\Users\Marian\AppData\Local\Temp\EADBFD5.exe
C:\Users\Marian\AppData\Local\Temp\EADBFE4.exe
C:\Users\Marian\AppData\Local\Temp\EADBFF4.exe
C:\Users\Marian\AppData\Local\Temp\EADC01.exe
C:\Users\Marian\AppData\Local\Temp\EADC02.exe
C:\Users\Marian\AppData\Local\Temp\EADC023.exe
C:\Users\Marian\AppData\Local\Temp\EADC0DE.exe
C:\Users\Marian\AppData\Local\Temp\EADC0ED.exe
C:\Users\Marian\AppData\Local\Temp\EADC13B.exe
C:\Users\Marian\AppData\Local\Temp\EADC14B.exe
C:\Users\Marian\AppData\Local\Temp\EADC15B.exe
C:\Users\Marian\AppData\Local\Temp\EADC2A2.exe
C:\Users\Marian\AppData\Local\Temp\EADC32F.exe
C:\Users\Marian\AppData\Local\Temp\EADC33E.exe
C:\Users\Marian\AppData\Local\Temp\EADC35D.exe
C:\Users\Marian\AppData\Local\Temp\EADC3AB.exe
C:\Users\Marian\AppData\Local\Temp\EADC467.exe
C:\Users\Marian\AppData\Local\Temp\EADC4A5.exe
C:\Users\Marian\AppData\Local\Temp\EADC4A8.exe
C:\Users\Marian\AppData\Local\Temp\EADC5AE.exe
C:\Users\Marian\AppData\Local\Temp\EADC5ED.exe
C:\Users\Marian\AppData\Local\Temp\EADC5FC.exe
C:\Users\Marian\AppData\Local\Temp\EADC61B.exe
C:\Users\Marian\AppData\Local\Temp\EADC62B.exe
C:\Users\Marian\AppData\Local\Temp\EADC689.exe
C:\Users\Marian\AppData\Local\Temp\EADC763.exe
C:\Users\Marian\AppData\Local\Temp\EADC7A1.exe
C:\Users\Marian\AppData\Local\Temp\EADC80F.exe
C:\Users\Marian\AppData\Local\Temp\EADC81E.exe
C:\Users\Marian\AppData\Local\Temp\EADC81F.exe
C:\Users\Marian\AppData\Local\Temp\EADC83D.exe
C:\Users\Marian\AppData\Local\Temp\EADC84D.exe
C:\Users\Marian\AppData\Local\Temp\EADC87C.exe
C:\Users\Marian\AppData\Local\Temp\EADC8BA.exe
C:\Users\Marian\AppData\Local\Temp\EADC8F9.exe
C:\Users\Marian\AppData\Local\Temp\EADC8FA.exe
C:\Users\Marian\AppData\Local\Temp\EADC947.exe
C:\Users\Marian\AppData\Local\Temp\EADC9B4.exe
C:\Users\Marian\AppData\Local\Temp\EADC9C3.exe
C:\Users\Marian\AppData\Local\Temp\EADC9E3.exe
C:\Users\Marian\AppData\Local\Temp\EADCA.exe
C:\Users\Marian\AppData\Local\Temp\EADCA21.exe
C:\Users\Marian\AppData\Local\Temp\EADCAFB.exe
C:\Users\Marian\AppData\Local\Temp\EADCAFC.exe
C:\Users\Marian\AppData\Local\Temp\EADCB1B.exe
C:\Users\Marian\AppData\Local\Temp\EADCB2A.exe
C:\Users\Marian\AppData\Local\Temp\EADCBC6.exe
C:\Users\Marian\AppData\Local\Temp\EADCBE5.exe
C:\Users\Marian\AppData\Local\Temp\EADCBF5.exe
C:\Users\Marian\AppData\Local\Temp\EADCBF6.exe
C:\Users\Marian\AppData\Local\Temp\EADCC14.exe
C:\Users\Marian\AppData\Local\Temp\EADCC24.exe
C:\Users\Marian\AppData\Local\Temp\EADCCC0.exe
C:\Users\Marian\AppData\Local\Temp\EADCCFE.exe
C:\Users\Marian\AppData\Local\Temp\EADCCFF.exe
C:\Users\Marian\AppData\Local\Temp\EADCD0E.exe
C:\Users\Marian\AppData\Local\Temp\EADCD5C.exe
C:\Users\Marian\AppData\Local\Temp\EADCD8B.exe
C:\Users\Marian\AppData\Local\Temp\EADCDB.exe
C:\Users\Marian\AppData\Local\Temp\EADCDC9.exe
C:\Users\Marian\AppData\Local\Temp\EADCDE8.exe
C:\Users\Marian\AppData\Local\Temp\EADCE17.exe
C:\Users\Marian\AppData\Local\Temp\EADCE27.exe
C:\Users\Marian\AppData\Local\Temp\EADCE28.exe
C:\Users\Marian\AppData\Local\Temp\EADCE46.exe
C:\Users\Marian\AppData\Local\Temp\EADCED2.exe
C:\Users\Marian\AppData\Local\Temp\EADCEE2.exe
C:\Users\Marian\AppData\Local\Temp\EADCF8D.exe
C:\Users\Marian\AppData\Local\Temp\EADCF9D.exe
C:\Users\Marian\AppData\Local\Temp\EADCFEB.exe
C:\Users\Marian\AppData\Local\Temp\EADD072.exe
C:\Users\Marian\AppData\Local\Temp\EADD0A.exe
C:\Users\Marian\AppData\Local\Temp\EADD0B.exe
C:\Users\Marian\AppData\Local\Temp\EADD0C5.exe
C:\Users\Marian\AppData\Local\Temp\EADD0E5.exe
C:\Users\Marian\AppData\Local\Temp\EADD1A.exe
C:\Users\Marian\AppData\Local\Temp\EADD1CF.exe
C:\Users\Marian\AppData\Local\Temp\EADD23C.exe
C:\Users\Marian\AppData\Local\Temp\EADD2E7.exe
C:\Users\Marian\AppData\Local\Temp\EADD2F7.exe
C:\Users\Marian\AppData\Local\Temp\EADD3D1.exe
C:\Users\Marian\AppData\Local\Temp\EADD3E1.exe
C:\Users\Marian\AppData\Local\Temp\EADD3E2.exe
C:\Users\Marian\AppData\Local\Temp\EADD3F1.exe
C:\Users\Marian\AppData\Local\Temp\EADD400.exe
C:\Users\Marian\AppData\Local\Temp\EADD42F.exe
C:\Users\Marian\AppData\Local\Temp\EADD430.exe
C:\Users\Marian\AppData\Local\Temp\EADD48.exe
C:\Users\Marian\AppData\Local\Temp\EADD4FA.exe
C:\Users\Marian\AppData\Local\Temp\EADD519.exe
C:\Users\Marian\AppData\Local\Temp\EADD5F3.exe
C:\Users\Marian\AppData\Local\Temp\EADD6BE.exe
C:\Users\Marian\AppData\Local\Temp\EADD6DE.exe
C:\Users\Marian\AppData\Local\Temp\EADD6ED.exe
C:\Users\Marian\AppData\Local\Temp\EADD70C.exe
C:\Users\Marian\AppData\Local\Temp\EADD77.exe
C:\Users\Marian\AppData\Local\Temp\EADD7A8.exe
C:\Users\Marian\AppData\Local\Temp\EADD7A9.exe
C:\Users\Marian\AppData\Local\Temp\EADD7E7.exe
C:\Users\Marian\AppData\Local\Temp\EADD7E8.exe
C:\Users\Marian\AppData\Local\Temp\EADD825.exe
C:\Users\Marian\AppData\Local\Temp\EADD844.exe
C:\Users\Marian\AppData\Local\Temp\EADD863.exe
C:\Users\Marian\AppData\Local\Temp\EADD8B1.exe
C:\Users\Marian\AppData\Local\Temp\EADD8B2.exe
C:\Users\Marian\AppData\Local\Temp\EADD8F0.exe
C:\Users\Marian\AppData\Local\Temp\EADD95D.exe
C:\Users\Marian\AppData\Local\Temp\EADD97C.exe
C:\Users\Marian\AppData\Local\Temp\EADD9AB.exe
C:\Users\Marian\AppData\Local\Temp\EADDA28.exe
C:\Users\Marian\AppData\Local\Temp\EADDA76.exe
C:\Users\Marian\AppData\Local\Temp\EADDA77.exe
C:\Users\Marian\AppData\Local\Temp\EADDB7F.exe
C:\Users\Marian\AppData\Local\Temp\EADDBDD.exe
C:\Users\Marian\AppData\Local\Temp\EADDD24.exe
C:\Users\Marian\AppData\Local\Temp\EADDD5.exe
C:\Users\Marian\AppData\Local\Temp\EADDD63.exe
C:\Users\Marian\AppData\Local\Temp\EADDD64.exe
C:\Users\Marian\AppData\Local\Temp\EADDDB1.exe
C:\Users\Marian\AppData\Local\Temp\EADDE4.exe
C:\Users\Marian\AppData\Local\Temp\EADDED9.exe
C:\Users\Marian\AppData\Local\Temp\EADDEE9.exe
C:\Users\Marian\AppData\Local\Temp\EADDF46.exe
C:\Users\Marian\AppData\Local\Temp\EADE030.exe
C:\Users\Marian\AppData\Local\Temp\EADE04.exe
C:\Users\Marian\AppData\Local\Temp\EADE0BD.exe
C:\Users\Marian\AppData\Local\Temp\EADE0CC.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DC.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DD.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DE.exe
C:\Users\Marian\AppData\Local\Temp\EADE15B.exe
C:\Users\Marian\AppData\Local\Temp\EADE178.exe
C:\Users\Marian\AppData\Local\Temp\EADE204.exe
C:\Users\Marian\AppData\Local\Temp\EADE223.exe
C:\Users\Marian\AppData\Local\Temp\EADE23.exe
C:\Users\Marian\AppData\Local\Temp\EADE233.exe
C:\Users\Marian\AppData\Local\Temp\EADE243.exe
C:\Users\Marian\AppData\Local\Temp\EADE37B.exe
C:\Users\Marian\AppData\Local\Temp\EADE39A.exe
C:\Users\Marian\AppData\Local\Temp\EADE3F7.exe
C:\Users\Marian\AppData\Local\Temp\EADE42.exe
C:\Users\Marian\AppData\Local\Temp\EADE4C2.exe
C:\Users\Marian\AppData\Local\Temp\EADE501.exe
C:\Users\Marian\AppData\Local\Temp\EADE55E.exe
C:\Users\Marian\AppData\Local\Temp\EADE56E.exe
C:\Users\Marian\AppData\Local\Temp\EADE5AC.exe
C:\Users\Marian\AppData\Local\Temp\EADE619.exe
C:\Users\Marian\AppData\Local\Temp\EADE61A.exe
C:\Users\Marian\AppData\Local\Temp\EADE648.exe
C:\Users\Marian\AppData\Local\Temp\EADE658.exe
C:\Users\Marian\AppData\Local\Temp\EADE667.exe
C:\Users\Marian\AppData\Local\Temp\EADE703.exe
C:\Users\Marian\AppData\Local\Temp\EADE7AF.exe
C:\Users\Marian\AppData\Local\Temp\EADE7FD.exe
C:\Users\Marian\AppData\Local\Temp\EADE85B.exe
C:\Users\Marian\AppData\Local\Temp\EADE8B8.exe
C:\Users\Marian\AppData\Local\Temp\EADE993.exe
C:\Users\Marian\AppData\Local\Temp\EADE9C1.exe
C:\Users\Marian\AppData\Local\Temp\EADEA2F.exe
C:\Users\Marian\AppData\Local\Temp\EADEA3E.exe
C:\Users\Marian\AppData\Local\Temp\EADEA8C.exe
C:\Users\Marian\AppData\Local\Temp\EADEACB.exe
C:\Users\Marian\AppData\Local\Temp\EADEB28.exe
C:\Users\Marian\AppData\Local\Temp\EADEB38.exe
C:\Users\Marian\AppData\Local\Temp\EADEB76.exe
C:\Users\Marian\AppData\Local\Temp\EADEBF.exe
C:\Users\Marian\AppData\Local\Temp\EADEC0.exe
C:\Users\Marian\AppData\Local\Temp\EADEC51.exe
C:\Users\Marian\AppData\Local\Temp\EADEC80.exe
C:\Users\Marian\AppData\Local\Temp\EADEC8F.exe
C:\Users\Marian\AppData\Local\Temp\EADEC9F.exe
C:\Users\Marian\AppData\Local\Temp\EADECBE.exe
C:\Users\Marian\AppData\Local\Temp\EADECCD.exe
C:\Users\Marian\AppData\Local\Temp\EADED89.exe
C:\Users\Marian\AppData\Local\Temp\EADEDE6.exe
C:\Users\Marian\AppData\Local\Temp\EADEDF6.exe
C:\Users\Marian\AppData\Local\Temp\EADEE34.exe
C:\Users\Marian\AppData\Local\Temp\EADEE82.exe
C:\Users\Marian\AppData\Local\Temp\EADEEA2.exe
C:\Users\Marian\AppData\Local\Temp\EADEEE0.exe
C:\Users\Marian\AppData\Local\Temp\EADEEE1.exe
C:\Users\Marian\AppData\Local\Temp\EADEF1E.exe
C:\Users\Marian\AppData\Local\Temp\EADEF2E.exe
C:\Users\Marian\AppData\Local\Temp\EADEF6C.exe
C:\Users\Marian\AppData\Local\Temp\EADF.exe
C:\Users\Marian\AppData\Local\Temp\EADF018.exe
C:\Users\Marian\AppData\Local\Temp\EADF160.exe
C:\Users\Marian\AppData\Local\Temp\EADF16F.exe
C:\Users\Marian\AppData\Local\Temp\EADF17F.exe
C:\Users\Marian\AppData\Local\Temp\EADF1DC.exe
C:\Users\Marian\AppData\Local\Temp\EADF22A.exe
C:\Users\Marian\AppData\Local\Temp\EADF288.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B7.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B8.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B9.exe
C:\Users\Marian\AppData\Local\Temp\EADF2E6.exe
C:\Users\Marian\AppData\Local\Temp\EADF324.exe
C:\Users\Marian\AppData\Local\Temp\EADF3D0.exe
C:\Users\Marian\AppData\Local\Temp\EADF41E.exe
C:\Users\Marian\AppData\Local\Temp\EADF43D.exe
C:\Users\Marian\AppData\Local\Temp\EADF44C.exe
C:\Users\Marian\AppData\Local\Temp\EADF4BA.exe
C:\Users\Marian\AppData\Local\Temp\EADF4D9.exe
C:\Users\Marian\AppData\Local\Temp\EADF508.exe
C:\Users\Marian\AppData\Local\Temp\EADF527.exe
C:\Users\Marian\AppData\Local\Temp\EADF565.exe
C:\Users\Marian\AppData\Local\Temp\EADF5E2.exe
C:\Users\Marian\AppData\Local\Temp\EADF611.exe
C:\Users\Marian\AppData\Local\Temp\EADF66E.exe
C:\Users\Marian\AppData\Local\Temp\EADF68E.exe
C:\Users\Marian\AppData\Local\Temp\EADF6BC.exe
C:\Users\Marian\AppData\Local\Temp\EADF70A.exe
C:\Users\Marian\AppData\Local\Temp\EADF70B.exe
C:\Users\Marian\AppData\Local\Temp\EADF797.exe
C:\Users\Marian\AppData\Local\Temp\EADF7F4.exe
C:\Users\Marian\AppData\Local\Temp\EADF823.exe
C:\Users\Marian\AppData\Local\Temp\EADF852.exe
C:\Users\Marian\AppData\Local\Temp\EADF862.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B0.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B1.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B2.exe
C:\Users\Marian\AppData\Local\Temp\EADF91D.exe
C:\Users\Marian\AppData\Local\Temp\EADF92C.exe
C:\Users\Marian\AppData\Local\Temp\EADF99A.exe
C:\Users\Marian\AppData\Local\Temp\EADF9C8.exe
C:\Users\Marian\AppData\Local\Temp\EADF9C9.exe
C:\Users\Marian\AppData\Local\Temp\EADFA9.exe
C:\Users\Marian\AppData\Local\Temp\EADFA93.exe
C:\Users\Marian\AppData\Local\Temp\EADFAB2.exe
C:\Users\Marian\AppData\Local\Temp\EADFB00.exe
C:\Users\Marian\AppData\Local\Temp\EADFB5E.exe
C:\Users\Marian\AppData\Local\Temp\EADFB7D.exe
C:\Users\Marian\AppData\Local\Temp\EADFB8D.exe
C:\Users\Marian\AppData\Local\Temp\EADFBEA.exe
C:\Users\Marian\AppData\Local\Temp\EADFBFA.exe
C:\Users\Marian\AppData\Local\Temp\EADFC0A.exe
C:\Users\Marian\AppData\Local\Temp\EADFC0B.exe
C:\Users\Marian\AppData\Local\Temp\EADFC19.exe
C:\Users\Marian\AppData\Local\Temp\EADFC58.exe
C:\Users\Marian\AppData\Local\Temp\EADFC8.exe
C:\Users\Marian\AppData\Local\Temp\EADFC96.exe
C:\Users\Marian\AppData\Local\Temp\EADFCC5.exe
C:\Users\Marian\AppData\Local\Temp\EADFCD4.exe
C:\Users\Marian\AppData\Local\Temp\EADFD03.exe
C:\Users\Marian\AppData\Local\Temp\EADFDED.exe
C:\Users\Marian\AppData\Local\Temp\EADFE7.exe
C:\Users\Marian\AppData\Local\Temp\EADFEA8.exe
C:\Users\Marian\AppData\Local\Temp\EADFF16.exe
C:\Users\Marian\AppData\Local\Temp\EADFF54.exe
C:\Users\Marian\AppData\Local\Temp\EADFF73.exe
C:\Users\Marian\AppData\Local\Temp\EADFFB2.exe
C:\Users\Marian\AppData\Local\Temp\EADFFE0.exe
C:\Users\Marian\AppData\Local\Temp\EAInstall.dll
C:\Users\Marian\AppData\Local\Temp\eauninstall.exe
C:\Users\Marian\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Marian\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Marian\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Marian\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Marian\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Marian\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Marian\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Marian\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Marian\AppData\Local\Temp\yPrU.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-16 16:14

==================== End Of Log ============================
         
[/CODE]

Habe es dir nun auf zweimal gesendet
warte nun auf weitere Hilfe

Danke schon mal für die Antwort

Alt 11.11.2013, 17:51   #5
aharonov
/// TB-Ausbilder
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Ich dachte, der Rechner sei gesperrt? Aber jetzt konntest du trotzdem im normalen Modus scannen?

FRST sollte auch noch ein Logfile Addition.txt erstellt haben. Poste dieses bitte auch noch.
Wenn du es nicht findest, dann erstelle es nochmals so neu:


Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

__________________
cheers,
Leo

Alt 11.11.2013, 20:30   #6
Sevikar
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Hat mich selbst gewundert, manchmal habe ich zugriff auf mein Profil und manchmal ist es gesperrt.
Meistens wenn ich mich abmelde über den Task Manager, wenn es gesperrt ist und mich neu anmelde ist es frei.
Ich weiss auch nicht warum und wieso.

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Marian at 2013-11-11 18:59:01
Running from C:\Users\Marian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (x32 Version: 10.0.12.36)
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.183.10)
Adobe Flash Player 11 Plugin (x32 Version: 11.1.102.55)
Adobe Reader X MUI (x32 Version: 10.0.0)
Advanced System Protector (x32 Version: 2.1.1000.12150)
ARO 2012 (Version: 8.0)
Ask Toolbar Updater (HKCU Version: 1.2.0.20007)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.3222)
AVG 2012 (Version: 12.1.2238)
AVG 2012 (Version: 12.1.2240)
AVG 2012 (Version: 12.1.2241)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
AVG Security Toolbar (x32 Version: 17.1.2.1)
Avira Free Antivirus (x32 Version: 12.1.9.2500)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.2.241.0)
Bonanza Deals (remove only) (x32 Version: 5.0.1.0)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Call of Juarez Gunslinger (x32)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon MG5100 series Benutzerregistrierung (x32)
Canon MG5100 series MP Drivers
Canon MP Navigator EX 4.0 (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CLICK & LEARN DiDi 360° 3.0 (x32)
Codec Pack Packages (HKCU)
Conexant HD Audio (Version: 8.50.4.0)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4418)
D3DX10 (x32 Version: 15.4.2368.0902)
DC-Bass Source 1.3.0 (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.61)
Dell DataSafe Local Backup (x32 Version: 9.4.61)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell MusicStage (x32 Version: 1.5.201.0)
Dell PhotoStage (x32 Version: 1.5.0.65)
Dell Product Registration (x32 Version: 1.1.3)
Dell Stage (x32 Version: 1.5.201.0)
Dell Stage Remote (x32 Version: 2.0.0.43)
Dell VideoStage  (x32 Version: 1.2.0.1712)
Die ersten 10 Jahre (x32 Version: 1.00.0000)
Die Siedler IV (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DirectVobSub 2.40.4209 (x32 Version: 2.40.4209)
DirectX 9 Runtime (x32 Version: 1.00.0000)
DivX-Setup (x32 Version: 2.6.1.8)
Dora's World Adventure (x32 Version: 2.2.0.95)
EA Download Manager (x32 Version: 5.1.0.4)
eBay (x32 Version: 1.4.0)
Escape Whisper Valley (TM) (x32 Version: 2.2.0.95)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
ffdshow v1.1.4399 [2012-03-22] (x32 Version: 1.1.4399.0)
FIFA 11 (x32 Version: 1.0.0.0)
Final Drive Fury (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
Free Studio version 5.3.5 (x32 Version: 5.3.5)
FromDocToPDF Toolbar (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Guard.ICQ (x32)
Haali Media Splitter (x32)
ICQ Sparberater (x32 Version: 1.3.671)
ICQ Toolbar (x32 Version: 3.0.0)
ICQ7M (x32 Version: 7.8)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270)
Java(TM) 6 Update 27 (x32 Version: 6.0.270)
Jewel Quest (x32 Version: 2.2.0.95)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lagarith Lossless Codec (1.3.27) (x32)
LAME v3.99.3 (for Windows) (x32)
LEGO Racers (x32)
Luxor (x32 Version: 2.2.0.95)
Marine Sharpshooter 3 (x32)
Marine Sharpshooter 4 (x32)
McAfee SecurityCenter (x32 Version: 11.0.654)
Mesh Runtime (x32 Version: 15.4.5722.2)
metaCrawler (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Moorhuhnjagd (x32)
Mozilla Firefox 10.0.2 (x86 de) (x32 Version: 10.0.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.4.6308.28)
MyPC Backup  (Version: )
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Need for Speed™ Carbon (x32)
Need for Speed™ ProStreet (x32 Version: 1.0.1.0)
NVIDIA Display Control Panel (Version: 6.14.12.6716)
OpenSource Flash Video Splitter 1.0.0.5 (x32 Version: 1.0.0.5)
Penguins! (x32 Version: 2.2.0.95)
PhotoShowExpress (x32 Version: 2.0.063)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
RBVirtualFolder64Inst (Version: 1.00.0000)
RegClean Pro (x32 Version: 6.21)
RollerCoaster Tycoon 3 (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Samantha Swift (x32 Version: 2.2.0.95)
Skype™ 5.10 (x32 Version: 5.10.116)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Steam (x32 Version: 1.0.0.0)
Support.com Toolbar (x32 Version: 1.14.1.0)
Trust R-series Mouse And Keyboard (x32 Version: 2.0)
Update for Codec Pack (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95)
WER WIRD MILLIONÄR DRITTE EDITION (x32 Version: 1.0.0.0000)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.36)
WildTangent-Spiele (x32 Version: 1.0.2.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0)
Xvid Video Codec (x32 Version: 1.3.2)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

20-10-2013 17:00:02 Windows-Sicherung
27-10-2013 18:00:03 Windows-Sicherung
03-11-2013 18:00:04 Windows-Sicherung
04-11-2013 18:45:40 Steam wird installiert
04-11-2013 19:27:45 DirectX wurde installiert
09-11-2013 16:51:47 Installiert Die ersten 10 Jahre
09-11-2013 16:56:26 DirectX wurde installiert
09-11-2013 17:02:06 Installiert Die ersten 10 Jahre
10-11-2013 18:00:22 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B69E0D0-CDBD-4076-95F4-D76248E7FE86} - System32\Tasks\{9A1A12CC-81D6-4FB3-BD4B-C400670E65D8} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {2160DA47-76E0-489A-82AB-AE2CA644FDE8} - System32\Tasks\{9831C4F3-56FE-40B2-A245-7CC308B211CB} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {279B3A51-C87D-4691-970C-EDB07FB19F52} - System32\Tasks\{7FF8A3A7-F99B-4B89-B45B-121BE9BBF9A0} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {286C00E3-711F-4A80-9466-7F4414235517} - System32\Tasks\{67DD9177-BEAE-4D63-BC0A-0434CA68EF38} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {31C0D8E7-23D1-422F-B400-AF7668C23744} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{F816ACDB-A9AF-4782-BCFE-9D02A6725A2E}.exe
Task: {35738CC9-8C68-4A79-996C-F43CD22196FD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {3C027EEC-F6BF-4624-98E4-C8D298C0CBD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: {472AD8F6-C0F6-4992-A714-F45DACDB1E67} - System32\Tasks\{7F9F98D6-1E86-490C-B727-008763B817C4} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {51EBE779-3637-4F6B-8023-779AE52E44F4} - System32\Tasks\{D86AD3DF-BC43-4E1B-A50C-19305D35B8C7} => C:\NICE2\nice2.exe [2000-01-14] ()
Task: {56152542-B15F-4D2B-AB19-946265253016} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {572B3336-7015-4D8E-B3E1-515219204662} - System32\Tasks\{41B44E39-720E-4669-85BF-32CAA66E2F1B} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {57E301EF-2053-4881-8457-1378A1A4AA1E} - System32\Tasks\{C7889346-C3E7-48E5-B120-8581F01B9B92} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {59DE2116-00CC-4730-911C-5F74AD87F35D} - System32\Tasks\{D424B8B3-B144-4A7D-977B-1247A7EC38CC} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {6FD312BC-76BB-4F64-9A0A-031F05CAF146} - System32\Tasks\{C8DD2C5F-B94F-4798-B30E-0410AB62F078} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {7214DDD1-2DB0-46A8-889F-B8C7394848AB} - System32\Tasks\{ECFA6F5C-3664-4937-9FF5-0F96C45E2CCD} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {722B6554-33EE-4BBF-9092-21C2D28A1CED} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] ()
Task: {77F2B6E2-366A-4261-92F3-D77F09455132} - System32\Tasks\{DDFCF5B4-1977-428E-BAC4-4D70D3E674A3} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {7C6BCCC1-48EB-4C04-9953-62A416F88569} - System32\Tasks\{0188AE9B-83B2-497B-B56E-0F24CF9B545D} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {95AF3031-0BC4-4A4E-B2FF-601E5504AB4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: {9AB25701-8734-4300-B6C3-20D77589A26D} - System32\Tasks\{7FC7EAC1-AE5F-42EF-8B35-D37095E9F142} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {9E33A576-AB50-4B2D-8B0A-445E4D344A09} - System32\Tasks\{8C79040E-219C-48F5-97FF-3542B0DC1EE2} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {B115051F-6272-4080-9F34-6564D280A6E4} - System32\Tasks\{A7C23287-E33E-41AF-8DB1-CFB425567AEF} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {B9FDE6D5-2E36-4E89-8F13-38F75BEA6F34} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {BA49B6C4-D4B2-4598-8E4D-CA8B0167961C} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {BEE0BAED-7DE3-4F85-A9AE-F5EAD405E0BD} - System32\Tasks\{C2E34D35-48E7-407E-B7BF-DE8161C30633} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {E4FB6C6E-58F1-4B9E-9A07-CE3838A53505} - System32\Tasks\{F7338E06-F36B-4DB8-95AA-5C8E1D5F487C} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {F3854F01-6C21-4BD8-B8DC-A499DB273D9F} - System32\Tasks\{DE49DDEF-7356-4F1A-92B8-60BE0C9C32D3} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {F73F9DD9-FF4F-4C4F-A78B-A24ACC2F96ED} - System32\Tasks\{335B4A41-E67B-4D4C-ABA2-957FF71D5F7B} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F816ACDB-A9AF-4782-BCFE-9D02A6725A2E}.exe
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-20 16:01 - 2013-06-20 16:01 - 00292424 _____ () C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegratorStub64.dll
2013-06-20 16:01 - 2013-06-20 16:01 - 00442952 _____ () C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\HPG64.DLL
2013-09-19 23:37 - 2013-09-19 23:37 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2013-09-19 23:32 - 2013-09-19 23:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2012-02-06 19:34 - 2012-05-09 05:14 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-11 16:26 - 2013-11-11 16:24 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:32 - 2011-06-24 23:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-11-11 16:27 - 2013-11-11 16:24 - 00142360 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
2005-05-04 19:12 - 2005-05-04 19:12 - 00028672 _____ () C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\MouseHook.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-02-06 18:51 - 2012-02-18 10:04 - 01911768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-02-06 21:38 - 2012-02-06 21:38 - 08527008 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2013 06:46:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 04:22:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 05:14:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 04:57:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 2.0.230.0, Zeitstempel: 0x4d41ff46
Name des fehlerhaften Moduls: mps.dll, Version: 13.0.286.0, Zeitstempel: 0x4d233ee9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005197c
ID des fehlerhaften Prozesses: 0xc74
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3

Error: (11/10/2013 04:56:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 00:48:39 PM) (Source: Application Hang) (User: )
Description: Programm MHK-XXL.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5b4

Startzeit: 01cede0910370a97

Endzeit: 44

Anwendungspfad: C:\Program Files (x86)\Phenomedia\Die ersten 10 Jahre\Moorhuhn Kart\MHK-XXL.exe

Berichts-ID:

Error: (11/10/2013 10:51:06 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 10:14:31 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/10/2013 10:14:30 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (11/10/2013 10:14:30 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/11/2013 06:47:51 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/11/2013 06:47:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/11/2013 06:47:51 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (11/11/2013 06:47:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (11/11/2013 06:46:54 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (11/11/2013 05:36:37 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueBasic

Error: (11/11/2013 05:36:37 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNegotiate

Error: (11/11/2013 05:36:37 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNTLM

Error: (11/11/2013 05:36:37 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueWDigest

Error: (11/11/2013 04:24:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (11/11/2013 06:46:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 04:22:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 05:14:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 04:57:59 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff46mps.dll13.0.286.04d233ee9c0000005000000000005197cc7401cede2d4a938389C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exec:\PROGRA~1\mcafee\mps\mps.dllded10b85-4a20-11e3-bf27-d067e524ae5e

Error: (11/10/2013 04:56:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 00:48:39 PM) (Source: Application Hang)(User: )
Description: MHK-XXL.exe0.0.0.05b401cede0910370a9744C:\Program Files (x86)\Phenomedia\Die ersten 10 Jahre\Moorhuhn Kart\MHK-XXL.exe

Error: (11/10/2013 10:51:06 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 10:14:31 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Media Foundation Components\DivXPropertyHandler.dll

Error: (11/10/2013 10:14:30 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Media Foundation Components\DivXThumbnailProvider.dll

Error: (11/10/2013 10:14:30 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files\DivX\DivX Media Foundation Components\ACMWrapperDMO.dll


==================== Memory info =========================== 

Percentage of memory in use: 45%
Total physical RAM: 4078.64 MB
Available physical RAM: 2237.55 MB
Total Pagefile: 8155.47 MB
Available Pagefile: 5121.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:765.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 79477327)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Dass müsste nun der Additon.txt sein brauchst du die anderen daten auch nochmals?

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Marian (administrator) on MARIAN-PC on 11-11-2013 18:57:35
Running from C:\Users\Marian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Just Develop It) C:\Program Files (x86)\MyPC Backup\BackupStack.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
(COMPANYVERS_NAME) C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
() C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE
(UASSOFT.COM) C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\vsnpstd3.exe
() C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
(MindSpark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(BonanzaDeals) C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [548936 2013-06-20] ()
HKCU\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKCU\...\Run: [AROReminder] - C:\Program Files (x86)\ARO 2012\ARO.exe [2552688 2012-01-06] (Support.com, Inc.)
HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2420248 2013-11-11] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-07-25] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [WireLessMouse] - C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrchMn.exe [44784 2013-06-20] (MindSpark)
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-06-20] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Advanced System Protector_startup] - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe [6588272 2013-10-04] (Systweak)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ehfhbnb.lnk
ShortcutTarget: ehfhbnb.lnk -> C:\PROGRA~3\bnbhfhe.dss (Microsoft Corporation)
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\Marian\AppData\Local\Temp\is-AICRO.tmp\ATR1.exe (No File)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Y6^xdm043^YY^de&ptb=3E691828-DB1F-4F05-A0AD-C49C38B1BB36&si=swissconverter
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={C7116042-2B71-4C80-BFFE-E86FA1FF8655}&mid=3ec46191475447d1b322012ea3c047ad-0b9adabb025698a8169125cb2314e36b1a36cd1e&lang=de&ds=AVG&pr=pr&d=2012-02-07 17:01:19&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A605BB24-9ADB-4A20-B8F8-0D382B77C032} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=13153&src=kw&q={searchTerms}&locale=&apn_ptnrs=S2&apn_dtid=YYYYYYYYDE&apn_uid=5ce01b61-567e-401f-817d-e548de49ef94&apn_sauid=D0B93AB2-0E19-4D61-83E6-B922CB5CBF14
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120212154438.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120212154438.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Toolbar BHO - {a235e1e3-6296-4710-af39-104a7faa6c7c} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Search Assistant BHO - {f236ca79-3123-4afb-9f74-e98117ad5625} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll (MindSpark)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default
FF user.js: detected! => C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\user.js
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: metaCrawler
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://isearch.avg.com/search?pid=avg&sg=0&cid=%7Bbeda745e-ab48-4d1d-84d2-1c35f6f66353%7D&mid=3ec46191475447d1b322012ea3c047ad-0b9adabb025698a8169125cb2314e36b1a36cd1e&ds=AVG&coid=&v=17.1.2.1&lang=de&pr=pr&d=2012-02-07%2017%3A01%3A19&sap=ku&q=
FF NetworkProxy: "type", 0
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @FromDocToPDF_65.com/Plugin - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll (MindSpark)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\metaCrawler.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: FromDocToPDF - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\65ffxtbr@FromDocToPDF_65.com
FF Extension: metacrawler.com - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\ffxtlbr@metacrawler.com
FF Extension: Support.com Toolbar - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\toolbar@ask.com
FF Extension: MetaCrawler New Tab - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{60364604-8b4c-42f4-a2ca-a76ca7b61b37}
FF Extension: ICQ Toolbar - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: DownloadHelper - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: BonanzaDeals - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF Extension: ciuvo-extension - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
FF Extension: FromDocToPDF - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin

Chrome: 
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Drive) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (AVG Safe Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0
CHR Extension: (Gmail) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-10] (BonanzaDeals)
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-11-10] (BonanzaDeals)
R2 FromDocToPDF_65Service; C:\PROGRA~2\FROMDO~2\bar\1.bin\65barsvc.exe [42504 2013-06-20] (COMPANYVERS_NAME)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-07-25] ()
R2 ICQ Service; C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE [247872 2012-03-20] ()
R2 KMWDSERVICE; C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [208896 2007-02-28] (UASSOFT.COM)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2011-10-18] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-02-18] ()
R2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-10 21:14 - 2013-11-10 21:14 - 00114281 _____ C:\Users\Marian\Desktop\Daten.txt
2013-11-10 17:02 - 2013-11-10 17:02 - 01957562 _____ (Farbar) C:\Users\Marian\Downloads\FRST64(1).exe
2013-11-10 11:04 - 2013-11-10 11:04 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-10 10:58 - 2013-11-10 10:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-11-10 10:53 - 2013-11-10 10:53 - 00074856 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:53 - 2013-11-10 10:53 - 00000000 ____D C:\Users\Gast\AppData\Roaming\AVG2012
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Roxio
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Leadertech
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell Touch Zone
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Local\Dell
2013-11-10 10:51 - 2013-11-10 10:52 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:51 - 2013-11-10 10:52 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-10 10:51 - 2013-11-10 10:51 - 00001379 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-10 10:49 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast
2013-11-10 10:49 - 2013-11-10 10:49 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:01 - 00000000 ____D C:\Users\Gast\AppData\Local\SoftThinks
2013-11-10 10:49 - 2013-01-30 16:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\TuneUp Software
2013-11-10 10:49 - 2011-11-22 21:07 - 00000000 ___RD C:\Users\Gast\Desktop\Spiele spielen
2013-11-10 10:49 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-10 10:49 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-10 10:26 - 2013-11-10 10:26 - 00028309 _____ C:\Users\Marian\Downloads\Addition.txt
2013-11-10 10:25 - 2013-11-10 10:25 - 00000000 ____D C:\FRST
2013-11-10 10:24 - 2013-11-10 10:24 - 01957098 _____ (Farbar) C:\Users\Marian\Downloads\FRST64.exe
2013-11-10 10:18 - 2013-11-10 10:18 - 00702960 _____ C:\Users\Marian\Downloads\DownloadAcceleratorSetup.exe
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DivX
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files\DivX
2013-11-10 10:13 - 2013-11-10 10:51 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-10 10:13 - 2013-11-10 10:13 - 00001089 _____ C:\Users\Marian\Desktop\MyPC Backup.lnk
2013-11-10 10:13 - 2013-11-10 10:13 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-10 10:12 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-10 10:12 - 2013-11-10 10:12 - 00001203 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-11-10 10:12 - 2013-11-10 10:12 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Users\Marian\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\ProgramData\Systweak
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-11-10 10:12 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe
2013-11-10 10:11 - 2013-11-10 10:14 - 00000000 ____D C:\ProgramData\DivX
2013-11-10 10:11 - 2013-11-10 10:13 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Systweak
2013-11-10 10:11 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-10 10:11 - 2013-11-10 10:11 - 00715038 _____ C:\Windows\unins000.exe
2013-11-10 10:11 - 2013-11-10 10:11 - 00001992 _____ C:\Windows\unins000.dat
2013-11-10 10:11 - 2013-11-10 10:11 - 00001052 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\MetaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\LavFilters
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DigitalSite
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\CDXReader
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Local\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\metaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-10 10:11 - 2013-09-17 11:25 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-11-10 10:11 - 2012-02-26 16:47 - 00079360 _____ C:\Windows\SysWOW64\ff_vfw.dll
2013-11-10 10:11 - 2012-01-09 20:45 - 00178688 _____ C:\Windows\SysWOW64\unrar.dll
2013-11-10 10:11 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2013-11-10 10:11 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-11-10 10:11 - 2011-05-30 14:42 - 00255488 _____ C:\Windows\system32\xvidvfw.dll
2013-11-10 10:11 - 2011-05-30 14:42 - 00240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2013-11-10 10:11 - 2011-05-23 10:52 - 00153088 _____ C:\Windows\SysWOW64\xvid.ax
2013-11-10 10:11 - 2011-05-23 08:49 - 00173568 _____ C:\Windows\system32\xvid.ax
2013-11-10 10:11 - 2011-05-23 08:46 - 00645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2013-11-10 10:11 - 2011-05-23 08:45 - 00696832 _____ C:\Windows\system32\xvidcore.dll
2013-11-10 10:07 - 2013-11-10 10:07 - 00702672 _____ C:\Users\Marian\Downloads\UltimateCodec.exe
2013-11-10 10:01 - 2013-11-10 17:13 - 00000279 _____ C:\ProgramData\ehfhbnb.reg
2013-11-09 17:56 - 2013-11-09 18:02 - 00000990 _____ C:\Users\Public\Desktop\Spielkiste.lnk
2013-11-09 17:56 - 2013-11-09 17:56 - 00000000 ____D C:\Program Files (x86)\Einfach_Spielen
2013-11-09 17:55 - 2013-11-09 18:02 - 00002342 _____ C:\Users\Public\Desktop\Fluch des Goldes spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001465 _____ C:\Users\Public\Desktop\Moorhuhn Invasion spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001436 _____ C:\Users\Public\Desktop\Moorhuhn Directors Cut spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 3 spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001364 _____ C:\Users\Public\Desktop\Schatzjäger spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001453 _____ C:\Users\Public\Desktop\Moorhuhn Piraten spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Winter spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Remake spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001435 _____ C:\Users\Public\Desktop\Moorhuhn Atlantis spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 2 spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001418 _____ C:\Users\Public\Desktop\Schatz des Pharao spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001404 _____ C:\Users\Public\Desktop\Moorhuhn Wanted spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001390 _____ C:\Users\Public\Desktop\Die original Moorhuhnjagd.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001369 _____ C:\Users\Public\Desktop\Moorhuhn X spielen.lnk
2013-11-09 17:53 - 2013-11-09 18:02 - 00002401 _____ C:\Users\Public\Desktop\Moorhuhn Kart Extra spielen.lnk
2013-11-09 17:53 - 2013-11-09 18:02 - 00001429 _____ C:\Users\Public\Desktop\Moorhuhn Kart Thunder spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Kart 3 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001411 _____ C:\Users\Public\Desktop\Moorhuhn Kart 2 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001390 _____ C:\Users\Public\Desktop\Moorhuhn Kart spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 3 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 2 spielen.lnk
2013-11-09 15:27 - 2013-11-10 17:13 - 95025368 ____T C:\ProgramData\ehfhbnb.bxx
2013-11-09 15:27 - 2013-11-10 17:13 - 00000000 _____ C:\ProgramData\ehfhbnb.fvv
2013-11-09 15:27 - 2013-11-09 15:27 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\bnbhfhe.dss
2013-11-09 15:27 - 2013-11-09 15:27 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\ehfhbnb.pss
2013-11-04 20:31 - 2013-11-04 20:31 - 00000000 ____D C:\Users\Marian\AppData\Local\techland
2013-11-04 20:30 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-04 20:30 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-04 20:30 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-04 20:22 - 2013-11-04 20:22 - 00000222 _____ C:\Users\Marian\Desktop\Call of Juarez Gunslinger.url
2013-11-04 20:22 - 2013-11-04 20:22 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-04 19:46 - 2013-11-11 18:47 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-04 19:46 - 2013-11-04 19:46 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-10-12 14:08 - 2013-10-12 14:09 - 01643276 _____ C:\Users\Marian\Documents\hihäpljo.xps

==================== One Month Modified Files and Folders =======

2013-11-11 18:54 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-11 18:54 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-11 18:50 - 2011-11-22 20:27 - 01296963 _____ C:\Windows\WindowsUpdate.log
2013-11-11 18:47 - 2013-11-04 19:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-11 18:46 - 2013-06-03 15:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-11 18:46 - 2012-12-22 11:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-11 18:46 - 2011-11-22 21:20 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-11 18:46 - 2011-11-22 21:20 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-11 18:46 - 2011-11-22 20:51 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-11 18:45 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-11 18:45 - 2009-07-14 05:51 - 00122842 _____ C:\Windows\setupact.log
2013-11-11 17:35 - 2012-02-07 17:00 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-11-11 16:44 - 2012-12-22 11:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-11 16:27 - 2010-11-21 07:50 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-11 16:27 - 2010-11-21 07:50 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-11 16:27 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 16:25 - 2012-02-07 17:01 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-11-11 16:24 - 2012-09-05 09:52 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-10 21:14 - 2013-11-10 21:14 - 00114281 _____ C:\Users\Marian\Desktop\Daten.txt
2013-11-10 17:13 - 2013-11-10 10:01 - 00000279 _____ C:\ProgramData\ehfhbnb.reg
2013-11-10 17:13 - 2013-11-09 15:27 - 95025368 ____T C:\ProgramData\ehfhbnb.bxx
2013-11-10 17:13 - 2013-11-09 15:27 - 00000000 _____ C:\ProgramData\ehfhbnb.fvv
2013-11-10 17:02 - 2013-11-10 17:02 - 01957562 _____ (Farbar) C:\Users\Marian\Downloads\FRST64(1).exe
2013-11-10 11:04 - 2013-11-10 11:04 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-10 10:58 - 2013-11-10 10:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\AVG Secure Search
2013-11-10 10:53 - 2013-11-10 10:53 - 00074856 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:53 - 2013-11-10 10:53 - 00000000 ____D C:\Users\Gast\AppData\Roaming\AVG2012
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Roxio
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Leadertech
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell Touch Zone
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Local\Dell
2013-11-10 10:52 - 2013-11-10 10:51 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:52 - 2013-11-10 10:51 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-10 10:51 - 2013-11-10 10:51 - 00001379 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-10 10:51 - 2013-11-10 10:49 - 00000000 ____D C:\Users\Gast
2013-11-10 10:51 - 2013-11-10 10:13 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-11-10 10:50 - 2009-07-14 05:45 - 00334320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-10 10:49 - 2013-11-10 10:49 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-10 10:35 - 2010-08-06 05:15 - 00000000 ____D C:\Users\Marian\Desktop\USB Musik
2013-11-10 10:34 - 2012-02-06 17:21 - 00074856 _____ C:\Users\Marian\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:26 - 2013-11-10 10:26 - 00028309 _____ C:\Users\Marian\Downloads\Addition.txt
2013-11-10 10:25 - 2013-11-10 10:25 - 00000000 ____D C:\FRST
2013-11-10 10:24 - 2013-11-10 10:24 - 01957098 _____ (Farbar) C:\Users\Marian\Downloads\FRST64.exe
2013-11-10 10:18 - 2013-11-10 10:18 - 00702960 _____ C:\Users\Marian\Downloads\DownloadAcceleratorSetup.exe
2013-11-10 10:17 - 2012-02-06 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DivX
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files\DivX
2013-11-10 10:14 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-10 10:14 - 2013-11-10 10:11 - 00000000 ____D C:\ProgramData\DivX
2013-11-10 10:13 - 2013-11-10 10:13 - 00001089 _____ C:\Users\Marian\Desktop\MyPC Backup.lnk
2013-11-10 10:13 - 2013-11-10 10:13 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2013-11-10 10:13 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Systweak
2013-11-10 10:13 - 2012-02-06 17:22 - 00000000 ___RD C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:12 - 2013-11-10 10:12 - 00001203 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-11-10 10:12 - 2013-11-10 10:12 - 00000922 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Users\Marian\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\ProgramData\Systweak
2013-11-10 10:12 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\Advanced System Protector
2013-11-10 10:12 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-10 10:11 - 2013-11-10 10:11 - 00715038 _____ C:\Windows\unins000.exe
2013-11-10 10:11 - 2013-11-10 10:11 - 00001992 _____ C:\Windows\unins000.dat
2013-11-10 10:11 - 2013-11-10 10:11 - 00001052 _____ C:\Users\Public\Desktop\RegClean Pro.lnk
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\MetaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\LavFilters
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DigitalSite
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\CDXReader
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Local\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\ProgramData\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\RegClean Pro
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\metaCrawler
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-11-10 10:07 - 2013-11-10 10:07 - 00702672 _____ C:\Users\Marian\Downloads\UltimateCodec.exe
2013-11-10 10:01 - 2013-11-10 10:49 - 00000000 ____D C:\Users\Gast\AppData\Local\SoftThinks
2013-11-09 18:02 - 2013-11-09 17:56 - 00000990 _____ C:\Users\Public\Desktop\Spielkiste.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00002342 _____ C:\Users\Public\Desktop\Fluch des Goldes spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001465 _____ C:\Users\Public\Desktop\Moorhuhn Invasion spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001436 _____ C:\Users\Public\Desktop\Moorhuhn Directors Cut spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001364 _____ C:\Users\Public\Desktop\Schatzjäger spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001453 _____ C:\Users\Public\Desktop\Moorhuhn Piraten spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Winter spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Remake spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001435 _____ C:\Users\Public\Desktop\Moorhuhn Atlantis spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 2 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001418 _____ C:\Users\Public\Desktop\Schatz des Pharao spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001404 _____ C:\Users\Public\Desktop\Moorhuhn Wanted spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001390 _____ C:\Users\Public\Desktop\Die original Moorhuhnjagd.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001369 _____ C:\Users\Public\Desktop\Moorhuhn X spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:53 - 00002401 _____ C:\Users\Public\Desktop\Moorhuhn Kart Extra spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:53 - 00001429 _____ C:\Users\Public\Desktop\Moorhuhn Kart Thunder spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Kart 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001411 _____ C:\Users\Public\Desktop\Moorhuhn Kart 2 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001390 _____ C:\Users\Public\Desktop\Moorhuhn Kart spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 2 spielen.lnk
2013-11-09 17:58 - 2011-11-22 21:00 - 00412483 _____ C:\Windows\DirectX.log
2013-11-09 17:56 - 2013-11-09 17:56 - 00000000 ____D C:\Program Files (x86)\Einfach_Spielen
2013-11-09 17:54 - 2012-07-25 16:21 - 00000000 ____D C:\Users\Marian\Desktop\Frauen Bilder
2013-11-09 17:52 - 2013-06-19 18:18 - 00000000 ____D C:\Program Files (x86)\Phenomedia
2013-11-09 17:52 - 2011-11-22 20:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-09 15:27 - 2013-11-09 15:27 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\bnbhfhe.dss
2013-11-09 15:27 - 2013-11-09 15:27 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\ehfhbnb.pss
2013-11-09 14:19 - 2013-05-22 17:01 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-11-04 20:31 - 2013-11-04 20:31 - 00000000 ____D C:\Users\Marian\AppData\Local\techland
2013-11-04 20:22 - 2013-11-04 20:22 - 00000222 _____ C:\Users\Marian\Desktop\Call of Juarez Gunslinger.url
2013-11-04 20:22 - 2013-11-04 20:22 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-04 19:46 - 2013-11-04 19:46 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-03 10:49 - 2012-02-07 17:23 - 00000000 ____D C:\Users\Marian\Documents\FIFA 11
2013-10-29 19:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-29 19:25 - 2011-11-22 21:13 - 00000000 ____D C:\ProgramData\Sonic
2013-10-29 16:32 - 2012-03-17 09:30 - 00000000 ____D C:\Users\Marian\dwhelper
2013-10-18 15:48 - 2012-12-22 11:13 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 15:39 - 2012-12-22 11:12 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-16 15:39 - 2012-12-22 11:12 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-12 14:09 - 2013-10-12 14:08 - 01643276 _____ C:\Users\Marian\Documents\hihäpljo.xps
         

Alt 11.11.2013, 20:32   #7
Sevikar
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Code:
ATTFilter
Files to move or delete:
====================
C:\ProgramData\bnbhfhe.dss
C:\ProgramData\ehfhbnb.reg


Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Marian\AppData\Local\Temp\AskSLib.dll
C:\Users\Marian\AppData\Local\Temp\AutoRun.exe
C:\Users\Marian\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Marian\AppData\Local\Temp\avguidx.dll
C:\Users\Marian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marian\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Marian\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Marian\AppData\Local\Temp\EAD10.exe
C:\Users\Marian\AppData\Local\Temp\EAD1006.exe
C:\Users\Marian\AppData\Local\Temp\EAD1016.exe
C:\Users\Marian\AppData\Local\Temp\EAD1017.exe
C:\Users\Marian\AppData\Local\Temp\EAD1026.exe
C:\Users\Marian\AppData\Local\Temp\EAD1035.exe
C:\Users\Marian\AppData\Local\Temp\EAD1054.exe
C:\Users\Marian\AppData\Local\Temp\EAD1074.exe
C:\Users\Marian\AppData\Local\Temp\EAD109.exe
C:\Users\Marian\AppData\Local\Temp\EAD1093.exe
C:\Users\Marian\AppData\Local\Temp\EAD10A.exe
C:\Users\Marian\AppData\Local\Temp\EAD1110.exe
C:\Users\Marian\AppData\Local\Temp\EAD112F.exe
C:\Users\Marian\AppData\Local\Temp\EAD116D.exe
C:\Users\Marian\AppData\Local\Temp\EAD118.exe
C:\Users\Marian\AppData\Local\Temp\EAD11CB.exe
C:\Users\Marian\AppData\Local\Temp\EAD11CC.exe
C:\Users\Marian\AppData\Local\Temp\EAD11FA.exe
C:\Users\Marian\AppData\Local\Temp\EAD1228.exe
C:\Users\Marian\AppData\Local\Temp\EAD1238.exe
C:\Users\Marian\AppData\Local\Temp\EAD1248.exe
C:\Users\Marian\AppData\Local\Temp\EAD128.exe
C:\Users\Marian\AppData\Local\Temp\EAD12B5.exe
C:\Users\Marian\AppData\Local\Temp\EAD12F3.exe
C:\Users\Marian\AppData\Local\Temp\EAD1332.exe
C:\Users\Marian\AppData\Local\Temp\EAD1341.exe
C:\Users\Marian\AppData\Local\Temp\EAD1342.exe
C:\Users\Marian\AppData\Local\Temp\EAD1380.exe
C:\Users\Marian\AppData\Local\Temp\EAD140C.exe
C:\Users\Marian\AppData\Local\Temp\EAD141C.exe
C:\Users\Marian\AppData\Local\Temp\EAD142B.exe
C:\Users\Marian\AppData\Local\Temp\EAD144A.exe
C:\Users\Marian\AppData\Local\Temp\EAD144B.exe
C:\Users\Marian\AppData\Local\Temp\EAD1479.exe
C:\Users\Marian\AppData\Local\Temp\EAD1525.exe
C:\Users\Marian\AppData\Local\Temp\EAD1554.exe
C:\Users\Marian\AppData\Local\Temp\EAD15E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD15FF.exe
C:\Users\Marian\AppData\Local\Temp\EAD1600.exe
C:\Users\Marian\AppData\Local\Temp\EAD162E.exe
C:\Users\Marian\AppData\Local\Temp\EAD168C.exe
C:\Users\Marian\AppData\Local\Temp\EAD16CA.exe
C:\Users\Marian\AppData\Local\Temp\EAD16F9.exe
C:\Users\Marian\AppData\Local\Temp\EAD1718.exe
C:\Users\Marian\AppData\Local\Temp\EAD1728.exe
C:\Users\Marian\AppData\Local\Temp\EAD1737.exe
C:\Users\Marian\AppData\Local\Temp\EAD1776.exe
C:\Users\Marian\AppData\Local\Temp\EAD17C4.exe
C:\Users\Marian\AppData\Local\Temp\EAD17D3.exe
C:\Users\Marian\AppData\Local\Temp\EAD17E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD17E4.exe
C:\Users\Marian\AppData\Local\Temp\EAD17F2.exe
C:\Users\Marian\AppData\Local\Temp\EAD1812.exe
C:\Users\Marian\AppData\Local\Temp\EAD1850.exe
C:\Users\Marian\AppData\Local\Temp\EAD1851.exe
C:\Users\Marian\AppData\Local\Temp\EAD187F.exe
C:\Users\Marian\AppData\Local\Temp\EAD189E.exe
C:\Users\Marian\AppData\Local\Temp\EAD18DC.exe
C:\Users\Marian\AppData\Local\Temp\EAD18EC.exe
C:\Users\Marian\AppData\Local\Temp\EAD1988.exe
C:\Users\Marian\AppData\Local\Temp\EAD19B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD19B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD19B9.exe
C:\Users\Marian\AppData\Local\Temp\EAD19C6.exe
C:\Users\Marian\AppData\Local\Temp\EAD1A53.exe
C:\Users\Marian\AppData\Local\Temp\EAD1AA1.exe
C:\Users\Marian\AppData\Local\Temp\EAD1AB0.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B0E.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B1E.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B4C.exe
C:\Users\Marian\AppData\Local\Temp\EAD1B6C.exe
C:\Users\Marian\AppData\Local\Temp\EAD1BAA.exe
C:\Users\Marian\AppData\Local\Temp\EAD1BBA.exe
C:\Users\Marian\AppData\Local\Temp\EAD1BD9.exe
C:\Users\Marian\AppData\Local\Temp\EAD1C36.exe
C:\Users\Marian\AppData\Local\Temp\EAD1C46.exe
C:\Users\Marian\AppData\Local\Temp\EAD1C56.exe
C:\Users\Marian\AppData\Local\Temp\EAD1CC3.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D01.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D11.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D20.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D40.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D4F.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D50.exe
C:\Users\Marian\AppData\Local\Temp\EAD1D6E.exe
C:\Users\Marian\AppData\Local\Temp\EAD1E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD1E87.exe
C:\Users\Marian\AppData\Local\Temp\EAD1E97.exe
C:\Users\Marian\AppData\Local\Temp\EAD1EC6.exe
C:\Users\Marian\AppData\Local\Temp\EAD1EE5.exe
C:\Users\Marian\AppData\Local\Temp\EAD1EF4.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F33.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F52.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F71.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F72.exe
C:\Users\Marian\AppData\Local\Temp\EAD1F90.exe
C:\Users\Marian\AppData\Local\Temp\EAD1FDE.exe
C:\Users\Marian\AppData\Local\Temp\EAD1FEE.exe
C:\Users\Marian\AppData\Local\Temp\EAD1FFE.exe
C:\Users\Marian\AppData\Local\Temp\EAD200D.exe
C:\Users\Marian\AppData\Local\Temp\EAD206B.exe
C:\Users\Marian\AppData\Local\Temp\EAD209A.exe
C:\Users\Marian\AppData\Local\Temp\EAD20B9.exe
C:\Users\Marian\AppData\Local\Temp\EAD20BA.exe
C:\Users\Marian\AppData\Local\Temp\EAD20D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD2155.exe
C:\Users\Marian\AppData\Local\Temp\EAD2184.exe
C:\Users\Marian\AppData\Local\Temp\EAD2193.exe
C:\Users\Marian\AppData\Local\Temp\EAD21A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD2210.exe
C:\Users\Marian\AppData\Local\Temp\EAD222F.exe
C:\Users\Marian\AppData\Local\Temp\EAD225E.exe
C:\Users\Marian\AppData\Local\Temp\EAD22BC.exe
C:\Users\Marian\AppData\Local\Temp\EAD22FA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2319.exe
C:\Users\Marian\AppData\Local\Temp\EAD2386.exe
C:\Users\Marian\AppData\Local\Temp\EAD23A6.exe
C:\Users\Marian\AppData\Local\Temp\EAD23B5.exe
C:\Users\Marian\AppData\Local\Temp\EAD23B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD23D4.exe
C:\Users\Marian\AppData\Local\Temp\EAD23D5.exe
C:\Users\Marian\AppData\Local\Temp\EAD2403.exe
C:\Users\Marian\AppData\Local\Temp\EAD2422.exe
C:\Users\Marian\AppData\Local\Temp\EAD24DE.exe
C:\Users\Marian\AppData\Local\Temp\EAD250C.exe
C:\Users\Marian\AppData\Local\Temp\EAD250D.exe
C:\Users\Marian\AppData\Local\Temp\EAD251C.exe
C:\Users\Marian\AppData\Local\Temp\EAD252C.exe
C:\Users\Marian\AppData\Local\Temp\EAD253B.exe
C:\Users\Marian\AppData\Local\Temp\EAD254B.exe
C:\Users\Marian\AppData\Local\Temp\EAD255A.exe
C:\Users\Marian\AppData\Local\Temp\EAD255B.exe
C:\Users\Marian\AppData\Local\Temp\EAD25A8.exe
C:\Users\Marian\AppData\Local\Temp\EAD260.exe
C:\Users\Marian\AppData\Local\Temp\EAD2606.exe
C:\Users\Marian\AppData\Local\Temp\EAD2625.exe
C:\Users\Marian\AppData\Local\Temp\EAD2644.exe
C:\Users\Marian\AppData\Local\Temp\EAD2645.exe
C:\Users\Marian\AppData\Local\Temp\EAD2664.exe
C:\Users\Marian\AppData\Local\Temp\EAD2692.exe
C:\Users\Marian\AppData\Local\Temp\EAD26B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD26D1.exe
C:\Users\Marian\AppData\Local\Temp\EAD26E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD276D.exe
C:\Users\Marian\AppData\Local\Temp\EAD277C.exe
C:\Users\Marian\AppData\Local\Temp\EAD278C.exe
C:\Users\Marian\AppData\Local\Temp\EAD27DA.exe
C:\Users\Marian\AppData\Local\Temp\EAD27F.exe
C:\Users\Marian\AppData\Local\Temp\EAD2876.exe
C:\Users\Marian\AppData\Local\Temp\EAD2877.exe
C:\Users\Marian\AppData\Local\Temp\EAD28B4.exe
C:\Users\Marian\AppData\Local\Temp\EAD28E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD2931.exe
C:\Users\Marian\AppData\Local\Temp\EAD2941.exe
C:\Users\Marian\AppData\Local\Temp\EAD2942.exe
C:\Users\Marian\AppData\Local\Temp\EAD2950.exe
C:\Users\Marian\AppData\Local\Temp\EAD2960.exe
C:\Users\Marian\AppData\Local\Temp\EAD2961.exe
C:\Users\Marian\AppData\Local\Temp\EAD2970.exe
C:\Users\Marian\AppData\Local\Temp\EAD297F.exe
C:\Users\Marian\AppData\Local\Temp\EAD29CD.exe
C:\Users\Marian\AppData\Local\Temp\EAD29DD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A0C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A0D.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A3A.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A5A.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A79.exe
C:\Users\Marian\AppData\Local\Temp\EAD2A88.exe
C:\Users\Marian\AppData\Local\Temp\EAD2AA8.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B15.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B16.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B63.exe
C:\Users\Marian\AppData\Local\Temp\EAD2B92.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C1E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C1F.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C2E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C4D.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C4E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C5C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C8B.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C8C.exe
C:\Users\Marian\AppData\Local\Temp\EAD2C8D.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CAA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CBA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CCA.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CCB.exe
C:\Users\Marian\AppData\Local\Temp\EAD2CCC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D08.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D18.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D19.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D37.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D38.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D56.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D66.exe
C:\Users\Marian\AppData\Local\Temp\EAD2D67.exe
C:\Users\Marian\AppData\Local\Temp\EAD2DB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD2DD3.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E11.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E50.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E51.exe
C:\Users\Marian\AppData\Local\Temp\EAD2E8E.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EAD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EBD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EBE.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EDC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EDD.exe
C:\Users\Marian\AppData\Local\Temp\EAD2EFB.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F1A.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F49.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F88.exe
C:\Users\Marian\AppData\Local\Temp\EAD2F97.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FA7.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FB6.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FC.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FC6.exe
C:\Users\Marian\AppData\Local\Temp\EAD2FC7.exe
C:\Users\Marian\AppData\Local\Temp\EAD3004.exe
C:\Users\Marian\AppData\Local\Temp\EAD3014.exe
C:\Users\Marian\AppData\Local\Temp\EAD3072.exe
C:\Users\Marian\AppData\Local\Temp\EAD3073.exe
C:\Users\Marian\AppData\Local\Temp\EAD30B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C1.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C2.exe
C:\Users\Marian\AppData\Local\Temp\EAD30C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD30CF.exe
C:\Users\Marian\AppData\Local\Temp\EAD30D0.exe
C:\Users\Marian\AppData\Local\Temp\EAD30DF.exe
C:\Users\Marian\AppData\Local\Temp\EAD30FE.exe
C:\Users\Marian\AppData\Local\Temp\EAD311D.exe
C:\Users\Marian\AppData\Local\Temp\EAD314C.exe
C:\Users\Marian\AppData\Local\Temp\EAD31AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD31AB.exe
C:\Users\Marian\AppData\Local\Temp\EAD31B.exe
C:\Users\Marian\AppData\Local\Temp\EAD31C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD31D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD31D9.exe
C:\Users\Marian\AppData\Local\Temp\EAD3249.exe
C:\Users\Marian\AppData\Local\Temp\EAD3274.exe
C:\Users\Marian\AppData\Local\Temp\EAD3275.exe
C:\Users\Marian\AppData\Local\Temp\EAD3276.exe
C:\Users\Marian\AppData\Local\Temp\EAD3294.exe
C:\Users\Marian\AppData\Local\Temp\EAD32A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD32B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD3330.exe
C:\Users\Marian\AppData\Local\Temp\EAD3331.exe
C:\Users\Marian\AppData\Local\Temp\EAD334F.exe
C:\Users\Marian\AppData\Local\Temp\EAD3350.exe
C:\Users\Marian\AppData\Local\Temp\EAD33AC.exe
C:\Users\Marian\AppData\Local\Temp\EAD33DB.exe
C:\Users\Marian\AppData\Local\Temp\EAD340A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3439.exe
C:\Users\Marian\AppData\Local\Temp\EAD343A.exe
C:\Users\Marian\AppData\Local\Temp\EAD343B.exe
C:\Users\Marian\AppData\Local\Temp\EAD3448.exe
C:\Users\Marian\AppData\Local\Temp\EAD3449.exe
C:\Users\Marian\AppData\Local\Temp\EAD3458.exe
C:\Users\Marian\AppData\Local\Temp\EAD3459.exe
C:\Users\Marian\AppData\Local\Temp\EAD34B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD34C5.exe
C:\Users\Marian\AppData\Local\Temp\EAD34D5.exe
C:\Users\Marian\AppData\Local\Temp\EAD3532.exe
C:\Users\Marian\AppData\Local\Temp\EAD3571.exe
C:\Users\Marian\AppData\Local\Temp\EAD35AF.exe
C:\Users\Marian\AppData\Local\Temp\EAD363C.exe
C:\Users\Marian\AppData\Local\Temp\EAD368A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3699.exe
C:\Users\Marian\AppData\Local\Temp\EAD369A.exe
C:\Users\Marian\AppData\Local\Temp\EAD369B.exe
C:\Users\Marian\AppData\Local\Temp\EAD36D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD3716.exe
C:\Users\Marian\AppData\Local\Temp\EAD3726.exe
C:\Users\Marian\AppData\Local\Temp\EAD3727.exe
C:\Users\Marian\AppData\Local\Temp\EAD3745.exe
C:\Users\Marian\AppData\Local\Temp\EAD3754.exe
C:\Users\Marian\AppData\Local\Temp\EAD379.exe
C:\Users\Marian\AppData\Local\Temp\EAD37B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD381F.exe
C:\Users\Marian\AppData\Local\Temp\EAD383E.exe
C:\Users\Marian\AppData\Local\Temp\EAD383F.exe
C:\Users\Marian\AppData\Local\Temp\EAD389C.exe
C:\Users\Marian\AppData\Local\Temp\EAD38EA.exe
C:\Users\Marian\AppData\Local\Temp\EAD3957.exe
C:\Users\Marian\AppData\Local\Temp\EAD3958.exe
C:\Users\Marian\AppData\Local\Temp\EAD3967.exe
C:\Users\Marian\AppData\Local\Temp\EAD3986.exe
C:\Users\Marian\AppData\Local\Temp\EAD39C4.exe
C:\Users\Marian\AppData\Local\Temp\EAD39C5.exe
C:\Users\Marian\AppData\Local\Temp\EAD3A03.exe
C:\Users\Marian\AppData\Local\Temp\EAD3A41.exe
C:\Users\Marian\AppData\Local\Temp\EAD3A70.exe
C:\Users\Marian\AppData\Local\Temp\EAD3AED.exe
C:\Users\Marian\AppData\Local\Temp\EAD3AFC.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B3B.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B4A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B5A.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B5B.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B79.exe
C:\Users\Marian\AppData\Local\Temp\EAD3B98.exe
C:\Users\Marian\AppData\Local\Temp\EAD3BA8.exe
C:\Users\Marian\AppData\Local\Temp\EAD3BD7.exe
C:\Users\Marian\AppData\Local\Temp\EAD3BD8.exe
C:\Users\Marian\AppData\Local\Temp\EAD3C06.exe
C:\Users\Marian\AppData\Local\Temp\EAD3C34.exe
C:\Users\Marian\AppData\Local\Temp\EAD3C73.exe
C:\Users\Marian\AppData\Local\Temp\EAD3CA2.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D0F.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D2E.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D3E.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D6.exe
C:\Users\Marian\AppData\Local\Temp\EAD3D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD3DE9.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E37.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E47.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E76.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E85.exe
C:\Users\Marian\AppData\Local\Temp\EAD3E86.exe
C:\Users\Marian\AppData\Local\Temp\EAD3EA4.exe
C:\Users\Marian\AppData\Local\Temp\EAD3EB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD3ED4.exe
C:\Users\Marian\AppData\Local\Temp\EAD3F21.exe
C:\Users\Marian\AppData\Local\Temp\EAD3F31.exe
C:\Users\Marian\AppData\Local\Temp\EAD3FAE.exe
C:\Users\Marian\AppData\Local\Temp\EAD3FDC.exe
C:\Users\Marian\AppData\Local\Temp\EAD3FEC.exe
C:\Users\Marian\AppData\Local\Temp\EAD4059.exe
C:\Users\Marian\AppData\Local\Temp\EAD4078.exe
C:\Users\Marian\AppData\Local\Temp\EAD4098.exe
C:\Users\Marian\AppData\Local\Temp\EAD40B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD40B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD4105.exe
C:\Users\Marian\AppData\Local\Temp\EAD4124.exe
C:\Users\Marian\AppData\Local\Temp\EAD4134.exe
C:\Users\Marian\AppData\Local\Temp\EAD415.exe
C:\Users\Marian\AppData\Local\Temp\EAD4153.exe
C:\Users\Marian\AppData\Local\Temp\EAD4162.exe
C:\Users\Marian\AppData\Local\Temp\EAD4182.exe
C:\Users\Marian\AppData\Local\Temp\EAD41B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD41B1.exe
C:\Users\Marian\AppData\Local\Temp\EAD41B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD41C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD41D0.exe
C:\Users\Marian\AppData\Local\Temp\EAD41D1.exe
C:\Users\Marian\AppData\Local\Temp\EAD41DF.exe
C:\Users\Marian\AppData\Local\Temp\EAD41FE.exe
C:\Users\Marian\AppData\Local\Temp\EAD429A.exe
C:\Users\Marian\AppData\Local\Temp\EAD42BA.exe
C:\Users\Marian\AppData\Local\Temp\EAD42C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD42E8.exe
C:\Users\Marian\AppData\Local\Temp\EAD4308.exe
C:\Users\Marian\AppData\Local\Temp\EAD434.exe
C:\Users\Marian\AppData\Local\Temp\EAD435.exe
C:\Users\Marian\AppData\Local\Temp\EAD4375.exe
C:\Users\Marian\AppData\Local\Temp\EAD43B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD43B4.exe
C:\Users\Marian\AppData\Local\Temp\EAD43E2.exe
C:\Users\Marian\AppData\Local\Temp\EAD444.exe
C:\Users\Marian\AppData\Local\Temp\EAD445.exe
C:\Users\Marian\AppData\Local\Temp\EAD445F.exe
C:\Users\Marian\AppData\Local\Temp\EAD449D.exe
C:\Users\Marian\AppData\Local\Temp\EAD44AD.exe
C:\Users\Marian\AppData\Local\Temp\EAD44AE.exe
C:\Users\Marian\AppData\Local\Temp\EAD44BC.exe
C:\Users\Marian\AppData\Local\Temp\EAD44CC.exe
C:\Users\Marian\AppData\Local\Temp\EAD450A.exe
C:\Users\Marian\AppData\Local\Temp\EAD452A.exe
C:\Users\Marian\AppData\Local\Temp\EAD452B.exe
C:\Users\Marian\AppData\Local\Temp\EAD453.exe
C:\Users\Marian\AppData\Local\Temp\EAD4597.exe
C:\Users\Marian\AppData\Local\Temp\EAD45E5.exe
C:\Users\Marian\AppData\Local\Temp\EAD4614.exe
C:\Users\Marian\AppData\Local\Temp\EAD463.exe
C:\Users\Marian\AppData\Local\Temp\EAD4633.exe
C:\Users\Marian\AppData\Local\Temp\EAD4634.exe
C:\Users\Marian\AppData\Local\Temp\EAD46A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD46DE.exe
C:\Users\Marian\AppData\Local\Temp\EAD472.exe
C:\Users\Marian\AppData\Local\Temp\EAD473C.exe
C:\Users\Marian\AppData\Local\Temp\EAD475B.exe
C:\Users\Marian\AppData\Local\Temp\EAD476B.exe
C:\Users\Marian\AppData\Local\Temp\EAD478A.exe
C:\Users\Marian\AppData\Local\Temp\EAD4807.exe
C:\Users\Marian\AppData\Local\Temp\EAD482.exe
C:\Users\Marian\AppData\Local\Temp\EAD4826.exe
C:\Users\Marian\AppData\Local\Temp\EAD4836.exe
C:\Users\Marian\AppData\Local\Temp\EAD4845.exe
C:\Users\Marian\AppData\Local\Temp\EAD4884.exe
C:\Users\Marian\AppData\Local\Temp\EAD4910.exe
C:\Users\Marian\AppData\Local\Temp\EAD495E.exe
C:\Users\Marian\AppData\Local\Temp\EAD496E.exe
C:\Users\Marian\AppData\Local\Temp\EAD499C.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A19.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A1A.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A29.exe
C:\Users\Marian\AppData\Local\Temp\EAD4A48.exe
C:\Users\Marian\AppData\Local\Temp\EAD4AA6.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B1.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B13.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B61.exe
C:\Users\Marian\AppData\Local\Temp\EAD4B90.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BAF.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BBE.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BBF.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BC0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BCE.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BED.exe
C:\Users\Marian\AppData\Local\Temp\EAD4BFD.exe
C:\Users\Marian\AppData\Local\Temp\EAD4C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4C99.exe
C:\Users\Marian\AppData\Local\Temp\EAD4CC8.exe
C:\Users\Marian\AppData\Local\Temp\EAD4CE7.exe
C:\Users\Marian\AppData\Local\Temp\EAD4D44.exe
C:\Users\Marian\AppData\Local\Temp\EAD4D54.exe
C:\Users\Marian\AppData\Local\Temp\EAD4D64.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DC1.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DF0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DF1.exe
C:\Users\Marian\AppData\Local\Temp\EAD4DF2.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E00.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E2E.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E2F.exe
C:\Users\Marian\AppData\Local\Temp\EAD4E8C.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EBB.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EBC.exe
C:\Users\Marian\AppData\Local\Temp\EAD4ECA.exe
C:\Users\Marian\AppData\Local\Temp\EAD4ECB.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EDA.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EEA.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EEB.exe
C:\Users\Marian\AppData\Local\Temp\EAD4EF.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F18.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F38.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F47.exe
C:\Users\Marian\AppData\Local\Temp\EAD4F66.exe
C:\Users\Marian\AppData\Local\Temp\EAD4FA5.exe
C:\Users\Marian\AppData\Local\Temp\EAD4FB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD5002.exe
C:\Users\Marian\AppData\Local\Temp\EAD5022.exe
C:\Users\Marian\AppData\Local\Temp\EAD5050.exe
C:\Users\Marian\AppData\Local\Temp\EAD509E.exe
C:\Users\Marian\AppData\Local\Temp\EAD50CD.exe
C:\Users\Marian\AppData\Local\Temp\EAD50EC.exe
C:\Users\Marian\AppData\Local\Temp\EAD50FC.exe
C:\Users\Marian\AppData\Local\Temp\EAD510C.exe
C:\Users\Marian\AppData\Local\Temp\EAD511B.exe
C:\Users\Marian\AppData\Local\Temp\EAD513A.exe
C:\Users\Marian\AppData\Local\Temp\EAD5169.exe
C:\Users\Marian\AppData\Local\Temp\EAD5188.exe
C:\Users\Marian\AppData\Local\Temp\EAD51A8.exe
C:\Users\Marian\AppData\Local\Temp\EAD51B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD51B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD51E6.exe
C:\Users\Marian\AppData\Local\Temp\EAD5205.exe
C:\Users\Marian\AppData\Local\Temp\EAD5282.exe
C:\Users\Marian\AppData\Local\Temp\EAD5292.exe
C:\Users\Marian\AppData\Local\Temp\EAD52A1.exe
C:\Users\Marian\AppData\Local\Temp\EAD52E.exe
C:\Users\Marian\AppData\Local\Temp\EAD52E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD52EF.exe
C:\Users\Marian\AppData\Local\Temp\EAD52F.exe
C:\Users\Marian\AppData\Local\Temp\EAD52F0.exe
C:\Users\Marian\AppData\Local\Temp\EAD531E.exe
C:\Users\Marian\AppData\Local\Temp\EAD534D.exe
C:\Users\Marian\AppData\Local\Temp\EAD535C.exe
C:\Users\Marian\AppData\Local\Temp\EAD535D.exe
C:\Users\Marian\AppData\Local\Temp\EAD537C.exe
C:\Users\Marian\AppData\Local\Temp\EAD539B.exe
C:\Users\Marian\AppData\Local\Temp\EAD53AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD53D.exe
C:\Users\Marian\AppData\Local\Temp\EAD53D9.exe
C:\Users\Marian\AppData\Local\Temp\EAD53E9.exe
C:\Users\Marian\AppData\Local\Temp\EAD5408.exe
C:\Users\Marian\AppData\Local\Temp\EAD5418.exe
C:\Users\Marian\AppData\Local\Temp\EAD5419.exe
C:\Users\Marian\AppData\Local\Temp\EAD5427.exe
C:\Users\Marian\AppData\Local\Temp\EAD5466.exe
C:\Users\Marian\AppData\Local\Temp\EAD54C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD5550.exe
C:\Users\Marian\AppData\Local\Temp\EAD556F.exe
C:\Users\Marian\AppData\Local\Temp\EAD558E.exe
C:\Users\Marian\AppData\Local\Temp\EAD55AD.exe
C:\Users\Marian\AppData\Local\Temp\EAD55DC.exe
C:\Users\Marian\AppData\Local\Temp\EAD55FB.exe
C:\Users\Marian\AppData\Local\Temp\EAD562A.exe
C:\Users\Marian\AppData\Local\Temp\EAD5678.exe
C:\Users\Marian\AppData\Local\Temp\EAD5679.exe
C:\Users\Marian\AppData\Local\Temp\EAD5697.exe
C:\Users\Marian\AppData\Local\Temp\EAD5698.exe
C:\Users\Marian\AppData\Local\Temp\EAD56C6.exe
C:\Users\Marian\AppData\Local\Temp\EAD56F5.exe
C:\Users\Marian\AppData\Local\Temp\EAD5704.exe
C:\Users\Marian\AppData\Local\Temp\EAD5743.exe
C:\Users\Marian\AppData\Local\Temp\EAD5772.exe
C:\Users\Marian\AppData\Local\Temp\EAD57B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD57EE.exe
C:\Users\Marian\AppData\Local\Temp\EAD57FE.exe
C:\Users\Marian\AppData\Local\Temp\EAD582D.exe
C:\Users\Marian\AppData\Local\Temp\EAD584C.exe
C:\Users\Marian\AppData\Local\Temp\EAD588A.exe
C:\Users\Marian\AppData\Local\Temp\EAD589A.exe
C:\Users\Marian\AppData\Local\Temp\EAD58C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD5907.exe
C:\Users\Marian\AppData\Local\Temp\EAD5908.exe
C:\Users\Marian\AppData\Local\Temp\EAD5965.exe
C:\Users\Marian\AppData\Local\Temp\EAD5994.exe
C:\Users\Marian\AppData\Local\Temp\EAD59A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD59A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD59B.exe
C:\Users\Marian\AppData\Local\Temp\EAD59C2.exe
C:\Users\Marian\AppData\Local\Temp\EAD59C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A01.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A30.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A3F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A40.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A4F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A6E.exe
C:\Users\Marian\AppData\Local\Temp\EAD5A8D.exe
C:\Users\Marian\AppData\Local\Temp\EAD5AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5AB.exe
C:\Users\Marian\AppData\Local\Temp\EAD5B39.exe
C:\Users\Marian\AppData\Local\Temp\EAD5B58.exe
C:\Users\Marian\AppData\Local\Temp\EAD5B59.exe
C:\Users\Marian\AppData\Local\Temp\EAD5BC5.exe
C:\Users\Marian\AppData\Local\Temp\EAD5C32.exe
C:\Users\Marian\AppData\Local\Temp\EAD5C71.exe
C:\Users\Marian\AppData\Local\Temp\EAD5C80.exe
C:\Users\Marian\AppData\Local\Temp\EAD5D2C.exe
C:\Users\Marian\AppData\Local\Temp\EAD5D4B.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DA9.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DC8.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DD8.exe
C:\Users\Marian\AppData\Local\Temp\EAD5DF7.exe
C:\Users\Marian\AppData\Local\Temp\EAD5EC2.exe
C:\Users\Marian\AppData\Local\Temp\EAD5ED1.exe
C:\Users\Marian\AppData\Local\Temp\EAD5ED2.exe
C:\Users\Marian\AppData\Local\Temp\EAD5EE1.exe
C:\Users\Marian\AppData\Local\Temp\EAD5EF0.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F1F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F20.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F2F.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F3E.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F5E.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F7D.exe
C:\Users\Marian\AppData\Local\Temp\EAD5F9C.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FCB.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FDA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FEA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FFA.exe
C:\Users\Marian\AppData\Local\Temp\EAD5FFB.exe
C:\Users\Marian\AppData\Local\Temp\EAD6009.exe
C:\Users\Marian\AppData\Local\Temp\EAD6028.exe
C:\Users\Marian\AppData\Local\Temp\EAD6057.exe
C:\Users\Marian\AppData\Local\Temp\EAD6076.exe
C:\Users\Marian\AppData\Local\Temp\EAD6132.exe
C:\Users\Marian\AppData\Local\Temp\EAD6151.exe
C:\Users\Marian\AppData\Local\Temp\EAD6160.exe
C:\Users\Marian\AppData\Local\Temp\EAD61FC.exe
C:\Users\Marian\AppData\Local\Temp\EAD621C.exe
C:\Users\Marian\AppData\Local\Temp\EAD626A.exe
C:\Users\Marian\AppData\Local\Temp\EAD626B.exe
C:\Users\Marian\AppData\Local\Temp\EAD627.exe
C:\Users\Marian\AppData\Local\Temp\EAD6298.exe
C:\Users\Marian\AppData\Local\Temp\EAD62B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD62D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD62E6.exe
C:\Users\Marian\AppData\Local\Temp\EAD62F6.exe
C:\Users\Marian\AppData\Local\Temp\EAD6306.exe
C:\Users\Marian\AppData\Local\Temp\EAD6307.exe
C:\Users\Marian\AppData\Local\Temp\EAD6325.exe
C:\Users\Marian\AppData\Local\Temp\EAD6354.exe
C:\Users\Marian\AppData\Local\Temp\EAD637.exe
C:\Users\Marian\AppData\Local\Temp\EAD63A2.exe
C:\Users\Marian\AppData\Local\Temp\EAD63E0.exe
C:\Users\Marian\AppData\Local\Temp\EAD63E1.exe
C:\Users\Marian\AppData\Local\Temp\EAD63F0.exe
C:\Users\Marian\AppData\Local\Temp\EAD63FF.exe
C:\Users\Marian\AppData\Local\Temp\EAD641E.exe
C:\Users\Marian\AppData\Local\Temp\EAD647C.exe
C:\Users\Marian\AppData\Local\Temp\EAD649B.exe
C:\Users\Marian\AppData\Local\Temp\EAD64CA.exe
C:\Users\Marian\AppData\Local\Temp\EAD6518.exe
C:\Users\Marian\AppData\Local\Temp\EAD6537.exe
C:\Users\Marian\AppData\Local\Temp\EAD6566.exe
C:\Users\Marian\AppData\Local\Temp\EAD6595.exe
C:\Users\Marian\AppData\Local\Temp\EAD6596.exe
C:\Users\Marian\AppData\Local\Temp\EAD65A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD6612.exe
C:\Users\Marian\AppData\Local\Temp\EAD6631.exe
C:\Users\Marian\AppData\Local\Temp\EAD6632.exe
C:\Users\Marian\AppData\Local\Temp\EAD666.exe
C:\Users\Marian\AppData\Local\Temp\EAD667F.exe
C:\Users\Marian\AppData\Local\Temp\EAD672A.exe
C:\Users\Marian\AppData\Local\Temp\EAD673A.exe
C:\Users\Marian\AppData\Local\Temp\EAD6759.exe
C:\Users\Marian\AppData\Local\Temp\EAD6769.exe
C:\Users\Marian\AppData\Local\Temp\EAD6788.exe
C:\Users\Marian\AppData\Local\Temp\EAD6789.exe
C:\Users\Marian\AppData\Local\Temp\EAD678A.exe
C:\Users\Marian\AppData\Local\Temp\EAD67B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD67C6.exe
C:\Users\Marian\AppData\Local\Temp\EAD6805.exe
C:\Users\Marian\AppData\Local\Temp\EAD6806.exe
C:\Users\Marian\AppData\Local\Temp\EAD6824.exe
C:\Users\Marian\AppData\Local\Temp\EAD685.exe
C:\Users\Marian\AppData\Local\Temp\EAD686.exe
C:\Users\Marian\AppData\Local\Temp\EAD6862.exe
C:\Users\Marian\AppData\Local\Temp\EAD687.exe
C:\Users\Marian\AppData\Local\Temp\EAD6891.exe
C:\Users\Marian\AppData\Local\Temp\EAD68B0.exe
C:\Users\Marian\AppData\Local\Temp\EAD68B1.exe
C:\Users\Marian\AppData\Local\Temp\EAD68EF.exe
C:\Users\Marian\AppData\Local\Temp\EAD695C.exe
C:\Users\Marian\AppData\Local\Temp\EAD697B.exe
C:\Users\Marian\AppData\Local\Temp\EAD698B.exe
C:\Users\Marian\AppData\Local\Temp\EAD698C.exe
C:\Users\Marian\AppData\Local\Temp\EAD69AA.exe
C:\Users\Marian\AppData\Local\Temp\EAD69C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD69F8.exe
C:\Users\Marian\AppData\Local\Temp\EAD6A65.exe
C:\Users\Marian\AppData\Local\Temp\EAD6AE2.exe
C:\Users\Marian\AppData\Local\Temp\EAD6AF2.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B11.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B4.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B40.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B41.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B5F.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B60.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B6E.exe
C:\Users\Marian\AppData\Local\Temp\EAD6B9D.exe
C:\Users\Marian\AppData\Local\Temp\EAD6BAD.exe
C:\Users\Marian\AppData\Local\Temp\EAD6BEB.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C3.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C39.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C78.exe
C:\Users\Marian\AppData\Local\Temp\EAD6C79.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D04.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D23.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D81.exe
C:\Users\Marian\AppData\Local\Temp\EAD6D90.exe
C:\Users\Marian\AppData\Local\Temp\EAD6DBF.exe
C:\Users\Marian\AppData\Local\Temp\EAD6E2D.exe
C:\Users\Marian\AppData\Local\Temp\EAD6E3C.exe
C:\Users\Marian\AppData\Local\Temp\EAD6EB9.exe
C:\Users\Marian\AppData\Local\Temp\EAD6EC9.exe
C:\Users\Marian\AppData\Local\Temp\EAD6ECA.exe
C:\Users\Marian\AppData\Local\Temp\EAD6EE8.exe
C:\Users\Marian\AppData\Local\Temp\EAD6F26.exe
C:\Users\Marian\AppData\Local\Temp\EAD6F27.exe
C:\Users\Marian\AppData\Local\Temp\EAD6FB3.exe
C:\Users\Marian\AppData\Local\Temp\EAD6FD2.exe
C:\Users\Marian\AppData\Local\Temp\EAD705E.exe
C:\Users\Marian\AppData\Local\Temp\EAD706E.exe
C:\Users\Marian\AppData\Local\Temp\EAD70EB.exe
C:\Users\Marian\AppData\Local\Temp\EAD710A.exe
C:\Users\Marian\AppData\Local\Temp\EAD710B.exe
C:\Users\Marian\AppData\Local\Temp\EAD711.exe
C:\Users\Marian\AppData\Local\Temp\EAD7119.exe
C:\Users\Marian\AppData\Local\Temp\EAD7148.exe
C:\Users\Marian\AppData\Local\Temp\EAD7158.exe
C:\Users\Marian\AppData\Local\Temp\EAD7177.exe
C:\Users\Marian\AppData\Local\Temp\EAD71E4.exe
C:\Users\Marian\AppData\Local\Temp\EAD721.exe
C:\Users\Marian\AppData\Local\Temp\EAD7280.exe
C:\Users\Marian\AppData\Local\Temp\EAD72AF.exe
C:\Users\Marian\AppData\Local\Temp\EAD733B.exe
C:\Users\Marian\AppData\Local\Temp\EAD734B.exe
C:\Users\Marian\AppData\Local\Temp\EAD736A.exe
C:\Users\Marian\AppData\Local\Temp\EAD73A9.exe
C:\Users\Marian\AppData\Local\Temp\EAD73B8.exe
C:\Users\Marian\AppData\Local\Temp\EAD73D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD7416.exe
C:\Users\Marian\AppData\Local\Temp\EAD7445.exe
C:\Users\Marian\AppData\Local\Temp\EAD7454.exe
C:\Users\Marian\AppData\Local\Temp\EAD74B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD755D.exe
C:\Users\Marian\AppData\Local\Temp\EAD75F.exe
C:\Users\Marian\AppData\Local\Temp\EAD75F9.exe
C:\Users\Marian\AppData\Local\Temp\EAD75FA.exe
C:\Users\Marian\AppData\Local\Temp\EAD7638.exe
C:\Users\Marian\AppData\Local\Temp\EAD7647.exe
C:\Users\Marian\AppData\Local\Temp\EAD7667.exe
C:\Users\Marian\AppData\Local\Temp\EAD76B5.exe
C:\Users\Marian\AppData\Local\Temp\EAD76B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD76E3.exe
C:\Users\Marian\AppData\Local\Temp\EAD7741.exe
C:\Users\Marian\AppData\Local\Temp\EAD7760.exe
C:\Users\Marian\AppData\Local\Temp\EAD77E.exe
C:\Users\Marian\AppData\Local\Temp\EAD783B.exe
C:\Users\Marian\AppData\Local\Temp\EAD7879.exe
C:\Users\Marian\AppData\Local\Temp\EAD7915.exe
C:\Users\Marian\AppData\Local\Temp\EAD7953.exe
C:\Users\Marian\AppData\Local\Temp\EAD7992.exe
C:\Users\Marian\AppData\Local\Temp\EAD79FF.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A3D.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A6C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7A7D.exe
C:\Users\Marian\AppData\Local\Temp\EAD7AAB.exe
C:\Users\Marian\AppData\Local\Temp\EAD7ABA.exe
C:\Users\Marian\AppData\Local\Temp\EAD7ABB.exe
C:\Users\Marian\AppData\Local\Temp\EAD7ABC.exe
C:\Users\Marian\AppData\Local\Temp\EAD7B37.exe
C:\Users\Marian\AppData\Local\Temp\EAD7B47.exe
C:\Users\Marian\AppData\Local\Temp\EAD7B85.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BB4.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BB5.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BD3.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BD4.exe
C:\Users\Marian\AppData\Local\Temp\EAD7BF2.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C21.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C5F.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C6F.exe
C:\Users\Marian\AppData\Local\Temp\EAD7C8E.exe
C:\Users\Marian\AppData\Local\Temp\EAD7CEC.exe
C:\Users\Marian\AppData\Local\Temp\EAD7D59.exe
C:\Users\Marian\AppData\Local\Temp\EAD7D78.exe
C:\Users\Marian\AppData\Local\Temp\EAD7DC.exe
C:\Users\Marian\AppData\Local\Temp\EAD7E05.exe
C:\Users\Marian\AppData\Local\Temp\EAD7E53.exe
C:\Users\Marian\AppData\Local\Temp\EAD7EB0.exe
C:\Users\Marian\AppData\Local\Temp\EAD7F5C.exe
C:\Users\Marian\AppData\Local\Temp\EAD7F6B.exe
C:\Users\Marian\AppData\Local\Temp\EAD7FF8.exe
C:\Users\Marian\AppData\Local\Temp\EAD8055.exe
C:\Users\Marian\AppData\Local\Temp\EAD8075.exe
C:\Users\Marian\AppData\Local\Temp\EAD8094.exe
C:\Users\Marian\AppData\Local\Temp\EAD80B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD80D2.exe
C:\Users\Marian\AppData\Local\Temp\EAD80D3.exe
C:\Users\Marian\AppData\Local\Temp\EAD8130.exe
C:\Users\Marian\AppData\Local\Temp\EAD813F.exe
C:\Users\Marian\AppData\Local\Temp\EAD814F.exe
C:\Users\Marian\AppData\Local\Temp\EAD8239.exe
C:\Users\Marian\AppData\Local\Temp\EAD82B6.exe
C:\Users\Marian\AppData\Local\Temp\EAD82B7.exe
C:\Users\Marian\AppData\Local\Temp\EAD82F4.exe
C:\Users\Marian\AppData\Local\Temp\EAD8313.exe
C:\Users\Marian\AppData\Local\Temp\EAD8323.exe
C:\Users\Marian\AppData\Local\Temp\EAD8333.exe
C:\Users\Marian\AppData\Local\Temp\EAD8334.exe
C:\Users\Marian\AppData\Local\Temp\EAD8361.exe
C:\Users\Marian\AppData\Local\Temp\EAD8371.exe
C:\Users\Marian\AppData\Local\Temp\EAD83A.exe
C:\Users\Marian\AppData\Local\Temp\EAD83B.exe
C:\Users\Marian\AppData\Local\Temp\EAD83CF.exe
C:\Users\Marian\AppData\Local\Temp\EAD83D0.exe
C:\Users\Marian\AppData\Local\Temp\EAD844B.exe
C:\Users\Marian\AppData\Local\Temp\EAD846B.exe
C:\Users\Marian\AppData\Local\Temp\EAD8564.exe
C:\Users\Marian\AppData\Local\Temp\EAD85A3.exe
C:\Users\Marian\AppData\Local\Temp\EAD85A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD85B2.exe
C:\Users\Marian\AppData\Local\Temp\EAD8600.exe
C:\Users\Marian\AppData\Local\Temp\EAD8610.exe
C:\Users\Marian\AppData\Local\Temp\EAD863F.exe
C:\Users\Marian\AppData\Local\Temp\EAD868.exe
C:\Users\Marian\AppData\Local\Temp\EAD86EA.exe
C:\Users\Marian\AppData\Local\Temp\EAD8709.exe
C:\Users\Marian\AppData\Local\Temp\EAD8757.exe
C:\Users\Marian\AppData\Local\Temp\EAD87F3.exe
C:\Users\Marian\AppData\Local\Temp\EAD8832.exe
C:\Users\Marian\AppData\Local\Temp\EAD8841.exe
C:\Users\Marian\AppData\Local\Temp\EAD8870.exe
C:\Users\Marian\AppData\Local\Temp\EAD8871.exe
C:\Users\Marian\AppData\Local\Temp\EAD8872.exe
C:\Users\Marian\AppData\Local\Temp\EAD88CE.exe
C:\Users\Marian\AppData\Local\Temp\EAD891C.exe
C:\Users\Marian\AppData\Local\Temp\EAD894B.exe
C:\Users\Marian\AppData\Local\Temp\EAD897.exe
C:\Users\Marian\AppData\Local\Temp\EAD8989.exe
C:\Users\Marian\AppData\Local\Temp\EAD89A8.exe
C:\Users\Marian\AppData\Local\Temp\EAD89C7.exe
C:\Users\Marian\AppData\Local\Temp\EAD89D7.exe
C:\Users\Marian\AppData\Local\Temp\EAD89D8.exe
C:\Users\Marian\AppData\Local\Temp\EAD89F6.exe
C:\Users\Marian\AppData\Local\Temp\EAD8A92.exe
C:\Users\Marian\AppData\Local\Temp\EAD8A93.exe
C:\Users\Marian\AppData\Local\Temp\EAD8AF0.exe
C:\Users\Marian\AppData\Local\Temp\EAD8AF1.exe
C:\Users\Marian\AppData\Local\Temp\EAD8B0F.exe
C:\Users\Marian\AppData\Local\Temp\EAD8B7C.exe
C:\Users\Marian\AppData\Local\Temp\EAD8B8C.exe
C:\Users\Marian\AppData\Local\Temp\EAD8BBB.exe
C:\Users\Marian\AppData\Local\Temp\EAD8BBC.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C28.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C57.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C58.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C59.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C66.exe
C:\Users\Marian\AppData\Local\Temp\EAD8C85.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CA5.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CC4.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CD3.exe
C:\Users\Marian\AppData\Local\Temp\EAD8CD4.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D31.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D41.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D50.exe
C:\Users\Marian\AppData\Local\Temp\EAD8D7F.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E0B.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E2B.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E3A.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E5.exe
C:\Users\Marian\AppData\Local\Temp\EAD8E98.exe
C:\Users\Marian\AppData\Local\Temp\EAD8EC7.exe
C:\Users\Marian\AppData\Local\Temp\EAD8F05.exe
C:\Users\Marian\AppData\Local\Temp\EAD8F15.exe
C:\Users\Marian\AppData\Local\Temp\EAD8F24.exe
C:\Users\Marian\AppData\Local\Temp\EAD8FD0.exe
C:\Users\Marian\AppData\Local\Temp\EAD8FFF.exe
C:\Users\Marian\AppData\Local\Temp\EAD9000.exe
C:\Users\Marian\AppData\Local\Temp\EAD900E.exe
C:\Users\Marian\AppData\Local\Temp\EAD905C.exe
C:\Users\Marian\AppData\Local\Temp\EAD906C.exe
C:\Users\Marian\AppData\Local\Temp\EAD90F8.exe
C:\Users\Marian\AppData\Local\Temp\EAD9117.exe
C:\Users\Marian\AppData\Local\Temp\EAD9137.exe
C:\Users\Marian\AppData\Local\Temp\EAD9138.exe
C:\Users\Marian\AppData\Local\Temp\EAD914.exe
C:\Users\Marian\AppData\Local\Temp\EAD9156.exe
C:\Users\Marian\AppData\Local\Temp\EAD9165.exe
C:\Users\Marian\AppData\Local\Temp\EAD91A4.exe
C:\Users\Marian\AppData\Local\Temp\EAD91A5.exe
C:\Users\Marian\AppData\Local\Temp\EAD924.exe
C:\Users\Marian\AppData\Local\Temp\EAD928E.exe
C:\Users\Marian\AppData\Local\Temp\EAD929D.exe
C:\Users\Marian\AppData\Local\Temp\EAD932A.exe
C:\Users\Marian\AppData\Local\Temp\EAD933.exe
C:\Users\Marian\AppData\Local\Temp\EAD9349.exe
C:\Users\Marian\AppData\Local\Temp\EAD934A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9359.exe
C:\Users\Marian\AppData\Local\Temp\EAD9368.exe
C:\Users\Marian\AppData\Local\Temp\EAD9397.exe
C:\Users\Marian\AppData\Local\Temp\EAD9404.exe
C:\Users\Marian\AppData\Local\Temp\EAD9405.exe
C:\Users\Marian\AppData\Local\Temp\EAD9423.exe
C:\Users\Marian\AppData\Local\Temp\EAD9471.exe
C:\Users\Marian\AppData\Local\Temp\EAD9491.exe
C:\Users\Marian\AppData\Local\Temp\EAD94A0.exe
C:\Users\Marian\AppData\Local\Temp\EAD94BF.exe
C:\Users\Marian\AppData\Local\Temp\EAD94C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD94CF.exe
C:\Users\Marian\AppData\Local\Temp\EAD94EE.exe
C:\Users\Marian\AppData\Local\Temp\EAD952.exe
C:\Users\Marian\AppData\Local\Temp\EAD955B.exe
C:\Users\Marian\AppData\Local\Temp\EAD958A.exe
C:\Users\Marian\AppData\Local\Temp\EAD958B.exe
C:\Users\Marian\AppData\Local\Temp\EAD959A.exe
C:\Users\Marian\AppData\Local\Temp\EAD95C9.exe
C:\Users\Marian\AppData\Local\Temp\EAD95E8.exe
C:\Users\Marian\AppData\Local\Temp\EAD95E9.exe
C:\Users\Marian\AppData\Local\Temp\EAD9617.exe
C:\Users\Marian\AppData\Local\Temp\EAD962.exe
C:\Users\Marian\AppData\Local\Temp\EAD9626.exe
C:\Users\Marian\AppData\Local\Temp\EAD9636.exe
C:\Users\Marian\AppData\Local\Temp\EAD9637.exe
C:\Users\Marian\AppData\Local\Temp\EAD96B3.exe
C:\Users\Marian\AppData\Local\Temp\EAD96D2.exe
C:\Users\Marian\AppData\Local\Temp\EAD9710.exe
C:\Users\Marian\AppData\Local\Temp\EAD972.exe
C:\Users\Marian\AppData\Local\Temp\EAD974F.exe
C:\Users\Marian\AppData\Local\Temp\EAD977D.exe
C:\Users\Marian\AppData\Local\Temp\EAD978D.exe
C:\Users\Marian\AppData\Local\Temp\EAD97BC.exe
C:\Users\Marian\AppData\Local\Temp\EAD97DB.exe
C:\Users\Marian\AppData\Local\Temp\EAD980A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9819.exe
C:\Users\Marian\AppData\Local\Temp\EAD9839.exe
C:\Users\Marian\AppData\Local\Temp\EAD9858.exe
C:\Users\Marian\AppData\Local\Temp\EAD9877.exe
C:\Users\Marian\AppData\Local\Temp\EAD9961.exe
C:\Users\Marian\AppData\Local\Temp\EAD9971.exe
C:\Users\Marian\AppData\Local\Temp\EAD999F.exe
C:\Users\Marian\AppData\Local\Temp\EAD99DE.exe
C:\Users\Marian\AppData\Local\Temp\EAD99ED.exe
C:\Users\Marian\AppData\Local\Temp\EAD9A7A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9B54.exe
C:\Users\Marian\AppData\Local\Temp\EAD9B55.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C0.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C0F.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C1.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C10.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C3E.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C3F.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C5D.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C7D.exe
C:\Users\Marian\AppData\Local\Temp\EAD9C9C.exe
C:\Users\Marian\AppData\Local\Temp\EAD9CCB.exe
C:\Users\Marian\AppData\Local\Temp\EAD9CF9.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D38.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D39.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D76.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D86.exe
C:\Users\Marian\AppData\Local\Temp\EAD9D87.exe
C:\Users\Marian\AppData\Local\Temp\EAD9DE3.exe
C:\Users\Marian\AppData\Local\Temp\EAD9DF3.exe
C:\Users\Marian\AppData\Local\Temp\EAD9E12.exe
C:\Users\Marian\AppData\Local\Temp\EAD9E9F.exe
C:\Users\Marian\AppData\Local\Temp\EAD9ECD.exe
C:\Users\Marian\AppData\Local\Temp\EAD9F2B.exe
C:\Users\Marian\AppData\Local\Temp\EAD9F5A.exe
C:\Users\Marian\AppData\Local\Temp\EAD9F89.exe
C:\Users\Marian\AppData\Local\Temp\EAD9FA8.exe
C:\Users\Marian\AppData\Local\Temp\EAD9FD7.exe
C:\Users\Marian\AppData\Local\Temp\EADA025.exe
C:\Users\Marian\AppData\Local\Temp\EADA10F.exe
C:\Users\Marian\AppData\Local\Temp\EADA13D.exe
C:\Users\Marian\AppData\Local\Temp\EADA16C.exe
C:\Users\Marian\AppData\Local\Temp\EADA17C.exe
C:\Users\Marian\AppData\Local\Temp\EADA19B.exe
C:\Users\Marian\AppData\Local\Temp\EADA1D.exe
C:\Users\Marian\AppData\Local\Temp\EADA1D9.exe
C:\Users\Marian\AppData\Local\Temp\EADA218.exe
C:\Users\Marian\AppData\Local\Temp\EADA285.exe
C:\Users\Marian\AppData\Local\Temp\EADA295.exe
C:\Users\Marian\AppData\Local\Temp\EADA2F2.exe
C:\Users\Marian\AppData\Local\Temp\EADA350.exe
C:\Users\Marian\AppData\Local\Temp\EADA3BD.exe
C:\Users\Marian\AppData\Local\Temp\EADA3EC.exe
C:\Users\Marian\AppData\Local\Temp\EADA43A.exe
C:\Users\Marian\AppData\Local\Temp\EADA459.exe
C:\Users\Marian\AppData\Local\Temp\EADA4D6.exe
C:\Users\Marian\AppData\Local\Temp\EADA4E5.exe
C:\Users\Marian\AppData\Local\Temp\EADA533.exe
C:\Users\Marian\AppData\Local\Temp\EADA572.exe
C:\Users\Marian\AppData\Local\Temp\EADA5B0.exe
C:\Users\Marian\AppData\Local\Temp\EADA68B.exe
C:\Users\Marian\AppData\Local\Temp\EADA717.exe
C:\Users\Marian\AppData\Local\Temp\EADA811.exe
C:\Users\Marian\AppData\Local\Temp\EADA929.exe
C:\Users\Marian\AppData\Local\Temp\EADA9B6.exe
C:\Users\Marian\AppData\Local\Temp\EADA9B7.exe
C:\Users\Marian\AppData\Local\Temp\EADA9F4.exe
C:\Users\Marian\AppData\Local\Temp\EADAA33.exe
C:\Users\Marian\AppData\Local\Temp\EADAA34.exe
C:\Users\Marian\AppData\Local\Temp\EADAAA.exe
C:\Users\Marian\AppData\Local\Temp\EADAABF.exe
C:\Users\Marian\AppData\Local\Temp\EADAAC0.exe
C:\Users\Marian\AppData\Local\Temp\EADAB.exe
C:\Users\Marian\AppData\Local\Temp\EADAB8A.exe
C:\Users\Marian\AppData\Local\Temp\EADAB99.exe
C:\Users\Marian\AppData\Local\Temp\EADAC16.exe
C:\Users\Marian\AppData\Local\Temp\EADAC45.exe
C:\Users\Marian\AppData\Local\Temp\EADAC55.exe
C:\Users\Marian\AppData\Local\Temp\EADAC93.exe
C:\Users\Marian\AppData\Local\Temp\EADAD00.exe
C:\Users\Marian\AppData\Local\Temp\EADAD01.exe
C:\Users\Marian\AppData\Local\Temp\EADAD2F.exe
C:\Users\Marian\AppData\Local\Temp\EADAD3F.exe
C:\Users\Marian\AppData\Local\Temp\EADAD8.exe
C:\Users\Marian\AppData\Local\Temp\EADAD8D.exe
C:\Users\Marian\AppData\Local\Temp\EADAD9C.exe
C:\Users\Marian\AppData\Local\Temp\EADAE19.exe
C:\Users\Marian\AppData\Local\Temp\EADAE48.exe
C:\Users\Marian\AppData\Local\Temp\EADAEA6.exe
C:\Users\Marian\AppData\Local\Temp\EADAEE4.exe
C:\Users\Marian\AppData\Local\Temp\EADAF41.exe
C:\Users\Marian\AppData\Local\Temp\EADAF51.exe
C:\Users\Marian\AppData\Local\Temp\EADAF9F.exe
C:\Users\Marian\AppData\Local\Temp\EADAFAF.exe
C:\Users\Marian\AppData\Local\Temp\EADAFED.exe
C:\Users\Marian\AppData\Local\Temp\EADB079.exe
C:\Users\Marian\AppData\Local\Temp\EADB0A8.exe
C:\Users\Marian\AppData\Local\Temp\EADB0D7.exe
C:\Users\Marian\AppData\Local\Temp\EADB0F6.exe
C:\Users\Marian\AppData\Local\Temp\EADB0F7.exe
C:\Users\Marian\AppData\Local\Temp\EADB135.exe
C:\Users\Marian\AppData\Local\Temp\EADB144.exe
C:\Users\Marian\AppData\Local\Temp\EADB145.exe
C:\Users\Marian\AppData\Local\Temp\EADB17.exe
C:\Users\Marian\AppData\Local\Temp\EADB1D1.exe
C:\Users\Marian\AppData\Local\Temp\EADB1F0.exe
C:\Users\Marian\AppData\Local\Temp\EADB27C.exe
C:\Users\Marian\AppData\Local\Temp\EADB28C.exe
C:\Users\Marian\AppData\Local\Temp\EADB309.exe
C:\Users\Marian\AppData\Local\Temp\EADB319.exe
C:\Users\Marian\AppData\Local\Temp\EADB337.exe
C:\Users\Marian\AppData\Local\Temp\EADB338.exe
C:\Users\Marian\AppData\Local\Temp\EADB402.exe
C:\Users\Marian\AppData\Local\Temp\EADB47F.exe
C:\Users\Marian\AppData\Local\Temp\EADB4AE.exe
C:\Users\Marian\AppData\Local\Temp\EADB4AF.exe
C:\Users\Marian\AppData\Local\Temp\EADB51B.exe
C:\Users\Marian\AppData\Local\Temp\EADB53A.exe
C:\Users\Marian\AppData\Local\Temp\EADB598.exe
C:\Users\Marian\AppData\Local\Temp\EADB5C7.exe
C:\Users\Marian\AppData\Local\Temp\EADB643.exe
C:\Users\Marian\AppData\Local\Temp\EADB65.exe
C:\Users\Marian\AppData\Local\Temp\EADB6D0.exe
C:\Users\Marian\AppData\Local\Temp\EADB6D1.exe
C:\Users\Marian\AppData\Local\Temp\EADB73D.exe
C:\Users\Marian\AppData\Local\Temp\EADB76C.exe
C:\Users\Marian\AppData\Local\Temp\EADB84.exe
C:\Users\Marian\AppData\Local\Temp\EADB85.exe
C:\Users\Marian\AppData\Local\Temp\EADB865.exe
C:\Users\Marian\AppData\Local\Temp\EADB866.exe
C:\Users\Marian\AppData\Local\Temp\EADB894.exe
C:\Users\Marian\AppData\Local\Temp\EADB8C3.exe
C:\Users\Marian\AppData\Local\Temp\EADB95F.exe
C:\Users\Marian\AppData\Local\Temp\EADB96F.exe
C:\Users\Marian\AppData\Local\Temp\EADB99D.exe
C:\Users\Marian\AppData\Local\Temp\EADB9FB.exe
C:\Users\Marian\AppData\Local\Temp\EADBA3.exe
C:\Users\Marian\AppData\Local\Temp\EADBA59.exe
C:\Users\Marian\AppData\Local\Temp\EADBA68.exe
C:\Users\Marian\AppData\Local\Temp\EADBA78.exe
C:\Users\Marian\AppData\Local\Temp\EADBAB6.exe
C:\Users\Marian\AppData\Local\Temp\EADBB14.exe
C:\Users\Marian\AppData\Local\Temp\EADBB91.exe
C:\Users\Marian\AppData\Local\Temp\EADBB92.exe
C:\Users\Marian\AppData\Local\Temp\EADBBA0.exe
C:\Users\Marian\AppData\Local\Temp\EADBBFE.exe
C:\Users\Marian\AppData\Local\Temp\EADBC0D.exe
C:\Users\Marian\AppData\Local\Temp\EADBCA9.exe
C:\Users\Marian\AppData\Local\Temp\EADBCB9.exe
C:\Users\Marian\AppData\Local\Temp\EADBD07.exe
C:\Users\Marian\AppData\Local\Temp\EADBD08.exe
C:\Users\Marian\AppData\Local\Temp\EADBD26.exe
C:\Users\Marian\AppData\Local\Temp\EADBD74.exe
C:\Users\Marian\AppData\Local\Temp\EADBD75.exe
C:\Users\Marian\AppData\Local\Temp\EADBDA3.exe
C:\Users\Marian\AppData\Local\Temp\EADBDF1.exe
C:\Users\Marian\AppData\Local\Temp\EADBE10.exe
C:\Users\Marian\AppData\Local\Temp\EADBE11.exe
C:\Users\Marian\AppData\Local\Temp\EADBE2F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE3F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE6E.exe
C:\Users\Marian\AppData\Local\Temp\EADBE6F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE9D.exe
C:\Users\Marian\AppData\Local\Temp\EADBF0A.exe
C:\Users\Marian\AppData\Local\Temp\EADBF0B.exe
C:\Users\Marian\AppData\Local\Temp\EADBF1.exe
C:\Users\Marian\AppData\Local\Temp\EADBF29.exe
C:\Users\Marian\AppData\Local\Temp\EADBF48.exe
C:\Users\Marian\AppData\Local\Temp\EADBF67.exe
C:\Users\Marian\AppData\Local\Temp\EADBF87.exe
C:\Users\Marian\AppData\Local\Temp\EADBF96.exe
C:\Users\Marian\AppData\Local\Temp\EADBFC5.exe
C:\Users\Marian\AppData\Local\Temp\EADBFD5.exe
C:\Users\Marian\AppData\Local\Temp\EADBFE4.exe
C:\Users\Marian\AppData\Local\Temp\EADBFF4.exe
C:\Users\Marian\AppData\Local\Temp\EADC01.exe
C:\Users\Marian\AppData\Local\Temp\EADC02.exe
C:\Users\Marian\AppData\Local\Temp\EADC023.exe
C:\Users\Marian\AppData\Local\Temp\EADC0DE.exe
C:\Users\Marian\AppData\Local\Temp\EADC0ED.exe
C:\Users\Marian\AppData\Local\Temp\EADC13B.exe
C:\Users\Marian\AppData\Local\Temp\EADC14B.exe
C:\Users\Marian\AppData\Local\Temp\EADC15B.exe
C:\Users\Marian\AppData\Local\Temp\EADC2A2.exe
C:\Users\Marian\AppData\Local\Temp\EADC32F.exe
C:\Users\Marian\AppData\Local\Temp\EADC33E.exe
C:\Users\Marian\AppData\Local\Temp\EADC35D.exe
C:\Users\Marian\AppData\Local\Temp\EADC3AB.exe
C:\Users\Marian\AppData\Local\Temp\EADC467.exe
C:\Users\Marian\AppData\Local\Temp\EADC4A5.exe
C:\Users\Marian\AppData\Local\Temp\EADC4A8.exe
C:\Users\Marian\AppData\Local\Temp\EADC5AE.exe
C:\Users\Marian\AppData\Local\Temp\EADC5ED.exe
C:\Users\Marian\AppData\Local\Temp\EADC5FC.exe
C:\Users\Marian\AppData\Local\Temp\EADC61B.exe
C:\Users\Marian\AppData\Local\Temp\EADC62B.exe
C:\Users\Marian\AppData\Local\Temp\EADC689.exe
C:\Users\Marian\AppData\Local\Temp\EADC763.exe
C:\Users\Marian\AppData\Local\Temp\EADC7A1.exe
C:\Users\Marian\AppData\Local\Temp\EADC80F.exe
C:\Users\Marian\AppData\Local\Temp\EADC81E.exe
C:\Users\Marian\AppData\Local\Temp\EADC81F.exe
C:\Users\Marian\AppData\Local\Temp\EADC83D.exe
C:\Users\Marian\AppData\Local\Temp\EADC84D.exe
C:\Users\Marian\AppData\Local\Temp\EADC87C.exe
C:\Users\Marian\AppData\Local\Temp\EADC8BA.exe
C:\Users\Marian\AppData\Local\Temp\EADC8F9.exe
C:\Users\Marian\AppData\Local\Temp\EADC8FA.exe
C:\Users\Marian\AppData\Local\Temp\EADC947.exe
C:\Users\Marian\AppData\Local\Temp\EADC9B4.exe
C:\Users\Marian\AppData\Local\Temp\EADC9C3.exe
C:\Users\Marian\AppData\Local\Temp\EADC9E3.exe
C:\Users\Marian\AppData\Local\Temp\EADCA.exe
C:\Users\Marian\AppData\Local\Temp\EADCA21.exe
C:\Users\Marian\AppData\Local\Temp\EADCAFB.exe
C:\Users\Marian\AppData\Local\Temp\EADCAFC.exe
C:\Users\Marian\AppData\Local\Temp\EADCB1B.exe
C:\Users\Marian\AppData\Local\Temp\EADCB2A.exe
C:\Users\Marian\AppData\Local\Temp\EADCBC6.exe
C:\Users\Marian\AppData\Local\Temp\EADCBE5.exe
C:\Users\Marian\AppData\Local\Temp\EADCBF5.exe
C:\Users\Marian\AppData\Local\Temp\EADCBF6.exe
C:\Users\Marian\AppData\Local\Temp\EADCC14.exe
C:\Users\Marian\AppData\Local\Temp\EADCC24.exe
C:\Users\Marian\AppData\Local\Temp\EADCCC0.exe
C:\Users\Marian\AppData\Local\Temp\EADCCFE.exe
C:\Users\Marian\AppData\Local\Temp\EADCCFF.exe
C:\Users\Marian\AppData\Local\Temp\EADCD0E.exe
C:\Users\Marian\AppData\Local\Temp\EADCD5C.exe
C:\Users\Marian\AppData\Local\Temp\EADCD8B.exe
C:\Users\Marian\AppData\Local\Temp\EADCDB.exe
C:\Users\Marian\AppData\Local\Temp\EADCDC9.exe
C:\Users\Marian\AppData\Local\Temp\EADCDE8.exe
C:\Users\Marian\AppData\Local\Temp\EADCE17.exe
C:\Users\Marian\AppData\Local\Temp\EADCE27.exe
C:\Users\Marian\AppData\Local\Temp\EADCE28.exe
C:\Users\Marian\AppData\Local\Temp\EADCE46.exe
C:\Users\Marian\AppData\Local\Temp\EADCED2.exe
C:\Users\Marian\AppData\Local\Temp\EADCEE2.exe
C:\Users\Marian\AppData\Local\Temp\EADCF8D.exe
C:\Users\Marian\AppData\Local\Temp\EADCF9D.exe
C:\Users\Marian\AppData\Local\Temp\EADCFEB.exe
C:\Users\Marian\AppData\Local\Temp\EADD072.exe
C:\Users\Marian\AppData\Local\Temp\EADD0A.exe
C:\Users\Marian\AppData\Local\Temp\EADD0B.exe
C:\Users\Marian\AppData\Local\Temp\EADD0C5.exe
C:\Users\Marian\AppData\Local\Temp\EADD0E5.exe
C:\Users\Marian\AppData\Local\Temp\EADD1A.exe
C:\Users\Marian\AppData\Local\Temp\EADD1CF.exe
C:\Users\Marian\AppData\Local\Temp\EADD23C.exe
C:\Users\Marian\AppData\Local\Temp\EADD2E7.exe
C:\Users\Marian\AppData\Local\Temp\EADD2F7.exe
C:\Users\Marian\AppData\Local\Temp\EADD3D1.exe
C:\Users\Marian\AppData\Local\Temp\EADD3E1.exe
C:\Users\Marian\AppData\Local\Temp\EADD3E2.exe
C:\Users\Marian\AppData\Local\Temp\EADD3F1.exe
C:\Users\Marian\AppData\Local\Temp\EADD400.exe
C:\Users\Marian\AppData\Local\Temp\EADD42F.exe
C:\Users\Marian\AppData\Local\Temp\EADD430.exe
C:\Users\Marian\AppData\Local\Temp\EADD48.exe
C:\Users\Marian\AppData\Local\Temp\EADD4FA.exe
C:\Users\Marian\AppData\Local\Temp\EADD519.exe
C:\Users\Marian\AppData\Local\Temp\EADD5F3.exe
C:\Users\Marian\AppData\Local\Temp\EADD6BE.exe
C:\Users\Marian\AppData\Local\Temp\EADD6DE.exe
C:\Users\Marian\AppData\Local\Temp\EADD6ED.exe
C:\Users\Marian\AppData\Local\Temp\EADD70C.exe
C:\Users\Marian\AppData\Local\Temp\EADD77.exe
C:\Users\Marian\AppData\Local\Temp\EADD7A8.exe
C:\Users\Marian\AppData\Local\Temp\EADD7A9.exe
C:\Users\Marian\AppData\Local\Temp\EADD7E7.exe
C:\Users\Marian\AppData\Local\Temp\EADD7E8.exe
C:\Users\Marian\AppData\Local\Temp\EADD825.exe
C:\Users\Marian\AppData\Local\Temp\EADD844.exe
C:\Users\Marian\AppData\Local\Temp\EADD863.exe
C:\Users\Marian\AppData\Local\Temp\EADD8B1.exe
C:\Users\Marian\AppData\Local\Temp\EADD8B2.exe
C:\Users\Marian\AppData\Local\Temp\EADD8F0.exe
C:\Users\Marian\AppData\Local\Temp\EADD95D.exe
C:\Users\Marian\AppData\Local\Temp\EADD97C.exe
C:\Users\Marian\AppData\Local\Temp\EADD9AB.exe
C:\Users\Marian\AppData\Local\Temp\EADDA28.exe
C:\Users\Marian\AppData\Local\Temp\EADDA76.exe
C:\Users\Marian\AppData\Local\Temp\EADDA77.exe
C:\Users\Marian\AppData\Local\Temp\EADDB7F.exe
C:\Users\Marian\AppData\Local\Temp\EADDBDD.exe
C:\Users\Marian\AppData\Local\Temp\EADDD24.exe
C:\Users\Marian\AppData\Local\Temp\EADDD5.exe
C:\Users\Marian\AppData\Local\Temp\EADDD63.exe
C:\Users\Marian\AppData\Local\Temp\EADDD64.exe
C:\Users\Marian\AppData\Local\Temp\EADDDB1.exe
C:\Users\Marian\AppData\Local\Temp\EADDE4.exe
C:\Users\Marian\AppData\Local\Temp\EADDED9.exe
C:\Users\Marian\AppData\Local\Temp\EADDEE9.exe
C:\Users\Marian\AppData\Local\Temp\EADDF46.exe
C:\Users\Marian\AppData\Local\Temp\EADE030.exe
C:\Users\Marian\AppData\Local\Temp\EADE04.exe
C:\Users\Marian\AppData\Local\Temp\EADE0BD.exe
C:\Users\Marian\AppData\Local\Temp\EADE0CC.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DC.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DD.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DE.exe
C:\Users\Marian\AppData\Local\Temp\EADE15B.exe
C:\Users\Marian\AppData\Local\Temp\EADE178.exe
C:\Users\Marian\AppData\Local\Temp\EADE204.exe
C:\Users\Marian\AppData\Local\Temp\EADE223.exe
C:\Users\Marian\AppData\Local\Temp\EADE23.exe
C:\Users\Marian\AppData\Local\Temp\EADE233.exe
C:\Users\Marian\AppData\Local\Temp\EADE243.exe
C:\Users\Marian\AppData\Local\Temp\EADE37B.exe
C:\Users\Marian\AppData\Local\Temp\EADE39A.exe
C:\Users\Marian\AppData\Local\Temp\EADE3F7.exe
C:\Users\Marian\AppData\Local\Temp\EADE42.exe
C:\Users\Marian\AppData\Local\Temp\EADE4C2.exe
C:\Users\Marian\AppData\Local\Temp\EADE501.exe
C:\Users\Marian\AppData\Local\Temp\EADE55E.exe
C:\Users\Marian\AppData\Local\Temp\EADE56E.exe
C:\Users\Marian\AppData\Local\Temp\EADE5AC.exe
C:\Users\Marian\AppData\Local\Temp\EADE619.exe
C:\Users\Marian\AppData\Local\Temp\EADE61A.exe
C:\Users\Marian\AppData\Local\Temp\EADE648.exe
C:\Users\Marian\AppData\Local\Temp\EADE658.exe
C:\Users\Marian\AppData\Local\Temp\EADE667.exe
C:\Users\Marian\AppData\Local\Temp\EADE703.exe
C:\Users\Marian\AppData\Local\Temp\EADE7AF.exe
C:\Users\Marian\AppData\Local\Temp\EADE7DE.exe
C:\Users\Marian\AppData\Local\Temp\EADE7FD.exe
C:\Users\Marian\AppData\Local\Temp\EADE85B.exe
C:\Users\Marian\AppData\Local\Temp\EADE8B8.exe
C:\Users\Marian\AppData\Local\Temp\EADE993.exe
C:\Users\Marian\AppData\Local\Temp\EADE9C1.exe
C:\Users\Marian\AppData\Local\Temp\EADEA2F.exe
C:\Users\Marian\AppData\Local\Temp\EADEA3E.exe
C:\Users\Marian\AppData\Local\Temp\EADEA8C.exe
C:\Users\Marian\AppData\Local\Temp\EADEACB.exe
C:\Users\Marian\AppData\Local\Temp\EADEB28.exe
C:\Users\Marian\AppData\Local\Temp\EADEB38.exe
C:\Users\Marian\AppData\Local\Temp\EADEB76.exe
C:\Users\Marian\AppData\Local\Temp\EADEBF.exe
C:\Users\Marian\AppData\Local\Temp\EADEC0.exe
C:\Users\Marian\AppData\Local\Temp\EADEC51.exe
C:\Users\Marian\AppData\Local\Temp\EADEC80.exe
C:\Users\Marian\AppData\Local\Temp\EADEC8F.exe
C:\Users\Marian\AppData\Local\Temp\EADEC9F.exe
C:\Users\Marian\AppData\Local\Temp\EADECBE.exe
C:\Users\Marian\AppData\Local\Temp\EADECCD.exe
C:\Users\Marian\AppData\Local\Temp\EADED89.exe
C:\Users\Marian\AppData\Local\Temp\EADEDE6.exe
C:\Users\Marian\AppData\Local\Temp\EADEDF6.exe
C:\Users\Marian\AppData\Local\Temp\EADEE34.exe
C:\Users\Marian\AppData\Local\Temp\EADEE82.exe
C:\Users\Marian\AppData\Local\Temp\EADEEA2.exe
C:\Users\Marian\AppData\Local\Temp\EADEEE0.exe
C:\Users\Marian\AppData\Local\Temp\EADEEE1.exe
C:\Users\Marian\AppData\Local\Temp\EADEF1E.exe
C:\Users\Marian\AppData\Local\Temp\EADEF2E.exe
C:\Users\Marian\AppData\Local\Temp\EADEF6C.exe
C:\Users\Marian\AppData\Local\Temp\EADF.exe
C:\Users\Marian\AppData\Local\Temp\EADF018.exe
C:\Users\Marian\AppData\Local\Temp\EADF160.exe
C:\Users\Marian\AppData\Local\Temp\EADF16F.exe
C:\Users\Marian\AppData\Local\Temp\EADF17F.exe
C:\Users\Marian\AppData\Local\Temp\EADF1DC.exe
C:\Users\Marian\AppData\Local\Temp\EADF22A.exe
C:\Users\Marian\AppData\Local\Temp\EADF288.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B7.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B8.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B9.exe
C:\Users\Marian\AppData\Local\Temp\EADF2E6.exe
C:\Users\Marian\AppData\Local\Temp\EADF324.exe
C:\Users\Marian\AppData\Local\Temp\EADF3D0.exe
C:\Users\Marian\AppData\Local\Temp\EADF41E.exe
C:\Users\Marian\AppData\Local\Temp\EADF43D.exe
C:\Users\Marian\AppData\Local\Temp\EADF44C.exe
C:\Users\Marian\AppData\Local\Temp\EADF4BA.exe
C:\Users\Marian\AppData\Local\Temp\EADF4D9.exe
C:\Users\Marian\AppData\Local\Temp\EADF508.exe
C:\Users\Marian\AppData\Local\Temp\EADF527.exe
C:\Users\Marian\AppData\Local\Temp\EADF565.exe
C:\Users\Marian\AppData\Local\Temp\EADF5E2.exe
C:\Users\Marian\AppData\Local\Temp\EADF611.exe
C:\Users\Marian\AppData\Local\Temp\EADF66E.exe
C:\Users\Marian\AppData\Local\Temp\EADF68E.exe
C:\Users\Marian\AppData\Local\Temp\EADF6BC.exe
C:\Users\Marian\AppData\Local\Temp\EADF70A.exe
C:\Users\Marian\AppData\Local\Temp\EADF70B.exe
C:\Users\Marian\AppData\Local\Temp\EADF797.exe
C:\Users\Marian\AppData\Local\Temp\EADF7F4.exe
C:\Users\Marian\AppData\Local\Temp\EADF823.exe
C:\Users\Marian\AppData\Local\Temp\EADF852.exe
C:\Users\Marian\AppData\Local\Temp\EADF862.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B0.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B1.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B2.exe
C:\Users\Marian\AppData\Local\Temp\EADF91D.exe
C:\Users\Marian\AppData\Local\Temp\EADF92C.exe
C:\Users\Marian\AppData\Local\Temp\EADF99A.exe
C:\Users\Marian\AppData\Local\Temp\EADF9C8.exe
C:\Users\Marian\AppData\Local\Temp\EADF9C9.exe
C:\Users\Marian\AppData\Local\Temp\EADFA9.exe
C:\Users\Marian\AppData\Local\Temp\EADFA93.exe
C:\Users\Marian\AppData\Local\Temp\EADFAB2.exe
C:\Users\Marian\AppData\Local\Temp\EADFB00.exe
C:\Users\Marian\AppData\Local\Temp\EADFB5E.exe
C:\Users\Marian\AppData\Local\Temp\EADFB7D.exe
C:\Users\Marian\AppData\Local\Temp\EADFB8D.exe
C:\Users\Marian\AppData\Local\Temp\EADFBEA.exe
C:\Users\Marian\AppData\Local\Temp\EADFBFA.exe
C:\Users\Marian\AppData\Local\Temp\EADFC0A.exe
C:\Users\Marian\AppData\Local\Temp\EADFC0B.exe
C:\Users\Marian\AppData\Local\Temp\EADFC19.exe
C:\Users\Marian\AppData\Local\Temp\EADFC58.exe
C:\Users\Marian\AppData\Local\Temp\EADFC8.exe
C:\Users\Marian\AppData\Local\Temp\EADFC96.exe
C:\Users\Marian\AppData\Local\Temp\EADFCC5.exe
C:\Users\Marian\AppData\Local\Temp\EADFCD4.exe
C:\Users\Marian\AppData\Local\Temp\EADFD03.exe
C:\Users\Marian\AppData\Local\Temp\EADFDED.exe
C:\Users\Marian\AppData\Local\Temp\EADFE7.exe
C:\Users\Marian\AppData\Local\Temp\EADFEA8.exe
C:\Users\Marian\AppData\Local\Temp\EADFF16.exe
C:\Users\Marian\AppData\Local\Temp\EADFF54.exe
C:\Users\Marian\AppData\Local\Temp\EADFF73.exe
C:\Users\Marian\AppData\Local\Temp\EADFFB2.exe
C:\Users\Marian\AppData\Local\Temp\EADFFE0.exe
C:\Users\Marian\AppData\Local\Temp\EAInstall.dll
C:\Users\Marian\AppData\Local\Temp\eauninstall.exe
C:\Users\Marian\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Marian\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Marian\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Marian\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Marian\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Marian\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Marian\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Marian\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Marian\AppData\Local\Temp\yPrU.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-16 16:14

==================== End Of Log ============================
         
Habe nun alles gesendet, was bei dem Scan war.

Beide Logfiles.

Gruß Marian

Alt 11.11.2013, 22:01   #8
aharonov
/// TB-Ausbilder
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Ok, nach dem Fix in Schritt 1 sollte der Sperrschirm gar nicht mehr auftreten.

Du hast ein bisschen gar viele Antivirenprogramme installiert.. Deinstalliere alle bis auf eines.


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ehfhbnb.lnk
ShortcutTarget: ehfhbnb.lnk -> C:\PROGRA~3\bnbhfhe.dss (Microsoft Corporation)
2013-11-09 15:27 - 2013-11-09 15:27 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\bnbhfhe.dss
2013-11-09 15:27 - 2013-11-09 15:27 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\ehfhbnb.pss
2013-11-10 17:13 - 2013-11-10 10:01 - 00000279 _____ C:\ProgramData\ehfhbnb.reg
2013-11-10 17:13 - 2013-11-09 15:27 - 95025368 ____T C:\ProgramData\ehfhbnb.bxx
2013-11-10 17:13 - 2013-11-09 15:27 - 00000000 _____ C:\ProgramData\ehfhbnb.fvv
C:\Users\Marian\AppData\Local\Temp\*.exe
C:\Users\Marian\AppData\Local\Temp\*.dll
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    Advanced System Protector
    Ask Toolbar Updater
    Bonanza Deals
    FromDocToPDF Toolbar
    metaCrawler
    MyPC Backup
    RegClean Pro
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 3

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 4

Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 12.11.2013, 17:35   #9
Sevikar
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013
Ran by Marian at 2013-11-12 16:54:53 Run:4
Running from C:\Users\Marian\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ehfhbnb.lnk
ShortcutTarget: ehfhbnb.lnk -> C:\PROGRA~3\bnbhfhe.dss (Microsoft Corporation)
2013-11-09 15:27 - 2013-11-09 15:27 - 00131072 _____ (Microsoft Corporation) C:\ProgramData\bnbhfhe.dss
2013-11-09 15:27 - 2013-11-09 15:27 - 00061536 ____T (Microsoft Corporation) C:\ProgramData\ehfhbnb.pss
2013-11-10 17:13 - 2013-11-10 10:01 - 00000279 _____ C:\ProgramData\ehfhbnb.reg
2013-11-10 17:13 - 2013-11-09 15:27 - 95025368 ____T C:\ProgramData\ehfhbnb.bxx
2013-11-10 17:13 - 2013-11-09 15:27 - 00000000 _____ C:\ProgramData\ehfhbnb.fvv
C:\Users\Marian\AppData\Local\Temp\*.exe
C:\Users\Marian\AppData\Local\Temp\*.dll
*****************

C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ehfhbnb.lnk not found.
C:\PROGRA~3\bnbhfhe.dss not found.
"C:\ProgramData\bnbhfhe.dss" => File/Directory not found.
"C:\ProgramData\ehfhbnb.pss" => File/Directory not found.
"C:\ProgramData\ehfhbnb.reg" => File/Directory not found.
"C:\ProgramData\ehfhbnb.bxx" => File/Directory not found.
"C:\ProgramData\ehfhbnb.fvv" => File/Directory not found.
         
Dass müsste der Fixlog.txt. sein!

Code:
ATTFilter
# AdwCleaner v3.012 - Bericht erstellt am 12/11/2013 um 17:15:20
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marian - MARIAN-PC
# Gestartet von : C:\Users\Marian\Downloads\adwcleaner_3012.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : ICQ Service

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\FromDocToPDF_65
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Marian\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Marian\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\Marian\AppData\Local\FromDocToPDF_65
Ordner Gelöscht : C:\Users\Marian\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Marian\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Marian\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\MetaCrawler
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Gast\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Ordner Gelöscht : C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Public\Desktop\RegClean Pro.lnk
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\metaCrawler.xml
Datei Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\FromDocToPDF_65
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\BonanzaDealsLive
Schlüssel Gelöscht : HKLM\Software\FromDocToPDF_65
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v10.0.2 (de)

[ Datei : C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\prefs.js ]

Zeile gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.1.2.1");
Zeile gelöscht : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Zeile gelöscht : user_pref("browser.search.order.1", "metaCrawler");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://isearch.avg.com/search?cid=%7Bbeda745e-ab48-4d1d-84d2-1c35f6f66353%7D&mid=3ec46191475447d1b322012ea3c047ad-0b9adabb025698a8169125cb2314e36[...]
Zeile gelöscht : user_pref("extensions.irmcrawler.aflt", "ironmc2");
Zeile gelöscht : user_pref("extensions.irmcrawler.cd", "2XzuyEtN2Y1L1Qzu0EtDyEyCzy0AtCyEtA0EyC0CyByCyEtDtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu");
Zeile gelöscht : user_pref("extensions.irmcrawler.cr", "64302556");
Zeile gelöscht : user_pref("extensions.irmcrawler.instlRef", "");
Zeile gelöscht : user_pref("extensions.metacrawler.aflt", "ironmc2");
Zeile gelöscht : user_pref("extensions.metacrawler.appId", "{0FA5C13C-4EDA-488A-A8EB-B84CD7395A79}");
Zeile gelöscht : user_pref("extensions.metacrawler.cd", "2XzuyEtN2Y1L1Qzu0EtDyEyCzy0AtCyEtA0EyC0CyByCyEtDtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu");
Zeile gelöscht : user_pref("extensions.metacrawler.cntry", "DE");
Zeile gelöscht : user_pref("extensions.metacrawler.cr", "64302556");
Zeile gelöscht : user_pref("extensions.metacrawler.dfltLng", "");
Zeile gelöscht : user_pref("extensions.metacrawler.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.metacrawler.dnsErr", true);
Zeile gelöscht : user_pref("extensions.metacrawler.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,182856[...]
Zeile gelöscht : user_pref("extensions.metacrawler.dspFFXOld", "AVG Secure Search");
Zeile gelöscht : user_pref("extensions.metacrawler.excTlbr", false);
Zeile gelöscht : user_pref("extensions.metacrawler.hdrMd5", "CB656FFF573D56B14E15F46CDA693FE1");
Zeile gelöscht : user_pref("extensions.metacrawler.hmpg", true);
Zeile gelöscht : user_pref("extensions.metacrawler.hmpgUrl", "hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0AtCyEtA0EyC0CyByCyEtDtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=6[...]
Zeile gelöscht : user_pref("extensions.metacrawler.id", "E0469A143E6C7640");
Zeile gelöscht : user_pref("extensions.metacrawler.instlDay", "16019");
Zeile gelöscht : user_pref("extensions.metacrawler.instlRef", "");
Zeile gelöscht : user_pref("extensions.metacrawler.lastB", "hxxp://i.search.metacrawler.com/?f=1&a=ironmc2&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0AtCyEtA0EyC0CyByCyEtDtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr=643[...]
Zeile gelöscht : user_pref("extensions.metacrawler.lastVrsnTs", "1.8.19.010:11:27");
Zeile gelöscht : user_pref("extensions.metacrawler.newTabUrl", "hxxp://i.search.metacrawler.com/?f=2&a=ironmc2&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0AtCyEtA0EyC0CyByCyEtDtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&cr[...]
Zeile gelöscht : user_pref("extensions.metacrawler.prdct", "metacrawler");
Zeile gelöscht : user_pref("extensions.metacrawler.prtnrId", "metaCrawler");
Zeile gelöscht : user_pref("extensions.metacrawler.sg", "none");
Zeile gelöscht : user_pref("extensions.metacrawler.srchPrvdr", "metaCrawler");
Zeile gelöscht : user_pref("extensions.metacrawler.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.metacrawler.tlbrSrchUrl", "hxxp://i.search.metacrawler.com/?f=3&a=ironmc2&cd=2XzuyEtN2Y1L1Qzu0EtDyEyCzy0AtCyEtA0EyC0CyByCyEtDtN0D0Tzu0CyCyBzytN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu&[...]
Zeile gelöscht : user_pref("extensions.metacrawler.vrsn", "1.8.19.0");
Zeile gelöscht : user_pref("extensions.metacrawler.vrsni", "1.8.19.0");
Zeile gelöscht : user_pref("extensions.metacrawler_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.metacrawler_i.newTab", false);
Zeile gelöscht : user_pref("extensions.metacrawler_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.metacrawler_i.vrsnTs", "1.8.19.010:11:27");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "AVG Secure Search");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxps://isearch.avg.com/search?cid=%7Bbeda745e-ab48-4d1d-84d2-1c35f6f66353%7D&mid=3ec46191475447d1b322012ea3c047ad-0b9adabb025698a8169125cb2314e36b1a36c[...]
Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=3E691828-DB1F-4F05-A0AD-C49C38B1BB36&n=77fce381&p2=^Y6^xdm043^YY^de&si=swissconverter");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.lastGuardTime", 1747541187);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.hp.numGuards", 1);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013062017");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm043^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "3E691828-DB1F-4F05-A0AD-C49C38B1BB36");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1384270588702");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.searchHistory", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "fromdoctopdf@mindspark.com");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.facebookSmilesAddonShowedPopup", true);
Zeile gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1384185813);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_default itb_games itb_highlight");
Zeile gelöscht : user_pref("icqtoolbar.history", "google||Filme%20zum%20runterladen||E%20zigarette||Kwick||youporn||redtube||Musklefaseriss||Im%20Land%20des%20Zauberersvon%20Oz%20folge%2010||Kopfgeldj%C3%A4ger||Rammst[...]
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1343402480");
Zeile gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "10.0.2");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "134322930913432295501343238129218");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1384270594);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?pid=avg&sg=0&cid=%7Bbeda745e-ab48-4d1d-84d2-1c35f6f66353%7D&mid=3ec46191475447d1b322012ea3c047ad-0b9adabb025698a8169125cb2314e36b1a36cd1e&ds=AVG[...]

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\nwavychm.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v30.0.1599.101

[ Datei : C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [27394 octets] - [12/11/2013 17:14:12]
AdwCleaner[S0].txt - [26382 octets] - [12/11/2013 17:15:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26443 octets] ##########
         
Dies ist die Textdatei von dem AdwCleaner


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013
Ran by Marian (administrator) on MARIAN-PC on 12-11-2013 17:29:38
Running from C:\Users\Marian\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(UASSOFT.COM) C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\vsnpstd3.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
() C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Marian\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207845 2011-04-29] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2726728 2010-03-25] (CANON INC.)
HKLM\...\Run: [snpstd3] - C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKCU\...\Run: [EA Core] - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe [3342336 2009-09-03] (Electronic Arts)
HKCU\...\Run: [AROReminder] - C:\Program Files (x86)\ARO 2012\ARO.exe [2552688 2012-01-06] (Support.com, Inc.)
HKCU\...\Run: [ICQ] - "C:\Program Files (x86)\ICQ7M\ICQ.exe" silent loginmode=4
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Registration] - C:\Program Files (x86)\System Registration\prodreg.exe [4165440 2011-08-04] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2825741 2011-04-29] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-07-25] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [WireLessMouse] - C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\Marian\AppData\Local\Temp\is-AICRO.tmp\ATR1.exe (No File)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKLM - DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKCU - {A605BB24-9ADB-4A20-B8F8-0D382B77C032} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=13153&src=kw&q={searchTerms}&locale=&apn_ptnrs=S2&apn_dtid=YYYYYYYYDE&apn_uid=5ce01b61-567e-401f-817d-e548de49ef94&apn_sauid=D0B93AB2-0E19-4D61-83E6-B922CB5CBF14
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120212154438.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files\mcafee\msk\mskapbho.dll ()
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120212154438.dll (McAfee, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default
FF DefaultSearchEngine: AVG Secure Search
FF Homepage: google
FF NetworkProxy: "type", 0
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: ciuvo-extension - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\ciuvo-extension@icq.de.xpi
FF Extension: No Name - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\41spxc9a.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore

Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Marian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-09] (Avira Operations GmbH & Co. KG)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-07-25] ()
R2 KMWDSERVICE; C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [208896 2007-02-28] (UASSOFT.COM)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2011-10-18] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2013-02-18] ()
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-09] (Avira GmbH)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-09] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-12 17:13 - 2013-11-12 17:16 - 00000000 ____D C:\AdwCleaner
2013-11-12 17:12 - 2013-11-12 17:12 - 01085542 _____ C:\Users\Marian\Downloads\adwcleaner_3012.exe
2013-11-12 17:05 - 2013-06-20 16:01 - 00708168 _____ (MindSpark) C:\Program Files (x86)\65Uninstall FromDocToPDF.dll
2013-11-12 17:05 - 2013-06-20 16:01 - 00186752 _____ () C:\Program Files (x86)\65res.dll
2013-11-12 16:47 - 2013-11-12 16:59 - 00000715 _____ C:\Users\Marian\Downloads\Fixlist.txt
2013-11-12 16:44 - 2013-11-12 16:46 - 00000715 _____ C:\Users\Marian\Desktop\Fixlist.txt
2013-11-10 21:14 - 2013-11-10 21:14 - 00114281 _____ C:\Users\Marian\Desktop\Daten.txt
2013-11-10 17:02 - 2013-11-10 17:02 - 01957562 _____ (Farbar) C:\Users\Marian\Downloads\FRST64(1).exe
2013-11-10 11:04 - 2013-11-10 11:04 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-10 10:58 - 2013-11-10 10:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-11-10 10:53 - 2013-11-10 10:53 - 00074856 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:53 - 2013-11-10 10:53 - 00000000 ____D C:\Users\Gast\AppData\Roaming\AVG2012
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Roxio
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Leadertech
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell Touch Zone
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Local\Dell
2013-11-10 10:51 - 2013-11-10 10:52 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:51 - 2013-11-10 10:52 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-10 10:51 - 2013-11-10 10:51 - 00001379 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-10 10:49 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast
2013-11-10 10:49 - 2013-11-10 10:49 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:01 - 00000000 ____D C:\Users\Gast\AppData\Local\SoftThinks
2013-11-10 10:49 - 2013-01-30 16:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\TuneUp Software
2013-11-10 10:49 - 2011-11-22 21:07 - 00000000 ___RD C:\Users\Gast\Desktop\Spiele spielen
2013-11-10 10:49 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-10 10:49 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-10 10:26 - 2013-11-11 19:00 - 00029158 _____ C:\Users\Marian\Downloads\Addition.txt
2013-11-10 10:25 - 2013-11-10 10:25 - 00000000 ____D C:\FRST
2013-11-10 10:24 - 2013-11-10 10:24 - 01957098 _____ (Farbar) C:\Users\Marian\Downloads\FRST64.exe
2013-11-10 10:18 - 2013-11-10 10:18 - 00702960 _____ C:\Users\Marian\Downloads\DownloadAcceleratorSetup.exe
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DivX
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files\DivX
2013-11-10 10:12 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-10 10:11 - 2013-11-10 10:14 - 00000000 ____D C:\ProgramData\DivX
2013-11-10 10:11 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-10 10:11 - 2013-11-10 10:11 - 00715038 _____ C:\Windows\unins000.exe
2013-11-10 10:11 - 2013-11-10 10:11 - 00001992 _____ C:\Windows\unins000.dat
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\LavFilters
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\CDXReader
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-10 10:11 - 2012-02-26 16:47 - 00079360 _____ C:\Windows\SysWOW64\ff_vfw.dll
2013-11-10 10:11 - 2012-01-09 20:45 - 00178688 _____ C:\Windows\SysWOW64\unrar.dll
2013-11-10 10:11 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2013-11-10 10:11 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2013-11-10 10:11 - 2011-05-30 14:42 - 00255488 _____ C:\Windows\system32\xvidvfw.dll
2013-11-10 10:11 - 2011-05-30 14:42 - 00240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2013-11-10 10:11 - 2011-05-23 10:52 - 00153088 _____ C:\Windows\SysWOW64\xvid.ax
2013-11-10 10:11 - 2011-05-23 08:49 - 00173568 _____ C:\Windows\system32\xvid.ax
2013-11-10 10:11 - 2011-05-23 08:46 - 00645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2013-11-10 10:11 - 2011-05-23 08:45 - 00696832 _____ C:\Windows\system32\xvidcore.dll
2013-11-10 10:07 - 2013-11-10 10:07 - 00702672 _____ C:\Users\Marian\Downloads\UltimateCodec.exe
2013-11-09 17:56 - 2013-11-09 18:02 - 00000990 _____ C:\Users\Public\Desktop\Spielkiste.lnk
2013-11-09 17:56 - 2013-11-09 17:56 - 00000000 ____D C:\Program Files (x86)\Einfach_Spielen
2013-11-09 17:55 - 2013-11-09 18:02 - 00002342 _____ C:\Users\Public\Desktop\Fluch des Goldes spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001465 _____ C:\Users\Public\Desktop\Moorhuhn Invasion spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001436 _____ C:\Users\Public\Desktop\Moorhuhn Directors Cut spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 3 spielen.lnk
2013-11-09 17:55 - 2013-11-09 18:02 - 00001364 _____ C:\Users\Public\Desktop\Schatzjäger spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001453 _____ C:\Users\Public\Desktop\Moorhuhn Piraten spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Winter spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Remake spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001435 _____ C:\Users\Public\Desktop\Moorhuhn Atlantis spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 2 spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001418 _____ C:\Users\Public\Desktop\Schatz des Pharao spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001404 _____ C:\Users\Public\Desktop\Moorhuhn Wanted spielen.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001390 _____ C:\Users\Public\Desktop\Die original Moorhuhnjagd.lnk
2013-11-09 17:54 - 2013-11-09 18:02 - 00001369 _____ C:\Users\Public\Desktop\Moorhuhn X spielen.lnk
2013-11-09 17:53 - 2013-11-09 18:02 - 00002401 _____ C:\Users\Public\Desktop\Moorhuhn Kart Extra spielen.lnk
2013-11-09 17:53 - 2013-11-09 18:02 - 00001429 _____ C:\Users\Public\Desktop\Moorhuhn Kart Thunder spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Kart 3 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001411 _____ C:\Users\Public\Desktop\Moorhuhn Kart 2 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001390 _____ C:\Users\Public\Desktop\Moorhuhn Kart spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 3 spielen.lnk
2013-11-09 17:52 - 2013-11-09 18:02 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 2 spielen.lnk
2013-11-04 20:31 - 2013-11-04 20:31 - 00000000 ____D C:\Users\Marian\AppData\Local\techland
2013-11-04 20:30 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-11-04 20:30 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-11-04 20:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2013-11-04 20:30 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2013-11-04 20:30 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2013-11-04 20:30 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2013-11-04 20:30 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2013-11-04 20:30 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2013-11-04 20:30 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2013-11-04 20:30 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2013-11-04 20:22 - 2013-11-04 20:22 - 00000222 _____ C:\Users\Marian\Desktop\Call of Juarez Gunslinger.url
2013-11-04 20:22 - 2013-11-04 20:22 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-04 19:46 - 2013-11-12 17:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-04 19:46 - 2013-11-04 19:46 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk

==================== One Month Modified Files and Folders =======

2013-11-12 17:28 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 17:28 - 2009-07-14 05:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 17:25 - 2011-11-22 20:27 - 01337834 _____ C:\Windows\WindowsUpdate.log
2013-11-12 17:23 - 2013-11-04 19:46 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-12 17:21 - 2011-11-22 20:51 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-11-12 17:20 - 2013-06-03 15:27 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-12 17:20 - 2012-12-22 11:12 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 17:20 - 2011-11-22 21:20 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-11-12 17:20 - 2011-11-22 21:20 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-11-12 17:19 - 2010-11-21 04:47 - 00107498 _____ C:\Windows\PFRO.log
2013-11-12 17:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 17:19 - 2009-07-14 05:51 - 00122954 _____ C:\Windows\setupact.log
2013-11-12 17:16 - 2013-11-12 17:13 - 00000000 ____D C:\AdwCleaner
2013-11-12 17:15 - 2012-07-25 18:41 - 00000000 ____D C:\ProgramData\ICQ
2013-11-12 17:15 - 2012-02-07 17:01 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-11-12 17:12 - 2013-11-12 17:12 - 01085542 _____ C:\Users\Marian\Downloads\adwcleaner_3012.exe
2013-11-12 17:10 - 2012-02-06 17:22 - 00000000 ___RD C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-12 17:06 - 2012-02-06 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-12 16:59 - 2013-11-12 16:47 - 00000715 _____ C:\Users\Marian\Downloads\Fixlist.txt
2013-11-12 16:46 - 2013-11-12 16:44 - 00000715 _____ C:\Users\Marian\Desktop\Fixlist.txt
2013-11-12 16:44 - 2012-12-22 11:12 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 16:38 - 2012-02-07 17:00 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-11-11 19:00 - 2013-11-10 10:26 - 00029158 _____ C:\Users\Marian\Downloads\Addition.txt
2013-11-11 16:27 - 2010-11-21 07:50 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-11-11 16:27 - 2010-11-21 07:50 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-11-11 16:27 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-11 16:24 - 2012-09-05 09:52 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-10 21:14 - 2013-11-10 21:14 - 00114281 _____ C:\Users\Marian\Desktop\Daten.txt
2013-11-10 17:02 - 2013-11-10 17:02 - 01957562 _____ (Farbar) C:\Users\Marian\Downloads\FRST64(1).exe
2013-11-10 11:04 - 2013-11-10 11:04 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-11-10 10:58 - 2013-11-10 10:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Mozilla
2013-11-10 10:54 - 2013-11-10 10:54 - 00000000 ____D C:\Users\Gast\AppData\Local\Mozilla
2013-11-10 10:53 - 2013-11-10 10:53 - 00074856 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:53 - 2013-11-10 10:53 - 00000000 ____D C:\Users\Gast\AppData\Roaming\AVG2012
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Roxio
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Leadertech
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell Touch Zone
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Dell
2013-11-10 10:52 - 2013-11-10 10:52 - 00000000 ____D C:\Users\Gast\AppData\Local\Dell
2013-11-10 10:52 - 2013-11-10 10:51 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-10 10:52 - 2013-11-10 10:51 - 00000000 ___RD C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-10 10:51 - 2013-11-10 10:51 - 00001379 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-11-10 10:51 - 2013-11-10 10:51 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-11-10 10:51 - 2013-11-10 10:49 - 00000000 ____D C:\Users\Gast
2013-11-10 10:50 - 2009-07-14 05:45 - 00334320 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-10 10:49 - 2013-11-10 10:49 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-11-10 10:49 - 2013-11-10 10:49 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-11-10 10:35 - 2010-08-06 05:15 - 00000000 ____D C:\Users\Marian\Desktop\USB Musik
2013-11-10 10:34 - 2012-02-06 17:21 - 00074856 _____ C:\Users\Marian\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-10 10:25 - 2013-11-10 10:25 - 00000000 ____D C:\FRST
2013-11-10 10:24 - 2013-11-10 10:24 - 01957098 _____ (Farbar) C:\Users\Marian\Downloads\FRST64.exe
2013-11-10 10:18 - 2013-11-10 10:18 - 00702960 _____ C:\Users\Marian\Downloads\DownloadAcceleratorSetup.exe
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Users\Marian\AppData\Roaming\DivX
2013-11-10 10:14 - 2013-11-10 10:14 - 00000000 ____D C:\Program Files\DivX
2013-11-10 10:14 - 2013-11-10 10:12 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-10 10:14 - 2013-11-10 10:11 - 00000000 ____D C:\ProgramData\DivX
2013-11-10 10:12 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Xvid
2013-11-10 10:11 - 2013-11-10 10:11 - 00715038 _____ C:\Windows\unins000.exe
2013-11-10 10:11 - 2013-11-10 10:11 - 00001992 _____ C:\Windows\unins000.dat
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\LavFilters
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Users\Marian\AppData\Roaming\CDXReader
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\OpenSource Flash Video Splitter
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\Haali
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\ffdshow
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DSP-worx
2013-11-10 10:11 - 2013-11-10 10:11 - 00000000 ____D C:\Program Files (x86)\DirectVobSub
2013-11-10 10:07 - 2013-11-10 10:07 - 00702672 _____ C:\Users\Marian\Downloads\UltimateCodec.exe
2013-11-10 10:01 - 2013-11-10 10:49 - 00000000 ____D C:\Users\Gast\AppData\Local\SoftThinks
2013-11-09 18:02 - 2013-11-09 17:56 - 00000990 _____ C:\Users\Public\Desktop\Spielkiste.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00002342 _____ C:\Users\Public\Desktop\Fluch des Goldes spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001465 _____ C:\Users\Public\Desktop\Moorhuhn Invasion spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001436 _____ C:\Users\Public\Desktop\Moorhuhn Directors Cut spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:55 - 00001364 _____ C:\Users\Public\Desktop\Schatzjäger spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001453 _____ C:\Users\Public\Desktop\Moorhuhn Piraten spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Winter spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Remake spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001435 _____ C:\Users\Public\Desktop\Moorhuhn Atlantis spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001422 _____ C:\Users\Public\Desktop\Schatzjäger 2 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001418 _____ C:\Users\Public\Desktop\Schatz des Pharao spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001404 _____ C:\Users\Public\Desktop\Moorhuhn Wanted spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001390 _____ C:\Users\Public\Desktop\Die original Moorhuhnjagd.lnk
2013-11-09 18:02 - 2013-11-09 17:54 - 00001369 _____ C:\Users\Public\Desktop\Moorhuhn X spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:53 - 00002401 _____ C:\Users\Public\Desktop\Moorhuhn Kart Extra spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:53 - 00001429 _____ C:\Users\Public\Desktop\Moorhuhn Kart Thunder spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001441 _____ C:\Users\Public\Desktop\Moorhuhn Kart 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001411 _____ C:\Users\Public\Desktop\Moorhuhn Kart 2 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001390 _____ C:\Users\Public\Desktop\Moorhuhn Kart spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 3 spielen.lnk
2013-11-09 18:02 - 2013-11-09 17:52 - 00001381 _____ C:\Users\Public\Desktop\Moorhuhn 2 spielen.lnk
2013-11-09 17:58 - 2011-11-22 21:00 - 00412483 _____ C:\Windows\DirectX.log
2013-11-09 17:56 - 2013-11-09 17:56 - 00000000 ____D C:\Program Files (x86)\Einfach_Spielen
2013-11-09 17:54 - 2012-07-25 16:21 - 00000000 ____D C:\Users\Marian\Desktop\Frauen Bilder
2013-11-09 17:52 - 2013-06-19 18:18 - 00000000 ____D C:\Program Files (x86)\Phenomedia
2013-11-09 17:52 - 2011-11-22 20:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-09 14:19 - 2013-05-22 17:01 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-11-04 20:31 - 2013-11-04 20:31 - 00000000 ____D C:\Users\Marian\AppData\Local\techland
2013-11-04 20:22 - 2013-11-04 20:22 - 00000222 _____ C:\Users\Marian\Desktop\Call of Juarez Gunslinger.url
2013-11-04 20:22 - 2013-11-04 20:22 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-11-04 19:46 - 2013-11-04 19:46 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-03 10:49 - 2012-02-07 17:23 - 00000000 ____D C:\Users\Marian\Documents\FIFA 11
2013-10-29 19:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-29 19:25 - 2011-11-22 21:13 - 00000000 ____D C:\ProgramData\Sonic
2013-10-29 16:32 - 2012-03-17 09:30 - 00000000 ____D C:\Users\Marian\dwhelper
2013-10-18 15:48 - 2012-12-22 11:13 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 15:39 - 2012-12-22 11:12 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-16 15:39 - 2012-12-22 11:12 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Gast\AppData\Local\Temp\AskSLib.dll
C:\Users\Marian\AppData\Local\Temp\56628uninstall.exe
C:\Users\Marian\AppData\Local\Temp\AskSLib.dll
C:\Users\Marian\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Marian\AppData\Local\Temp\avguidx.dll
C:\Users\Marian\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Marian\AppData\Local\Temp\EAD31AC.exe
C:\Users\Marian\AppData\Local\Temp\EADAD9C.exe
C:\Users\Marian\AppData\Local\Temp\EADAE19.exe
C:\Users\Marian\AppData\Local\Temp\EADAE48.exe
C:\Users\Marian\AppData\Local\Temp\EADAEA6.exe
C:\Users\Marian\AppData\Local\Temp\EADAEE4.exe
C:\Users\Marian\AppData\Local\Temp\EADAF41.exe
C:\Users\Marian\AppData\Local\Temp\EADAF51.exe
C:\Users\Marian\AppData\Local\Temp\EADAF9F.exe
C:\Users\Marian\AppData\Local\Temp\EADAFAF.exe
C:\Users\Marian\AppData\Local\Temp\EADAFED.exe
C:\Users\Marian\AppData\Local\Temp\EADB079.exe
C:\Users\Marian\AppData\Local\Temp\EADB0A8.exe
C:\Users\Marian\AppData\Local\Temp\EADB0D7.exe
C:\Users\Marian\AppData\Local\Temp\EADB0F6.exe
C:\Users\Marian\AppData\Local\Temp\EADB0F7.exe
C:\Users\Marian\AppData\Local\Temp\EADB135.exe
C:\Users\Marian\AppData\Local\Temp\EADB144.exe
C:\Users\Marian\AppData\Local\Temp\EADB145.exe
C:\Users\Marian\AppData\Local\Temp\EADB17.exe
C:\Users\Marian\AppData\Local\Temp\EADB1D1.exe
C:\Users\Marian\AppData\Local\Temp\EADB1F0.exe
C:\Users\Marian\AppData\Local\Temp\EADB27C.exe
C:\Users\Marian\AppData\Local\Temp\EADB28C.exe
C:\Users\Marian\AppData\Local\Temp\EADB309.exe
C:\Users\Marian\AppData\Local\Temp\EADB319.exe
C:\Users\Marian\AppData\Local\Temp\EADB337.exe
C:\Users\Marian\AppData\Local\Temp\EADB338.exe
C:\Users\Marian\AppData\Local\Temp\EADB402.exe
C:\Users\Marian\AppData\Local\Temp\EADB47F.exe
C:\Users\Marian\AppData\Local\Temp\EADB4AE.exe
C:\Users\Marian\AppData\Local\Temp\EADB4AF.exe
C:\Users\Marian\AppData\Local\Temp\EADB51B.exe
C:\Users\Marian\AppData\Local\Temp\EADB53A.exe
C:\Users\Marian\AppData\Local\Temp\EADB598.exe
C:\Users\Marian\AppData\Local\Temp\EADB5C7.exe
C:\Users\Marian\AppData\Local\Temp\EADB643.exe
C:\Users\Marian\AppData\Local\Temp\EADB65.exe
C:\Users\Marian\AppData\Local\Temp\EADB6D0.exe
C:\Users\Marian\AppData\Local\Temp\EADB6D1.exe
C:\Users\Marian\AppData\Local\Temp\EADB73D.exe
C:\Users\Marian\AppData\Local\Temp\EADB76C.exe
C:\Users\Marian\AppData\Local\Temp\EADB84.exe
C:\Users\Marian\AppData\Local\Temp\EADB85.exe
C:\Users\Marian\AppData\Local\Temp\EADB865.exe
C:\Users\Marian\AppData\Local\Temp\EADB866.exe
C:\Users\Marian\AppData\Local\Temp\EADB894.exe
C:\Users\Marian\AppData\Local\Temp\EADB8C3.exe
C:\Users\Marian\AppData\Local\Temp\EADB95F.exe
C:\Users\Marian\AppData\Local\Temp\EADB96F.exe
C:\Users\Marian\AppData\Local\Temp\EADB99D.exe
C:\Users\Marian\AppData\Local\Temp\EADB9FB.exe
C:\Users\Marian\AppData\Local\Temp\EADBA3.exe
C:\Users\Marian\AppData\Local\Temp\EADBA59.exe
C:\Users\Marian\AppData\Local\Temp\EADBA68.exe
C:\Users\Marian\AppData\Local\Temp\EADBA78.exe
C:\Users\Marian\AppData\Local\Temp\EADBAB6.exe
C:\Users\Marian\AppData\Local\Temp\EADBB14.exe
C:\Users\Marian\AppData\Local\Temp\EADBB91.exe
C:\Users\Marian\AppData\Local\Temp\EADBB92.exe
C:\Users\Marian\AppData\Local\Temp\EADBBA0.exe
C:\Users\Marian\AppData\Local\Temp\EADBBFE.exe
C:\Users\Marian\AppData\Local\Temp\EADBC0D.exe
C:\Users\Marian\AppData\Local\Temp\EADBCA9.exe
C:\Users\Marian\AppData\Local\Temp\EADBCB9.exe
C:\Users\Marian\AppData\Local\Temp\EADBD07.exe
C:\Users\Marian\AppData\Local\Temp\EADBD08.exe
C:\Users\Marian\AppData\Local\Temp\EADBD26.exe
C:\Users\Marian\AppData\Local\Temp\EADBD74.exe
C:\Users\Marian\AppData\Local\Temp\EADBD75.exe
C:\Users\Marian\AppData\Local\Temp\EADBDA3.exe
C:\Users\Marian\AppData\Local\Temp\EADBDF1.exe
C:\Users\Marian\AppData\Local\Temp\EADBE10.exe
C:\Users\Marian\AppData\Local\Temp\EADBE11.exe
C:\Users\Marian\AppData\Local\Temp\EADBE2F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE3F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE6E.exe
C:\Users\Marian\AppData\Local\Temp\EADBE6F.exe
C:\Users\Marian\AppData\Local\Temp\EADBE9D.exe
C:\Users\Marian\AppData\Local\Temp\EADBF0A.exe
C:\Users\Marian\AppData\Local\Temp\EADBF0B.exe
C:\Users\Marian\AppData\Local\Temp\EADBF1.exe
C:\Users\Marian\AppData\Local\Temp\EADBF29.exe
C:\Users\Marian\AppData\Local\Temp\EADBF48.exe
C:\Users\Marian\AppData\Local\Temp\EADBF67.exe
C:\Users\Marian\AppData\Local\Temp\EADBF87.exe
C:\Users\Marian\AppData\Local\Temp\EADBF96.exe
C:\Users\Marian\AppData\Local\Temp\EADBFC5.exe
C:\Users\Marian\AppData\Local\Temp\EADBFD5.exe
C:\Users\Marian\AppData\Local\Temp\EADBFE4.exe
C:\Users\Marian\AppData\Local\Temp\EADBFF4.exe
C:\Users\Marian\AppData\Local\Temp\EADC01.exe
C:\Users\Marian\AppData\Local\Temp\EADC02.exe
C:\Users\Marian\AppData\Local\Temp\EADC023.exe
C:\Users\Marian\AppData\Local\Temp\EADC0DE.exe
C:\Users\Marian\AppData\Local\Temp\EADC0ED.exe
C:\Users\Marian\AppData\Local\Temp\EADC13B.exe
C:\Users\Marian\AppData\Local\Temp\EADC14B.exe
C:\Users\Marian\AppData\Local\Temp\EADC15B.exe
C:\Users\Marian\AppData\Local\Temp\EADC2A2.exe
C:\Users\Marian\AppData\Local\Temp\EADC32F.exe
C:\Users\Marian\AppData\Local\Temp\EADC33E.exe
C:\Users\Marian\AppData\Local\Temp\EADC35D.exe
C:\Users\Marian\AppData\Local\Temp\EADC3AB.exe
C:\Users\Marian\AppData\Local\Temp\EADC467.exe
C:\Users\Marian\AppData\Local\Temp\EADC4A5.exe
C:\Users\Marian\AppData\Local\Temp\EADC4A8.exe
C:\Users\Marian\AppData\Local\Temp\EADC5AE.exe
C:\Users\Marian\AppData\Local\Temp\EADC5ED.exe
C:\Users\Marian\AppData\Local\Temp\EADC5FC.exe
C:\Users\Marian\AppData\Local\Temp\EADC61B.exe
C:\Users\Marian\AppData\Local\Temp\EADC62B.exe
C:\Users\Marian\AppData\Local\Temp\EADC689.exe
C:\Users\Marian\AppData\Local\Temp\EADC763.exe
C:\Users\Marian\AppData\Local\Temp\EADC7A1.exe
C:\Users\Marian\AppData\Local\Temp\EADC80F.exe
C:\Users\Marian\AppData\Local\Temp\EADC81E.exe
C:\Users\Marian\AppData\Local\Temp\EADC81F.exe
C:\Users\Marian\AppData\Local\Temp\EADC83D.exe
C:\Users\Marian\AppData\Local\Temp\EADC84D.exe
C:\Users\Marian\AppData\Local\Temp\EADC87C.exe
C:\Users\Marian\AppData\Local\Temp\EADC8BA.exe
C:\Users\Marian\AppData\Local\Temp\EADC8F9.exe
C:\Users\Marian\AppData\Local\Temp\EADC8FA.exe
C:\Users\Marian\AppData\Local\Temp\EADC947.exe
C:\Users\Marian\AppData\Local\Temp\EADC9B4.exe
C:\Users\Marian\AppData\Local\Temp\EADC9C3.exe
C:\Users\Marian\AppData\Local\Temp\EADC9E3.exe
C:\Users\Marian\AppData\Local\Temp\EADCA.exe
C:\Users\Marian\AppData\Local\Temp\EADCA21.exe
C:\Users\Marian\AppData\Local\Temp\EADCAFB.exe
C:\Users\Marian\AppData\Local\Temp\EADCAFC.exe
C:\Users\Marian\AppData\Local\Temp\EADCB1B.exe
C:\Users\Marian\AppData\Local\Temp\EADCB2A.exe
C:\Users\Marian\AppData\Local\Temp\EADCBC6.exe
C:\Users\Marian\AppData\Local\Temp\EADCBE5.exe
C:\Users\Marian\AppData\Local\Temp\EADCBF5.exe
C:\Users\Marian\AppData\Local\Temp\EADCBF6.exe
C:\Users\Marian\AppData\Local\Temp\EADCC14.exe
C:\Users\Marian\AppData\Local\Temp\EADCC24.exe
C:\Users\Marian\AppData\Local\Temp\EADCCC0.exe
C:\Users\Marian\AppData\Local\Temp\EADCCFE.exe
C:\Users\Marian\AppData\Local\Temp\EADCCFF.exe
C:\Users\Marian\AppData\Local\Temp\EADCD0E.exe
C:\Users\Marian\AppData\Local\Temp\EADCD5C.exe
C:\Users\Marian\AppData\Local\Temp\EADCD8B.exe
C:\Users\Marian\AppData\Local\Temp\EADCDB.exe
C:\Users\Marian\AppData\Local\Temp\EADCDC9.exe
C:\Users\Marian\AppData\Local\Temp\EADCDE8.exe
C:\Users\Marian\AppData\Local\Temp\EADCE17.exe
C:\Users\Marian\AppData\Local\Temp\EADCE27.exe
C:\Users\Marian\AppData\Local\Temp\EADCE28.exe
C:\Users\Marian\AppData\Local\Temp\EADCE46.exe
C:\Users\Marian\AppData\Local\Temp\EADCED2.exe
C:\Users\Marian\AppData\Local\Temp\EADCEE2.exe
C:\Users\Marian\AppData\Local\Temp\EADCF8D.exe
C:\Users\Marian\AppData\Local\Temp\EADCF9D.exe
C:\Users\Marian\AppData\Local\Temp\EADCFEB.exe
C:\Users\Marian\AppData\Local\Temp\EADD072.exe
C:\Users\Marian\AppData\Local\Temp\EADD0A.exe
C:\Users\Marian\AppData\Local\Temp\EADD0B.exe
C:\Users\Marian\AppData\Local\Temp\EADD0C5.exe
C:\Users\Marian\AppData\Local\Temp\EADD0E5.exe
C:\Users\Marian\AppData\Local\Temp\EADD1A.exe
C:\Users\Marian\AppData\Local\Temp\EADD1CF.exe
C:\Users\Marian\AppData\Local\Temp\EADD23C.exe
C:\Users\Marian\AppData\Local\Temp\EADD2E7.exe
C:\Users\Marian\AppData\Local\Temp\EADD2F7.exe
C:\Users\Marian\AppData\Local\Temp\EADD3D1.exe
C:\Users\Marian\AppData\Local\Temp\EADD3E1.exe
C:\Users\Marian\AppData\Local\Temp\EADD3E2.exe
C:\Users\Marian\AppData\Local\Temp\EADD3E3.exe
C:\Users\Marian\AppData\Local\Temp\EADD3F1.exe
C:\Users\Marian\AppData\Local\Temp\EADD400.exe
C:\Users\Marian\AppData\Local\Temp\EADD42F.exe
C:\Users\Marian\AppData\Local\Temp\EADD430.exe
C:\Users\Marian\AppData\Local\Temp\EADD48.exe
C:\Users\Marian\AppData\Local\Temp\EADD4FA.exe
C:\Users\Marian\AppData\Local\Temp\EADD519.exe
C:\Users\Marian\AppData\Local\Temp\EADD5F3.exe
C:\Users\Marian\AppData\Local\Temp\EADD6BE.exe
C:\Users\Marian\AppData\Local\Temp\EADD6DE.exe
C:\Users\Marian\AppData\Local\Temp\EADD6ED.exe
C:\Users\Marian\AppData\Local\Temp\EADD70C.exe
C:\Users\Marian\AppData\Local\Temp\EADD77.exe
C:\Users\Marian\AppData\Local\Temp\EADD7A8.exe
C:\Users\Marian\AppData\Local\Temp\EADD7A9.exe
C:\Users\Marian\AppData\Local\Temp\EADD7E7.exe
C:\Users\Marian\AppData\Local\Temp\EADD7E8.exe
C:\Users\Marian\AppData\Local\Temp\EADD825.exe
C:\Users\Marian\AppData\Local\Temp\EADD844.exe
C:\Users\Marian\AppData\Local\Temp\EADD863.exe
C:\Users\Marian\AppData\Local\Temp\EADD8B1.exe
C:\Users\Marian\AppData\Local\Temp\EADD8B2.exe
C:\Users\Marian\AppData\Local\Temp\EADD8F0.exe
C:\Users\Marian\AppData\Local\Temp\EADD95D.exe
C:\Users\Marian\AppData\Local\Temp\EADD97C.exe
C:\Users\Marian\AppData\Local\Temp\EADD9AB.exe
C:\Users\Marian\AppData\Local\Temp\EADDA28.exe
C:\Users\Marian\AppData\Local\Temp\EADDA76.exe
C:\Users\Marian\AppData\Local\Temp\EADDA77.exe
C:\Users\Marian\AppData\Local\Temp\EADDB7F.exe
C:\Users\Marian\AppData\Local\Temp\EADDBDD.exe
C:\Users\Marian\AppData\Local\Temp\EADDD24.exe
C:\Users\Marian\AppData\Local\Temp\EADDD5.exe
C:\Users\Marian\AppData\Local\Temp\EADDD63.exe
C:\Users\Marian\AppData\Local\Temp\EADDD64.exe
C:\Users\Marian\AppData\Local\Temp\EADDDB1.exe
C:\Users\Marian\AppData\Local\Temp\EADDE4.exe
C:\Users\Marian\AppData\Local\Temp\EADDED9.exe
C:\Users\Marian\AppData\Local\Temp\EADDEE9.exe
C:\Users\Marian\AppData\Local\Temp\EADDF46.exe
C:\Users\Marian\AppData\Local\Temp\EADE030.exe
C:\Users\Marian\AppData\Local\Temp\EADE04.exe
C:\Users\Marian\AppData\Local\Temp\EADE0BD.exe
C:\Users\Marian\AppData\Local\Temp\EADE0CC.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DC.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DD.exe
C:\Users\Marian\AppData\Local\Temp\EADE0DE.exe
C:\Users\Marian\AppData\Local\Temp\EADE15B.exe
C:\Users\Marian\AppData\Local\Temp\EADE178.exe
C:\Users\Marian\AppData\Local\Temp\EADE204.exe
C:\Users\Marian\AppData\Local\Temp\EADE223.exe
C:\Users\Marian\AppData\Local\Temp\EADE23.exe
C:\Users\Marian\AppData\Local\Temp\EADE233.exe
C:\Users\Marian\AppData\Local\Temp\EADE243.exe
C:\Users\Marian\AppData\Local\Temp\EADE37B.exe
C:\Users\Marian\AppData\Local\Temp\EADE39A.exe
C:\Users\Marian\AppData\Local\Temp\EADE3F7.exe
C:\Users\Marian\AppData\Local\Temp\EADE42.exe
C:\Users\Marian\AppData\Local\Temp\EADE4C2.exe
C:\Users\Marian\AppData\Local\Temp\EADE501.exe
C:\Users\Marian\AppData\Local\Temp\EADE55E.exe
C:\Users\Marian\AppData\Local\Temp\EADE56E.exe
C:\Users\Marian\AppData\Local\Temp\EADE5AC.exe
C:\Users\Marian\AppData\Local\Temp\EADE619.exe
C:\Users\Marian\AppData\Local\Temp\EADE61A.exe
C:\Users\Marian\AppData\Local\Temp\EADE648.exe
C:\Users\Marian\AppData\Local\Temp\EADE658.exe
C:\Users\Marian\AppData\Local\Temp\EADE667.exe
C:\Users\Marian\AppData\Local\Temp\EADE703.exe
C:\Users\Marian\AppData\Local\Temp\EADE7AF.exe
C:\Users\Marian\AppData\Local\Temp\EADE7DE.exe
C:\Users\Marian\AppData\Local\Temp\EADE7FD.exe
C:\Users\Marian\AppData\Local\Temp\EADE85B.exe
C:\Users\Marian\AppData\Local\Temp\EADE8B8.exe
C:\Users\Marian\AppData\Local\Temp\EADE993.exe
C:\Users\Marian\AppData\Local\Temp\EADE9C1.exe
C:\Users\Marian\AppData\Local\Temp\EADEA2F.exe
C:\Users\Marian\AppData\Local\Temp\EADEA3E.exe
C:\Users\Marian\AppData\Local\Temp\EADEA8C.exe
C:\Users\Marian\AppData\Local\Temp\EADEACB.exe
C:\Users\Marian\AppData\Local\Temp\EADEB28.exe
C:\Users\Marian\AppData\Local\Temp\EADEB38.exe
C:\Users\Marian\AppData\Local\Temp\EADEB76.exe
C:\Users\Marian\AppData\Local\Temp\EADEBF.exe
C:\Users\Marian\AppData\Local\Temp\EADEC0.exe
C:\Users\Marian\AppData\Local\Temp\EADEC51.exe
C:\Users\Marian\AppData\Local\Temp\EADEC80.exe
C:\Users\Marian\AppData\Local\Temp\EADEC8F.exe
C:\Users\Marian\AppData\Local\Temp\EADEC9F.exe
C:\Users\Marian\AppData\Local\Temp\EADECBE.exe
C:\Users\Marian\AppData\Local\Temp\EADECCD.exe
C:\Users\Marian\AppData\Local\Temp\EADED89.exe
C:\Users\Marian\AppData\Local\Temp\EADEDE6.exe
C:\Users\Marian\AppData\Local\Temp\EADEDF6.exe
C:\Users\Marian\AppData\Local\Temp\EADEE34.exe
C:\Users\Marian\AppData\Local\Temp\EADEE82.exe
C:\Users\Marian\AppData\Local\Temp\EADEEA2.exe
C:\Users\Marian\AppData\Local\Temp\EADEEE0.exe
C:\Users\Marian\AppData\Local\Temp\EADEEE1.exe
C:\Users\Marian\AppData\Local\Temp\EADEF1E.exe
C:\Users\Marian\AppData\Local\Temp\EADEF2E.exe
C:\Users\Marian\AppData\Local\Temp\EADEF6C.exe
C:\Users\Marian\AppData\Local\Temp\EADF.exe
C:\Users\Marian\AppData\Local\Temp\EADF018.exe
C:\Users\Marian\AppData\Local\Temp\EADF160.exe
C:\Users\Marian\AppData\Local\Temp\EADF16F.exe
C:\Users\Marian\AppData\Local\Temp\EADF17F.exe
C:\Users\Marian\AppData\Local\Temp\EADF1DC.exe
C:\Users\Marian\AppData\Local\Temp\EADF22A.exe
C:\Users\Marian\AppData\Local\Temp\EADF288.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B7.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B8.exe
C:\Users\Marian\AppData\Local\Temp\EADF2B9.exe
C:\Users\Marian\AppData\Local\Temp\EADF2E6.exe
C:\Users\Marian\AppData\Local\Temp\EADF324.exe
C:\Users\Marian\AppData\Local\Temp\EADF3D0.exe
C:\Users\Marian\AppData\Local\Temp\EADF41E.exe
C:\Users\Marian\AppData\Local\Temp\EADF43D.exe
C:\Users\Marian\AppData\Local\Temp\EADF44C.exe
C:\Users\Marian\AppData\Local\Temp\EADF4BA.exe
C:\Users\Marian\AppData\Local\Temp\EADF4D9.exe
C:\Users\Marian\AppData\Local\Temp\EADF508.exe
C:\Users\Marian\AppData\Local\Temp\EADF527.exe
C:\Users\Marian\AppData\Local\Temp\EADF565.exe
C:\Users\Marian\AppData\Local\Temp\EADF5E2.exe
C:\Users\Marian\AppData\Local\Temp\EADF611.exe
C:\Users\Marian\AppData\Local\Temp\EADF66E.exe
C:\Users\Marian\AppData\Local\Temp\EADF68E.exe
C:\Users\Marian\AppData\Local\Temp\EADF6BC.exe
C:\Users\Marian\AppData\Local\Temp\EADF70A.exe
C:\Users\Marian\AppData\Local\Temp\EADF70B.exe
C:\Users\Marian\AppData\Local\Temp\EADF797.exe
C:\Users\Marian\AppData\Local\Temp\EADF7F4.exe
C:\Users\Marian\AppData\Local\Temp\EADF823.exe
C:\Users\Marian\AppData\Local\Temp\EADF852.exe
C:\Users\Marian\AppData\Local\Temp\EADF862.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B0.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B1.exe
C:\Users\Marian\AppData\Local\Temp\EADF8B2.exe
C:\Users\Marian\AppData\Local\Temp\EADF91D.exe
C:\Users\Marian\AppData\Local\Temp\EADF92C.exe
C:\Users\Marian\AppData\Local\Temp\EADF99A.exe
C:\Users\Marian\AppData\Local\Temp\EADF9C8.exe
C:\Users\Marian\AppData\Local\Temp\EADF9C9.exe
C:\Users\Marian\AppData\Local\Temp\EADFA9.exe
C:\Users\Marian\AppData\Local\Temp\EADFA93.exe
C:\Users\Marian\AppData\Local\Temp\EADFAB2.exe
C:\Users\Marian\AppData\Local\Temp\EADFB00.exe
C:\Users\Marian\AppData\Local\Temp\EADFB5E.exe
C:\Users\Marian\AppData\Local\Temp\EADFB7D.exe
C:\Users\Marian\AppData\Local\Temp\EADFB8D.exe
C:\Users\Marian\AppData\Local\Temp\EADFBEA.exe
C:\Users\Marian\AppData\Local\Temp\EADFBFA.exe
C:\Users\Marian\AppData\Local\Temp\EADFC0A.exe
C:\Users\Marian\AppData\Local\Temp\EADFC0B.exe
C:\Users\Marian\AppData\Local\Temp\EADFC19.exe
C:\Users\Marian\AppData\Local\Temp\EADFC58.exe
C:\Users\Marian\AppData\Local\Temp\EADFC8.exe
C:\Users\Marian\AppData\Local\Temp\EADFC96.exe
C:\Users\Marian\AppData\Local\Temp\EADFCC5.exe
C:\Users\Marian\AppData\Local\Temp\EADFCD4.exe
C:\Users\Marian\AppData\Local\Temp\EADFD03.exe
C:\Users\Marian\AppData\Local\Temp\EADFDED.exe
C:\Users\Marian\AppData\Local\Temp\EADFE7.exe
C:\Users\Marian\AppData\Local\Temp\EADFEA8.exe
C:\Users\Marian\AppData\Local\Temp\EADFF16.exe
C:\Users\Marian\AppData\Local\Temp\EADFF54.exe
C:\Users\Marian\AppData\Local\Temp\EADFF73.exe
C:\Users\Marian\AppData\Local\Temp\EADFFB2.exe
C:\Users\Marian\AppData\Local\Temp\EADFFE0.exe
C:\Users\Marian\AppData\Local\Temp\EAInstall.dll
C:\Users\Marian\AppData\Local\Temp\eauninstall.exe
C:\Users\Marian\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Marian\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Marian\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Marian\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Marian\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Marian\AppData\Local\Temp\Need for Speed Carbon_uninst.exe
C:\Users\Marian\AppData\Local\Temp\Quarantine.exe
C:\Users\Marian\AppData\Local\Temp\Sqlite3.dll
C:\Users\Marian\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Marian\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Marian\AppData\Local\Temp\yPrU.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-16 16:14

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 12.11.2013, 17:37   #10
Sevikar
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013
Ran by Marian at 2013-11-12 17:31:24
Running from C:\Users\Marian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee  Anti-Virus und Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

Adobe Flash Player 10 ActiveX (x32 Version: 10.0.12.36)
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.183.10)
Adobe Flash Player 11 Plugin (x32 Version: 11.1.102.55)
Adobe Reader X MUI (x32 Version: 10.0.0)
ARO 2012 (Version: 8.0)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.3222)
AVG 2012 (Version: 12.1.2238)
AVG 2012 (Version: 12.1.2240)
AVG 2012 (Version: 12.1.2241)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
Avira Free Antivirus (x32 Version: 12.1.9.2500)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 7.2.241.0)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Call of Juarez Gunslinger (x32)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon MG5100 series Benutzerregistrierung (x32)
Canon MG5100 series MP Drivers
Canon MP Navigator EX 4.0 (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CLICK & LEARN DiDi 360° 3.0 (x32)
Codec Pack Packages (HKCU)
Conexant HD Audio (Version: 8.50.4.0)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4418)
D3DX10 (x32 Version: 15.4.2368.0902)
DC-Bass Source 1.3.0 (x32)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.61)
Dell DataSafe Local Backup (x32 Version: 9.4.61)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell MusicStage (x32 Version: 1.5.201.0)
Dell PhotoStage (x32 Version: 1.5.0.65)
Dell Product Registration (x32 Version: 1.1.3)
Dell Stage (x32 Version: 1.5.201.0)
Dell Stage Remote (x32 Version: 2.0.0.43)
Dell VideoStage  (x32 Version: 1.2.0.1712)
Die ersten 10 Jahre (x32 Version: 1.00.0000)
Die Siedler IV (x32)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DirectVobSub 2.40.4209 (x32 Version: 2.40.4209)
DirectX 9 Runtime (x32 Version: 1.00.0000)
DivX-Setup (x32 Version: 2.6.1.8)
Dora's World Adventure (x32 Version: 2.2.0.95)
EA Download Manager (x32 Version: 5.1.0.4)
eBay (x32 Version: 1.4.0)
Escape Whisper Valley (TM) (x32 Version: 2.2.0.95)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.95)
ffdshow v1.1.4399 [2012-03-22] (x32 Version: 1.1.4399.0)
FIFA 11 (x32 Version: 1.0.0.0)
Final Drive Fury (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
Free Studio version 5.3.5 (x32 Version: 5.3.5)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Guard.ICQ (x32)
Haali Media Splitter (x32)
ICQ Sparberater (x32 Version: 1.3.671)
ICQ7M (x32 Version: 7.8)
Java Auto Updater (x32 Version: 2.0.6.1)
Java(TM) 6 Update 27 (64-bit) (Version: 6.0.270)
Java(TM) 6 Update 27 (x32 Version: 6.0.270)
Jewel Quest (x32 Version: 2.2.0.95)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lagarith Lossless Codec (1.3.27) (x32)
LAME v3.99.3 (for Windows) (x32)
LEGO Racers (x32)
Luxor (x32 Version: 2.2.0.95)
Marine Sharpshooter 3 (x32)
Marine Sharpshooter 4 (x32)
McAfee SecurityCenter (x32 Version: 11.0.654)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Moorhuhnjagd (x32)
Mozilla Firefox 10.0.2 (x86 de) (x32 Version: 10.0.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.4.6308.28)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Need for Speed™ Carbon (x32)
Need for Speed™ ProStreet (x32 Version: 1.0.1.0)
NVIDIA Display Control Panel (Version: 6.14.12.6716)
OpenSource Flash Video Splitter 1.0.0.5 (x32 Version: 1.0.0.5)
Penguins! (x32 Version: 2.2.0.95)
PhotoShowExpress (x32 Version: 2.0.063)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
RBVirtualFolder64Inst (Version: 1.00.0000)
RollerCoaster Tycoon 3 (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio BackOnTrack (x32 Version: 1.3.3)
Roxio Burn (x32 Version: 1.8)
Roxio Creator Starter (x32 Version: 1.0.439)
Roxio Creator Starter (x32 Version: 12.1.77.0)
Roxio Creator Starter (x32 Version: 5.0.0)
Roxio Express Labeler 3 (x32 Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Samantha Swift (x32 Version: 2.2.0.95)
Skype™ 5.10 (x32 Version: 5.10.116)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Steam (x32 Version: 1.0.0.0)
Trust R-series Mouse And Keyboard (x32 Version: 2.0)
Update for Codec Pack (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Wedding Dash - Ready, Aim, Love! (x32 Version: 2.2.0.95)
WER WIRD MILLIONÄR DRITTE EDITION (x32 Version: 1.0.0.0000)
WildTangent Games App (Dell Games) (x32 Version: 4.0.5.36)
WildTangent-Spiele (x32 Version: 1.0.2.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0)
Xvid Video Codec (x32 Version: 1.3.2)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

20-10-2013 17:00:02 Windows-Sicherung
27-10-2013 18:00:03 Windows-Sicherung
03-11-2013 18:00:04 Windows-Sicherung
04-11-2013 18:45:40 Steam wird installiert
04-11-2013 19:27:45 DirectX wurde installiert
09-11-2013 16:51:47 Installiert Die ersten 10 Jahre
09-11-2013 16:56:26 DirectX wurde installiert
09-11-2013 17:02:06 Installiert Die ersten 10 Jahre
10-11-2013 18:00:22 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B69E0D0-CDBD-4076-95F4-D76248E7FE86} - System32\Tasks\{9A1A12CC-81D6-4FB3-BD4B-C400670E65D8} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {2160DA47-76E0-489A-82AB-AE2CA644FDE8} - System32\Tasks\{9831C4F3-56FE-40B2-A245-7CC308B211CB} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {279B3A51-C87D-4691-970C-EDB07FB19F52} - System32\Tasks\{7FF8A3A7-F99B-4B89-B45B-121BE9BBF9A0} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {286C00E3-711F-4A80-9466-7F4414235517} - System32\Tasks\{67DD9177-BEAE-4D63-BC0A-0434CA68EF38} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {31C0D8E7-23D1-422F-B400-AF7668C23744} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{F816ACDB-A9AF-4782-BCFE-9D02A6725A2E}.exe
Task: {35738CC9-8C68-4A79-996C-F43CD22196FD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {3C027EEC-F6BF-4624-98E4-C8D298C0CBD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: {472AD8F6-C0F6-4992-A714-F45DACDB1E67} - System32\Tasks\{7F9F98D6-1E86-490C-B727-008763B817C4} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {51EBE779-3637-4F6B-8023-779AE52E44F4} - System32\Tasks\{D86AD3DF-BC43-4E1B-A50C-19305D35B8C7} => C:\NICE2\nice2.exe [2000-01-14] ()
Task: {56152542-B15F-4D2B-AB19-946265253016} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {572B3336-7015-4D8E-B3E1-515219204662} - System32\Tasks\{41B44E39-720E-4669-85BF-32CAA66E2F1B} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {57E301EF-2053-4881-8457-1378A1A4AA1E} - System32\Tasks\{C7889346-C3E7-48E5-B120-8581F01B9B92} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {59DE2116-00CC-4730-911C-5F74AD87F35D} - System32\Tasks\{D424B8B3-B144-4A7D-977B-1247A7EC38CC} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {6FD312BC-76BB-4F64-9A0A-031F05CAF146} - System32\Tasks\{C8DD2C5F-B94F-4798-B30E-0410AB62F078} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {7214DDD1-2DB0-46A8-889F-B8C7394848AB} - System32\Tasks\{ECFA6F5C-3664-4937-9FF5-0F96C45E2CCD} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {722B6554-33EE-4BBF-9092-21C2D28A1CED} - \Scheduled Update for Ask Toolbar No Task File
Task: {77F2B6E2-366A-4261-92F3-D77F09455132} - System32\Tasks\{DDFCF5B4-1977-428E-BAC4-4D70D3E674A3} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {7C6BCCC1-48EB-4C04-9953-62A416F88569} - System32\Tasks\{0188AE9B-83B2-497B-B56E-0F24CF9B545D} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {95AF3031-0BC4-4A4E-B2FF-601E5504AB4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22] (Google Inc.)
Task: {9AB25701-8734-4300-B6C3-20D77589A26D} - System32\Tasks\{7FC7EAC1-AE5F-42EF-8B35-D37095E9F142} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {9E33A576-AB50-4B2D-8B0A-445E4D344A09} - System32\Tasks\{8C79040E-219C-48F5-97FF-3542B0DC1EE2} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {B115051F-6272-4080-9F34-6564D280A6E4} - System32\Tasks\{A7C23287-E33E-41AF-8DB1-CFB425567AEF} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: {B9FDE6D5-2E36-4E89-8F13-38F75BEA6F34} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-06] (PC-Doctor, Inc.)
Task: {BA49B6C4-D4B2-4598-8E4D-CA8B0167961C} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe
Task: {BEE0BAED-7DE3-4F85-A9AE-F5EAD405E0BD} - System32\Tasks\{C2E34D35-48E7-407E-B7BF-DE8161C30633} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {E4FB6C6E-58F1-4B9E-9A07-CE3838A53505} - System32\Tasks\{F7338E06-F36B-4DB8-95AA-5C8E1D5F487C} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {F3854F01-6C21-4BD8-B8DC-A499DB273D9F} - System32\Tasks\{DE49DDEF-7356-4F1A-92B8-60BE0C9C32D3} => C:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\NFSC.exe [2006-10-17] ()
Task: {F73F9DD9-FF4F-4C4F-A78B-A24ACC2F96ED} - System32\Tasks\{335B4A41-E67B-4D4C-ABA2-957FF71D5F7B} => C:\Program Files (x86)\Phenomedia\Moorhuhnjagd\moorhuhn.exe [1999-10-12] (Witan Entertainment BV)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{F816ACDB-A9AF-4782-BCFE-9D02A6725A2E}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-06 19:34 - 2012-05-09 05:14 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:32 - 2011-06-24 23:32 - 00323136 _____ () C:\Program Files (x86)\Dell\Stage Remote\de-DE\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2013-10-24 09:45 - 2013-10-24 18:45 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-10-30 11:25 - 2013-10-30 20:25 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-10-23 12:07 - 2013-10-23 21:07 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-04-29 18:13 - 2011-04-29 18:13 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2005-05-04 19:12 - 2005-05-04 19:12 - 00028672 _____ () C:\Program Files (x86)\Trust\Trust R-series Mouse And Keyboard\MouseHook.dll
2012-02-06 18:51 - 2012-02-18 10:04 - 01911768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2013 05:20:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 04:59:09 PM) (Source: Application Hang) (User: )
Description: Programm FRST64(1).exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1cc0

Startzeit: 01cedfbf84bed975

Endzeit: 7

Anwendungspfad: C:\Users\Marian\Downloads\FRST64(1).exe

Berichts-ID: 41b4c850-4bb3-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:54:14 PM) (Source: Application Hang) (User: )
Description: Programm FRST64(1).exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 8a0

Startzeit: 01cedfbf391e2749

Endzeit: 3

Anwendungspfad: C:\Users\Marian\Downloads\FRST64(1).exe

Berichts-ID: 97b39dcf-4bb2-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:52:43 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 18cc

Startzeit: 01cedfbee7cfd273

Endzeit: 3

Anwendungspfad: C:\Users\Marian\Downloads\FRST64.exe

Berichts-ID: 69830e9b-4bb2-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:50:18 PM) (Source: Application Hang) (User: )
Description: Programm FRST64.exe, Version 3.3.8.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2004

Startzeit: 01cedfbe91395502

Endzeit: 2

Anwendungspfad: C:\Users\Marian\Downloads\FRST64.exe

Berichts-ID: 0eaf25b5-4bb2-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:33:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:46:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 04:22:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 05:14:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 04:57:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: McSvHost.exe, Version: 2.0.230.0, Zeitstempel: 0x4d41ff46
Name des fehlerhaften Moduls: mps.dll, Version: 13.0.286.0, Zeitstempel: 0x4d233ee9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005197c
ID des fehlerhaften Prozesses: 0xc74
Startzeit der fehlerhaften Anwendung: 0xMcSvHost.exe0
Pfad der fehlerhaften Anwendung: McSvHost.exe1
Pfad des fehlerhaften Moduls: McSvHost.exe2
Berichtskennung: McSvHost.exe3


System errors:
=============
Error: (11/12/2013 05:23:11 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (11/12/2013 05:21:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (11/12/2013 05:21:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (11/12/2013 05:19:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "vToolbarUpdater17.1.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (11/12/2013 05:10:41 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/12/2013 05:05:55 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/12/2013 05:05:53 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/12/2013 05:05:47 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/12/2013 05:05:44 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (11/12/2013 05:05:34 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (11/12/2013 05:20:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/12/2013 04:59:09 PM) (Source: Application Hang)(User: )
Description: FRST64(1).exe3.3.8.11cc001cedfbf84bed9757C:\Users\Marian\Downloads\FRST64(1).exe41b4c850-4bb3-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:54:14 PM) (Source: Application Hang)(User: )
Description: FRST64(1).exe3.3.8.18a001cedfbf391e27493C:\Users\Marian\Downloads\FRST64(1).exe97b39dcf-4bb2-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:52:43 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.118cc01cedfbee7cfd2733C:\Users\Marian\Downloads\FRST64.exe69830e9b-4bb2-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:50:18 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.8.1200401cedfbe913955022C:\Users\Marian\Downloads\FRST64.exe0eaf25b5-4bb2-11e3-b20d-d067e524ae5e

Error: (11/12/2013 04:33:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 06:46:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2013 04:22:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 05:14:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2013 04:57:59 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff46mps.dll13.0.286.04d233ee9c0000005000000000005197cc7401cede2d4a938389C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exec:\PROGRA~1\mcafee\mps\mps.dllded10b85-4a20-11e3-bf27-d067e524ae5e


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 4078.64 MB
Available physical RAM: 2383.68 MB
Total Pagefile: 8155.47 MB
Available Pagefile: 5424.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:765.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 79477327)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
so jetzt hab ich dir alles geschickt!

Danke für deine Hilfe an dieser Stelle schon einaml

Alt 12.11.2013, 17:43   #11
aharonov
/// TB-Ausbilder
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Ok, weiter:


Hinweis: Mehrere AV-Hintergrundwächter

Mir ist aufgefallen, dass du mehr als ein Antivirus-Programm mit Hintergrundwächter laufen hast:
  • Avira Free Antivirus
  • AVG 2012
  • McAfee SecurityCenter
Das ist gefährlich, da sich die verschiedenen Hintergrundwächter gegenseitig in die Quere kommen können und dadurch in ihrer Summe nicht mehr sondern weniger Schutz bieten. Ausserdem bremst das auch das System aus.

Entscheide dich für eines dieser Programme und deinstalliere die anderen über Start -> Systemsteuerung -> Programme und Funktionen (Vista & Win 7) bzw. Start -> Systemsteuerung -> Software (Win XP).



Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
2013-11-12 17:05 - 2013-06-20 16:01 - 00708168 _____ (MindSpark) C:\Program Files (x86)\65Uninstall FromDocToPDF.dll
2013-11-12 17:05 - 2013-06-20 16:01 - 00186752 _____ () C:\Program Files (x86)\65res.dll
Startup: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
ShortcutTarget: Product Registration.lnk -> C:\Users\Marian\AppData\Local\Temp\is-AICRO.tmp\ATR1.exe (No File)
SearchScopes: HKCU - {A605BB24-9ADB-4A20-B8F8-0D382B77C032} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=13153&src=kw&q={searchTerms}&locale=&apn_ptnrs=S2&apn_dtid=YYYYYYYYDE&apn_uid=5ce01b61-567e-401f-817d-e548de49ef94&apn_sauid=D0B93AB2-0E19-4D61-83E6-B922CB5CBF14
C:\Users\Marian\AppData\Local\Temp\*.dll
C:\Users\Marian\AppData\Local\Temp\*.exe
S2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x]
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
cheers,
Leo

Alt 07.01.2014, 15:02   #12
aharonov
/// TB-Ausbilder
 
Interpol/BKA Trojaner - Standard

Interpol/BKA Trojaner



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu Interpol/BKA Trojaner
board, compu, computer, ebenfalls, eingefangen, ellung, gefangen, geld, gen, helft, hilfe, hoffe, profil, reparieren, seite, systemwiederherstellung, troja, trojane, trojaner, trojaner board, trojaner eingefangen, versuch, versucht, wirklich



Ähnliche Themen: Interpol/BKA Trojaner


  1. Interpol Trojaner
    Log-Analyse und Auswertung - 20.11.2014 (7)
  2. Interpol Trojaner
    Log-Analyse und Auswertung - 21.10.2014 (25)
  3. GUV/Interpol-Trojaner Win 7/32 Bit
    Log-Analyse und Auswertung - 21.04.2014 (10)
  4. Interpol hat zugeschlagen! Interpol Troyaner/Virus legt Rechner Lahm!
    Log-Analyse und Auswertung - 31.03.2014 (7)
  5. Interpol Trojaner
    Log-Analyse und Auswertung - 20.03.2014 (16)
  6. Interpol Trojaner 100€ etc..
    Log-Analyse und Auswertung - 23.02.2014 (1)
  7. Trojaner Interpol Win XP - trotz abgesicherten Modus kein Zugriff - Standard AW: Trojaner Interpol Win XP - trotz abgesicherten Modus kein
    Log-Analyse und Auswertung - 18.02.2014 (18)
  8. GVU Interpol Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (1)
  9. interpol bka trojaner!
    Log-Analyse und Auswertung - 12.12.2013 (14)
  10. Interpol Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.11.2013 (14)
  11. GVU-Interpol-BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2013 (17)
  12. Bka interpol trojaner
    Log-Analyse und Auswertung - 29.10.2013 (7)
  13. Interpol-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2013 (16)
  14. Interpol-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (9)
  15. Interpol-Trojaner
    Log-Analyse und Auswertung - 02.09.2013 (1)
  16. Trojaner - Interpol
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (3)
  17. Interpol trojaner
    Log-Analyse und Auswertung - 27.05.2013 (13)

Zum Thema Interpol/BKA Trojaner - Hallo Trojaner Board Team, Ich habe mir ebenfalls, auf meinem HAuptprofil einen Interpol/BKA Trojaner eingefangen, der mich auffordert ihnen Geld für die Freischaltung zu überweisen. Nun bin ich auf eure - Interpol/BKA Trojaner...
Archiv
Du betrachtest: Interpol/BKA Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.