Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 8 64-bit: Snap.do Adware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2014, 15:39   #1
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Also mein Problem ist folgendes: Seitdem ich heute früh ein Video angucken wollte habe ich dieses Programm Snap.do auf meinem Rechner. Bevor das Video gestartet ist hat es mir eine Meldung angezeigt, dass ich Java updaten solle. Als ich dann auf das updaten geklickt habe hat es eine java.exe runtergeladen. Als ich sie dann installiert habe, bemerkte ich schon, dass es viele merkwürdige Programme installiert, weshalb ich dann auch abgebrochen habe. Ich konnte eigentlich auch alle Programme wieder vollständig entfernen bis auf dieses Snap.do eben. Ich habe es auch geschafft das Chrome und Internet Explorer nicht mehr diese Werbung anzeigen von Snap.do. Nun ist noch das Problem, dass ich es nicht durch die Systemsteuerung löschen kann. Es verschwindet zwar, aber wenn ich sie erneut aufrufe, ist es wieder da. Habe auch mal Malwarebytes Anti-Malware durchlaufen lassen. Der Log davon ist im Anhang. Hoffe ihr könnt mich helfen. Danke schon mal im Voraus
Angehängte Dateien
Dateityp: txt Malwarebytes Anti-Malware_Log.txt (2,5 KB, 181x aufgerufen)

Alt 13.06.2014, 18:02   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware





Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 14.06.2014, 01:03   #3
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



FRST:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Sandra (administrator) on SCHLEMMERTOPF on 14-06-2014 01:58:24
Running from C:\Users\Sandra\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1740782634-1134074537-3814847298-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (AdBlock) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-11-08] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
U0 tnbipi; C:\Windows\System32\drivers\djnvx.sys [79064 2014-06-13] (Malwarebytes Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 01:58 - 2014-06-14 01:58 - 00014028 _____ () C:\Users\Sandra\Desktop\FRST.txt
2014-06-14 01:58 - 2014-06-14 01:58 - 00000000 ____D () C:\FRST
2014-06-14 01:57 - 2014-06-14 01:57 - 02081792 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2014-06-13 16:27 - 2014-06-13 16:27 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\djnvx.sys
2014-06-13 16:13 - 2014-06-13 23:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 16:13 - 2014-06-13 16:13 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 16:13 - 2014-06-13 16:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-13 16:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-13 16:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-13 16:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 13:21 - 2014-06-13 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 12:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-13 12:55 - 2014-06-13 13:56 - 00000000 ____D () C:\AdwCleaner
2014-06-13 12:55 - 2014-06-13 12:55 - 01333465 _____ () C:\Users\Sandra\Desktop\adwcleaner_3.212.exe
2014-06-13 12:12 - 2014-06-13 12:12 - 00003118 _____ () C:\Windows\System32\Tasks\{88A67A92-8AC4-4D13-9E4A-0E60DF21621A}
2014-06-13 12:09 - 2014-06-13 12:28 - 00002300 _____ () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-13 12:06 - 2014-06-13 12:13 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-12 10:10 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 10:10 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 10:10 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 10:10 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-12 10:10 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 10:10 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 10:10 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 10:10 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 10:10 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 10:10 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 10:10 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 10:10 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-12 10:10 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 10:10 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-12 10:10 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-12 10:10 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-12 10:10 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-12 10:10 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-12 10:10 - 2014-04-01 00:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-12 10:10 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-12 10:10 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-12 10:09 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 10:09 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 10:08 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 10:08 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 10:08 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-08 20:59 - 2014-06-13 12:10 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-05 22:58 - 2014-06-05 23:00 - 00000000 ____D () C:\Users\Sandra\Desktop\Elitarius2
2014-06-03 15:55 - 2014-06-03 15:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 15:39 - 2014-06-03 15:38 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-03 14:59 - 2014-06-03 18:20 - 00000000 ____D () C:\Users\Sandra\Desktop\BlueJ
2014-06-02 20:26 - 2014-06-02 20:26 - 00022153 _____ () C:\Users\Sandra\Desktop\InfoZusammenfassung_Felix.odt
2014-05-31 15:54 - 2014-05-31 15:54 - 00000692 _____ () C:\Users\Sandra\Desktop\GDMO.lnk
2014-05-31 15:54 - 2014-05-31 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-05-31 15:51 - 2014-05-31 15:51 - 00000000 ____D () C:\Joymax
2014-05-31 15:26 - 2014-05-31 15:26 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Akamai
2014-05-31 09:50 - 2014-05-31 09:50 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-05-31 09:49 - 2014-05-31 09:49 - 00002072 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-31 09:49 - 2014-05-31 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\ProgramData\Avira
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-31 09:48 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-31 09:48 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-31 09:48 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-31 09:48 - 2014-01-19 09:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-27 17:09 - 2014-05-27 17:09 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice
2014-05-27 17:08 - 2014-05-27 17:08 - 00001192 _____ () C:\Users\Sandra\Desktop\OpenOffice 4.1.0.lnk
2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ___SD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-27 17:06 - 2014-05-27 17:07 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-19 17:52 - 2014-05-19 17:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\Users\Sandra\bluej
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-19 17:51 - 2014-05-19 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-05-19 17:51 - 2014-05-19 17:52 - 00000000 ____D () C:\Program Files\Java
2014-05-19 17:44 - 2014-05-19 17:44 - 00001883 _____ () C:\Users\Sandra\Desktop\BlueJ.lnk
2014-05-19 17:44 - 2014-05-19 17:44 - 00000000 ____D () C:\Program Files (x86)\BlueJ
2014-05-16 16:28 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 16:28 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-16 16:28 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 16:28 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 16:28 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-16 16:27 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 16:27 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 16:27 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-16 16:27 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-16 16:27 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 16:27 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 16:27 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 16:27 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-16 16:27 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 16:27 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 16:27 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 16:27 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 16:27 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-16 16:27 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-16 16:27 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 16:27 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 16:27 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 16:27 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 16:27 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 16:27 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 16:27 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 16:27 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-16 16:27 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 16:27 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-16 16:27 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-16 16:27 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-16 16:27 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-16 16:27 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-16 16:27 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-16 16:27 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-16 16:27 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-16 16:27 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-15 17:50 - 2014-05-15 17:50 - 00000000 ____D () C:\Users\Sandra\Desktop\Kollegah

==================== One Month Modified Files and Folders =======

2014-06-14 01:58 - 2014-06-14 01:58 - 00014028 _____ () C:\Users\Sandra\Desktop\FRST.txt
2014-06-14 01:58 - 2014-06-14 01:58 - 00000000 ____D () C:\FRST
2014-06-14 01:58 - 2014-03-10 20:05 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Temp
2014-06-14 01:57 - 2014-06-14 01:57 - 02081792 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2014-06-14 01:27 - 2014-03-26 15:12 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 01:19 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-06-14 01:08 - 2014-03-10 20:14 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1740782634-1134074537-3814847298-1001
2014-06-14 01:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-13 23:02 - 2014-06-13 16:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 18:59 - 2014-03-10 20:06 - 01758202 _____ () C:\Windows\WindowsUpdate.log
2014-06-13 17:27 - 2014-03-26 15:12 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 16:28 - 2014-03-26 15:13 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 16:27 - 2014-06-13 16:27 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\djnvx.sys
2014-06-13 16:27 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\L2Schemas
2014-06-13 16:13 - 2014-06-13 16:13 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 16:13 - 2014-06-13 16:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-13 16:01 - 2014-03-10 20:07 - 00000062 _____ () C:\Users\Sandra\AppData\Roaming\sp_data.sys
2014-06-13 13:56 - 2014-06-13 12:55 - 00000000 ____D () C:\AdwCleaner
2014-06-13 13:56 - 2012-08-02 15:24 - 00188634 _____ () C:\Windows\PFRO.log
2014-06-13 13:56 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-13 13:22 - 2012-08-03 01:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-06-13 13:22 - 2012-08-03 01:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-06-13 13:22 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 13:21 - 2014-06-13 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 12:57 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-13 12:55 - 2014-06-13 12:55 - 01333465 _____ () C:\Users\Sandra\Desktop\adwcleaner_3.212.exe
2014-06-13 12:42 - 2013-04-26 01:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-13 12:41 - 2014-04-13 20:02 - 00448888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-13 12:28 - 2014-06-13 12:09 - 00002300 _____ () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-13 12:13 - 2014-06-13 12:06 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-13 12:12 - 2014-06-13 12:12 - 00003118 _____ () C:\Windows\System32\Tasks\{88A67A92-8AC4-4D13-9E4A-0E60DF21621A}
2014-06-13 12:10 - 2014-06-08 20:59 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2014-06-13 12:06 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-13 12:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-12 13:54 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-12 13:52 - 2014-04-04 15:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 13:51 - 2014-04-04 15:18 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 20:59 - 2014-06-08 20:59 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-06 16:07 - 2012-07-26 09:21 - 00036329 _____ () C:\Windows\setupact.log
2014-06-06 14:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-05 23:00 - 2014-06-05 22:58 - 00000000 ____D () C:\Users\Sandra\Desktop\Elitarius2
2014-06-05 17:45 - 2014-01-16 19:43 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-06-05 17:45 - 2014-01-16 19:43 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-06-03 18:20 - 2014-06-03 14:59 - 00000000 ____D () C:\Users\Sandra\Desktop\BlueJ
2014-06-03 17:05 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-03 15:55 - 2014-06-03 15:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 15:38 - 2014-06-03 15:39 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-02 20:26 - 2014-06-02 20:26 - 00022153 _____ () C:\Users\Sandra\Desktop\InfoZusammenfassung_Felix.odt
2014-05-31 15:54 - 2014-05-31 15:54 - 00000692 _____ () C:\Users\Sandra\Desktop\GDMO.lnk
2014-05-31 15:54 - 2014-05-31 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-05-31 15:51 - 2014-05-31 15:51 - 00000000 ____D () C:\Joymax
2014-05-31 15:26 - 2014-05-31 15:26 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Akamai
2014-05-31 09:50 - 2014-05-31 09:50 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-05-31 09:49 - 2014-05-31 09:49 - 00002072 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-31 09:49 - 2014-05-31 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-31 09:49 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\ProgramData\Avira
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-31 09:46 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-31 09:39 - 2014-03-26 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 07:16 - 2012-07-26 10:14 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 07:16 - 2012-07-26 10:14 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-28 19:21 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini
2014-05-27 17:09 - 2014-05-27 17:09 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice
2014-05-27 17:08 - 2014-05-27 17:08 - 00001192 _____ () C:\Users\Sandra\Desktop\OpenOffice 4.1.0.lnk
2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ___SD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-27 17:07 - 2014-05-27 17:06 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-25 11:51 - 2014-03-23 20:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-24 04:48 - 2014-06-12 10:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-24 04:47 - 2014-06-12 10:10 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-24 04:47 - 2014-06-12 10:10 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-24 04:47 - 2014-06-12 10:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-05-24 04:47 - 2014-06-12 10:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-24 04:45 - 2014-06-12 10:10 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-24 04:45 - 2014-06-12 10:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-24 04:45 - 2014-06-12 10:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-05-24 03:26 - 2014-06-12 10:09 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-24 03:25 - 2014-06-12 10:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-24 03:25 - 2014-06-12 10:09 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-24 03:09 - 2014-06-12 10:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-24 03:03 - 2014-06-12 10:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-24 00:37 - 2014-06-12 10:10 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-05-20 15:43 - 2014-03-10 20:07 - 00000000 ___RD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 15:43 - 2014-03-10 20:07 - 00000000 ___RD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-19 17:52 - 2014-05-19 17:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\Users\Sandra\bluej
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-19 17:52 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-05-19 17:52 - 2014-05-19 17:51 - 00000000 ____D () C:\Program Files\Java
2014-05-19 17:52 - 2014-03-10 20:05 - 00000000 ____D () C:\Users\Sandra
2014-05-19 17:44 - 2014-05-19 17:44 - 00001883 _____ () C:\Users\Sandra\Desktop\BlueJ.lnk
2014-05-19 17:44 - 2014-05-19 17:44 - 00000000 ____D () C:\Program Files (x86)\BlueJ
2014-05-15 17:50 - 2014-05-15 17:50 - 00000000 ____D () C:\Users\Sandra\Desktop\Kollegah

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 13:51

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Sandra at 2014-06-14 01:58:59
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GDMO (HKLM-x32\...\DMO) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Snap.Do (HKLM-x32\...\{F97A8857-2A38-4CE9-A53A-F07E491F2DA8}) (Version: 11.77.1.17697 - ReSoft Ltd.) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/31/2013 1.0.0.191) (HKLM\...\15591935E93BF0A0E42CA53B578EE5E630971E15) (Version: 10/31/2013 1.0.0.191 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Restore Points  =========================

03-06-2014 16:06:53 Geplanter Prüfpunkt
11-06-2014 06:25:06 Geplanter Prüfpunkt
13-06-2014 10:37:59 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CDE226E-6F06-4BFB-A33A-89AD17DE8CA8} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {2220E2F3-46F0-4080-9961-D52DEF9D9656} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2A305B23-7303-412A-BAB1-7815E0B84052} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {2BCE895F-574A-4069-8C28-28713AD00362} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {366FDD06-D35A-4D69-85D3-77E2C544CD3D} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {4B092BEB-495F-473D-88BD-9D0B4315255B} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {51B282E3-6DAC-4B61-9681-15D0BA32D4DE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)
Task: {584BD84C-5BAA-440F-B9F3-5EC06819155A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {60E8D447-2266-4537-A1C7-0200AA0AC656} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {6F27FDE8-7591-49F5-ACD2-E953FB758C1C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-11-08] (AsusTek)
Task: {7FF552C6-D5EE-4979-9F2D-2379120FB926} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {9BDC4112-0BD5-4CEE-9449-B8A70D306660} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {A0B676E0-F6A7-45B1-8D22-BC27284BC3AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AA5ADF75-3103-4807-82B9-8251C8D3E451} - \6b403e51-262f-4609-95a7-d28091744cec-4 No Task File <==== ATTENTION
Task: {AC378946-B861-45BF-91BC-5DB0D0C71456} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {AF8F54A4-E519-4B0B-AFFB-39B2FC819018} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {BC03CFD9-5655-4529-88A3-27611983A453} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8660CF8-BEBC-461F-8A8F-EDEB9DA8FB78} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-03-26 20:07 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-23 20:32 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-04-29 18:03 - 2013-04-29 18:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-03-23 20:48 - 2014-03-23 20:49 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-11-15 05:24 - 2012-11-02 09:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-01-16 19:33 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-10-08 22:41 - 2013-10-08 22:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 20:23 - 2013-09-09 20:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2014 01:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0065006d
ID des fehlerhaften Prozesses: 0xb24
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5

Error: (06/13/2014 00:38:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Home Network since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/13/2014 00:38:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/13/2014 00:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PluginService.exe, Version: 13.27.0.301, Zeitstempel: 0x536b5640
Name des fehlerhaften Moduls: DpInterface32.dll, Version: 3.0.2.3482, Zeitstempel: 0x535f638f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0009b29a
ID des fehlerhaften Prozesses: 0x48
Startzeit der fehlerhaften Anwendung: 0xPluginService.exe0
Pfad der fehlerhaften Anwendung: PluginService.exe1
Pfad des fehlerhaften Moduls: PluginService.exe2
Berichtskennung: PluginService.exe3
Vollständiger Name des fehlerhaften Pakets: PluginService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: PluginService.exe5

Error: (06/13/2014 00:10:09 PM) (Source: MsiInstaller) (EventID: 1002) (User: SCHLEMMERTOPF)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (06/13/2014 00:06:50 PM) (Source: MsiInstaller) (EventID: 1002) (User: SCHLEMMERTOPF)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (06/13/2014 11:47:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/13/2014 11:26:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/12/2014 01:51:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHLEMMERTOPF)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (06/12/2014 01:51:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LiveComm.exe, Version: 17.0.1119.516, Zeitstempel: 0x519504e1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x9e4
Startzeit der fehlerhaften Anwendung: 0xLiveComm.exe0
Pfad der fehlerhaften Anwendung: LiveComm.exe1
Pfad des fehlerhaften Moduls: LiveComm.exe2
Berichtskennung: LiveComm.exe3
Vollständiger Name des fehlerhaften Pakets: LiveComm.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LiveComm.exe5


System errors:
=============
Error: (06/13/2014 06:18:52 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/13/2014 03:17:01 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/13/2014 01:16:14 PM) (Source: DCOM) (EventID: 10010) (User: SCHLEMMERTOPF)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/13/2014 01:13:37 PM) (Source: DCOM) (EventID: 10010) (User: SCHLEMMERTOPF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2014 01:13:37 PM) (Source: DCOM) (EventID: 10010) (User: SCHLEMMERTOPF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2014 00:21:29 PM) (Source: DCOM) (EventID: 10010) (User: SCHLEMMERTOPF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2014 00:21:29 PM) (Source: DCOM) (EventID: 10010) (User: SCHLEMMERTOPF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (06/13/2014 00:13:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IePlugin Services" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/12/2014 10:46:45 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (06/12/2014 03:31:14 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


Microsoft Office Sessions:
=========================
Error: (06/13/2014 01:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c00000050065006db2401cf86f9acc78bfaC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeunknowne8affe49-f2ee-11e3-be7e-e03f49c33f67

Error: (06/13/2014 00:38:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Home Network since QueryServiceConfig API failed

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/13/2014 00:38:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/13/2014 00:13:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PluginService.exe13.27.0.301536b5640DpInterface32.dll3.0.2.3482535f638fc00000050009b29a4801cf79bac165a6b5C:\ProgramData\IePluginServices\PluginService.exeC:\Program Files (x86)\SupTab\DpInterface32.dll68da809c-f2e3-11e3-be7b-e03f49c33f67

Error: (06/13/2014 00:10:09 PM) (Source: MsiInstaller) (EventID: 1002) (User: SCHLEMMERTOPF)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (06/13/2014 00:06:50 PM) (Source: MsiInstaller) (EventID: 1002) (User: SCHLEMMERTOPF)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (06/13/2014 11:47:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (06/13/2014 11:26:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (06/12/2014 01:51:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SCHLEMMERTOPF)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

Error: (06/12/2014 01:51:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveComm.exe17.0.1119.516519504e1unknown0.0.0.000000000c000000500000000000000009e401cf7431851bb82eC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exeunknownd23e10ea-f227-11e3-be7b-e03f49c33f67microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbweMicrosoft.WindowsLive.Mail


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 6029.67 MB
Available physical RAM: 4109.38 MB
Total Pagefile: 6989.67 MB
Available Pagefile: 4781.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:219.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:397.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 0FE4DC0A)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 14.06.2014, 11:47   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Hi, versuchen wir es mal mit Revo...

Schritt 1

Bitte deinstalliere folgende Programme:

Snap.Do

Lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 2
  • Schließe alle offenen Programme und Browser.
  • Starte bitte Adwarecleaner.
  • Akzeptiere die Nutzungsbedingungen.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
    Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).


Schritt 3
Downloade Dir HitmanProauf Deinen Desktop:

HitmanPro - 32 Bit
HitmanPro - 64 Bit
  • Starte die HitmanPro.exe
  • Klicke auf Weiter und akzeptiere die Lizenzbedingungen. Klicke auf Weiter.
  • Wähle "Nein, ich möchte nur einen Einmalscan zur Überprüfung dieses Computers ausführen" aus und klicke auf Weiter.
  • Lass am Ende des Suchlaufs alle auftretende Funde in die Quarantäne verschieben und klicke auf Weiter.
  • Wähle unten links auf der Button-Leiste Logdatei speichern und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro.
  • Poste bitte den Inhalt der HitmanPro_<Datum_Uhrzeit>.txt mit Deiner nächsten Antwort.

Schritt 4

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 5



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 14.06.2014, 12:45   #5
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Wenn ich den ersten Schritt versuche auszuführen kommt eine Fehlermeldung. Habe mal einen Screenshot davon gemacht und im Anhang beigelegt.

Angehängte Grafiken
Dateityp: jpg Fehler.jpg (85,3 KB, 136x aufgerufen)

Alt 14.06.2014, 12:50   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Welche anderen Pfade stehen denn bei "use source" zur Verfügung? Gibts da was oder muss man selber navigieren?
__________________
--> Windows 8 64-bit: Snap.do Adware

Alt 14.06.2014, 12:57   #7
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Man müsste selber navigieren. Habe nun Schritt 2 ausgeführt:
Code:
ATTFilter
# AdwCleaner v3.212 - Bericht erstellt am 14/06/2014 um 13:52:01
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Sandra - SCHLEMMERTOPF
# Gestartet von : C:\Users\Sandra\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\SmartBar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11488 octets] - [13/06/2014 12:55:53]
AdwCleaner[R1].txt - [1002 octets] - [13/06/2014 13:15:13]
AdwCleaner[R2].txt - [1026 octets] - [13/06/2014 13:18:47]
AdwCleaner[R3].txt - [1087 octets] - [13/06/2014 13:25:53]
AdwCleaner[R4].txt - [1243 octets] - [13/06/2014 13:55:40]
AdwCleaner[R5].txt - [1362 octets] - [14/06/2014 13:51:22]
AdwCleaner[S0].txt - [9047 octets] - [13/06/2014 12:56:38]
AdwCleaner[S1].txt - [1012 octets] - [13/06/2014 13:16:04]
AdwCleaner[S2].txt - [1254 octets] - [13/06/2014 13:56:07]
AdwCleaner[S3].txt - [1232 octets] - [14/06/2014 13:52:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1292 octets] ##########
         

Alt 14.06.2014, 13:15   #8
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Schritt 3:
Code:
ATTFilter
HitmanPro 3.7.9.216
www.hitmanpro.com

   Computer name . . . . : SCHLEMMERTOPF
   Windows . . . . . . . : 6.2.0.9200.X64/2
   User name . . . . . . : SCHLEMMERTOPF\Sandra
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2014-06-14 14:04:44
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 33s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 14
   Traces  . . . . . . . : 57

   Objects scanned . . . : 1.449.000
   Files scanned . . . . : 15.459
   Remnants scanned  . . : 368.867 files / 1.064.674 keys

Malware _____________________________________________________________________

   C:\Users\Sandra\AppData\Local\Temp\dfs8767.tmp -> Deleted
      Size . . . . . . . : 398.848 bytes
      Age  . . . . . . . : 37.8 days (2014-05-07 19:42:56)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 92DF515628AC43A1EA86309E6D198A69738DA48258B2F609AB55988FC5591EF9
      Description  . . . : ProcessMon
      Version  . . . . . : 5.2.4.05
      Copyright  . . . . :  
    > Bitdefender  . . . : Gen:Variant.Adware.Kazy.380151
    > Kaspersky  . . . . : not-a-virus:AdWare.MSIL.DomaIQ.bxrq
      Fuzzy  . . . . . . : 107.0

   C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:21)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : EE43495888E817B5AEB9E56CA9B390F10805A549B0A00E83389AA2AA77ED3977
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.9s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.9s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.9s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:21)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : AD6EC676D27174E4C8408CAF9F5E21F63E1D7C3400B29A6C4C20E2A22C944FF6
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.9s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.9s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:21)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : B82D80CE41F11CD0E53362D2886ED68797842F6C69F78D14438A3680EBEF7241
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.8s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.9s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : 3FA3A2F485FA5A425A24AB3333242059714D07AAE03A375A0D3D2E67A88B673E
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : AE17A8E8C4CEE48B390B138A7D720BF59A9B2D643D46CF45D718BF05CC881974
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : FD444FE3CA2B716C016BE8FF63948094B53DFCBE92840A856741EB43533C14F0
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : 04D3D2EFCB9877D6210DC398B8FB407D1BCBF3DEC48F364998A49DBE811D9E5D
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : E8446A204F336827EF40578BBE5DF839DA0039D9EF1CD42C089E8D192F75B5DB
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : C2B4FAD183DB987F5C5D17A25448BC84A3DCEC88868D1E0D2AC5E0D5844C25DE
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : 9459A0CE69EFB2F2EB5815BAE397EC95AD1A1E7D9005D5402C434DFD2DC56A42
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : E5FE9E214562070B8852DF367D99668A75D62DE74C9B2E22EC11025029651120
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.8s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp -> Quarantined
      Size . . . . . . . : 1.536 bytes
      Age  . . . . . . . : 1.9 days (2014-06-12 17:03:22)
      Entropy  . . . . . : 1.0
      SHA-256  . . . . . : 60CF3D15EC133D0A027812BC44F72614D98A214A1DC40D4961F57AF1AB964DF1
    > G Data . . . . . . : Trojan.Generic.7607103 (Engine A)
      Fuzzy  . . . . . . : 114.0
      Forensic Cluster
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A1F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A3F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A5F.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A70.tmp
         -0.9s C:\Users\Sandra\AppData\Local\Temp\evb9A81.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9D7F.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9D90.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DA1.tmp
         -0.1s C:\Users\Sandra\AppData\Local\Temp\evb9DA2.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB2.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DB3.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DC4.tmp
         -0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DD4.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\evb9DE5.tmp

   C:\Users\Sandra\Desktop\Elitarius2\Patcher.exe -> Quarantined
      Size . . . . . . . : 2.087.018 bytes
      Age  . . . . . . . : 8.6 days (2014-06-05 22:58:35)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 3B93863BF41445B740F00A015D06AF2605E6B4B6CB9B1F0BF3BB9D1246260AD1
      Description
      Version  . . . . . : 3.3.8.0
    > Bitdefender  . . . : Trojan.Generic.11349116
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -0.7s C:\Users\Sandra\Desktop\Elitarius2\
         -0.7s C:\Users\Sandra\Desktop\Elitarius2\channel.inf
         -0.7s C:\Users\Sandra\Desktop\Elitarius2\clientversion.txt
         -0.6s C:\Users\Sandra\Desktop\Elitarius2\config.exe
         -0.5s C:\Users\Sandra\Desktop\Elitarius2\Elitarius2.exe
         -0.5s C:\Users\Sandra\Desktop\Elitarius2\locale.cfg
         -0.5s C:\Users\Sandra\Desktop\Elitarius2\metin2.cfg
         -0.5s C:\Users\Sandra\Desktop\Elitarius2\mouse.cfg
          0.0s C:\Users\Sandra\Desktop\Elitarius2\Patcher.exe
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\another_way.mp3
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\a_rhapsody_of_war.mp3
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\back_to_back.mp3
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\blacksea.mp3
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\catacomb_of_devil.mp3
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\characterselect.mp3
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\death_of_landmark.mp3
          0.0s C:\Users\Sandra\Desktop\Elitarius2\bgm\desert.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\enter_the_east.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\follow_war_god.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\last-war2.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\login_window.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\lost_my_name.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\m2bg.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\misty_forest.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\monkey_temple.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\mountain_of_death.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\mt.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\only_my_battle.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\open_the_gate.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\save_me.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\wedding.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\wonderland.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\bgm\xmas.mp3
          0.1s C:\Users\Sandra\Desktop\Elitarius2\Data\
          0.1s C:\Users\Sandra\Desktop\Elitarius2\Data\DataList.txt
          0.1s C:\Users\Sandra\Desktop\Elitarius2\Data\Thumbs.db
          0.1s C:\Users\Sandra\Desktop\Elitarius2\mark\
          0.1s C:\Users\Sandra\Desktop\Elitarius2\mark\10_0.tga
          0.1s C:\Users\Sandra\Desktop\Elitarius2\mark\20_0.tga
          0.1s C:\Users\Sandra\Desktop\Elitarius2\pack\
          0.1s C:\Users\Sandra\Desktop\Elitarius2\pack\BGM.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\Effect.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\Etc.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\guild.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\icon.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\Index
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\indoordeviltower1.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\indoormonkeydungeon1.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\indoormonkeydungeon2.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\indoormonkeydungeon3.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\indoorspiderdungeon1.epk
          0.2s C:\Users\Sandra\Desktop\Elitarius2\pack\item.epk
          0.3s C:\Users\Sandra\Desktop\Elitarius2\pack\locale_de.epk
          0.3s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_5th_armor.epk
          0.3s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_costume_soccer.epk
          0.3s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_dance.epk
          0.3s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_dragon_rock.epk
          0.4s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_dragon_rock_mobs.epk
          0.4s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_dragon_rock_mobs_texcache.epk
          0.4s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_dragon_rock_texcache.epk
          0.5s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_ds.epk
          0.5s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_dss_box.epk
          0.5s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_easter1.epk
          0.5s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_eu3.epk
          0.6s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_eu4.epk
          0.6s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_eu5.epk
          0.7s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_guild.epk
          0.8s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_halloween.epk
          1.0s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_mineral.epk
          1.1s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_mundi.epk
          2.1s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_newmob.epk
          5.8s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_nz.epk
         11.6s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_party.epk
         12.2s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_sd.epk
         13.0s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_source.epk
         13.2s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_w20_etc.epk
         13.2s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_w20_sound.epk
         13.9s C:\Users\Sandra\Desktop\Elitarius2\pack\metin2_patch_xmas.epk
         16.6s C:\Users\Sandra\Desktop\Elitarius2\pack\Monster.epk
         16.8s C:\Users\Sandra\Desktop\Elitarius2\pack\monster2.epk
         17.6s C:\Users\Sandra\Desktop\Elitarius2\pack\NPC.epk
         18.1s C:\Users\Sandra\Desktop\Elitarius2\pack\npc2.epk
         18.1s C:\Users\Sandra\Desktop\Elitarius2\pack\Outdoor.epk
         18.2s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorA1.epk
         18.2s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorA2.epk
         18.3s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorA3.epk
         18.3s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorB1.epk
         18.4s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorB3.epk
         18.4s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorC1.epk
         18.4s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorC3.epk
         18.5s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoordesert1.epk
         18.5s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorduel.epk
         18.5s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorempirebattle1.epk
         18.5s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorfielddungeon1.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorflame1.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorgmguildbuild.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorguild1.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorguild2.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorguild3.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoormilgyo1.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\OutdoorSnow1.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoort1.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoort2.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoort3.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoort4.epk
         19.0s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoortrent.epk
         19.1s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoortrent02.epk
         19.1s C:\Users\Sandra\Desktop\Elitarius2\pack\outdoorwedding.epk
         19.1s C:\Users\Sandra\Desktop\Elitarius2\pack\patch1.epk
         23.2s C:\Users\Sandra\Desktop\Elitarius2\pack\patch2.epk
         23.2s C:\Users\Sandra\Desktop\Elitarius2\pack\patch3.epk
         23.2s C:\Users\Sandra\Desktop\Elitarius2\pack\patch_pets.epk
         23.6s C:\Users\Sandra\Desktop\Elitarius2\pack\PC.epk
         24.8s C:\Users\Sandra\Desktop\Elitarius2\pack\pc2.epk
         26.5s C:\Users\Sandra\Desktop\Elitarius2\pack\Property.epk
         26.5s C:\Users\Sandra\Desktop\Elitarius2\pack\root.epk
         26.5s C:\Users\Sandra\Desktop\Elitarius2\pack\season1.epk
         27.8s C:\Users\Sandra\Desktop\Elitarius2\pack\season2.epk
         28.3s C:\Users\Sandra\Desktop\Elitarius2\pack\season3_eu.epk
         29.0s C:\Users\Sandra\Desktop\Elitarius2\pack\Sound.epk
         30.2s C:\Users\Sandra\Desktop\Elitarius2\pack\sound2.epk
         31.7s C:\Users\Sandra\Desktop\Elitarius2\pack\Terrain.epk
         32.1s C:\Users\Sandra\Desktop\Elitarius2\pack\textureset.epk
         32.1s C:\Users\Sandra\Desktop\Elitarius2\pack\Tree.epk
         32.3s C:\Users\Sandra\Desktop\Elitarius2\pack\uiloading.epk
         32.4s C:\Users\Sandra\Desktop\Elitarius2\pack\uiscript.epk
         32.4s C:\Users\Sandra\Desktop\Elitarius2\pack\Zone.epk
         35.1s C:\Users\Sandra\Desktop\Elitarius2\upload\
         35.1s C:\Users\Sandra\Desktop\Elitarius2\upload\75.jpg
         35.1s C:\Users\Sandra\Desktop\Elitarius2\temp\
         35.1s C:\Users\Sandra\Desktop\Elitarius2\temp\metin2.stderr.log
         35.1s C:\Users\Sandra\Desktop\Elitarius2\temp\metin2.stdout.log
         35.1s C:\Users\Sandra\Desktop\Elitarius2\upload\A.jpg
         35.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Adler (2).jpg
         35.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Adler.jpg
         35.3s C:\Users\Sandra\Desktop\Elitarius2\upload\Allmighty.jpg
         35.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Anarchie.jpg
         35.5s C:\Users\Sandra\Desktop\Elitarius2\upload\anker.jpg
         35.5s C:\Users\Sandra\Desktop\Elitarius2\upload\AO.jpg
         35.5s C:\Users\Sandra\Desktop\Elitarius2\upload\apokalypse.jpg
         35.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Armani.jpg
         35.5s C:\Users\Sandra\Desktop\Elitarius2\upload\AssasinPower.jpg
         35.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Auge (2).jpg
         35.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Auge.jpg
         35.8s C:\Users\Sandra\Desktop\Elitarius2\upload\awesomesmiley.jpg
         35.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Badman (2).jpg
         35.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Badman.jpg
         35.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Big G.jpg
         35.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Birne.jpg
         35.8s C:\Users\Sandra\Desktop\Elitarius2\upload\BlackWithe.jpg
         36.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Blaues Reich Flagge.jpg
         36.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Blitz.jpg
         36.1s C:\Users\Sandra\Desktop\Elitarius2\upload\blue.jpg
         36.1s C:\Users\Sandra\Desktop\Elitarius2\upload\BlutHorde.jpg
         36.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Brennender Totenkopf.jpg
         36.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Bunt.jpg
         36.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Butterfly.jpg
         36.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Butterfly1.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\cat.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\China.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Cross.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\CSI.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\DeathCowboy.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Destiniy.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Drache.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Dragon (2).jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Dragon.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Dragoneye.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\DS.jpg
         36.4s C:\Users\Sandra\Desktop\Elitarius2\upload\E.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Ei.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Eiserne Kreuz (2).jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Eiserne Kreuz.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\elitepvpers-logo.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\EliteWarrior.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Erzengel.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\exe.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Explosion.jpg
         36.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Eyes.jpg
         36.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Faust.jpg
         36.6s C:\Users\Sandra\Desktop\Elitarius2\upload\FaustGottes.jpg
         36.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Fee.jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Finnland.jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flagge (2).jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flagge (3).jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flagge (4).jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flagge (5).jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flagge.jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\flamme.jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flammen (2).jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flammen.jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Fleck.jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Flügel.jpg
         36.7s C:\Users\Sandra\Desktop\Elitarius2\upload\G Unit.jpg
         38.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Geist.jpg
         38.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Gelb.jpg
         38.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Gelbesding.jpg
         38.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Gesicht.jpg
         38.8s C:\Users\Sandra\Desktop\Elitarius2\upload\GoodNight.jpg
         38.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Goth.jpg
         38.9s C:\Users\Sandra\Desktop\Elitarius2\upload\Graffiti.jpg
         38.9s C:\Users\Sandra\Desktop\Elitarius2\upload\Gras.jpg
         38.9s C:\Users\Sandra\Desktop\Elitarius2\upload\Green (2).jpg
         38.9s C:\Users\Sandra\Desktop\Elitarius2\upload\green.jpg
         38.9s C:\Users\Sandra\Desktop\Elitarius2\upload\GreenLine.jpg
         38.9s C:\Users\Sandra\Desktop\Elitarius2\upload\Grey Star.jpg
         38.9s C:\Users\Sandra\Desktop\Elitarius2\upload\grey.jpg
         39.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Habbo.jpg
         39.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Hampelmann.jpg
         39.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Hand.jpg
         39.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Harry potter.jpg
         39.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Heart.jpg
         39.0s C:\Users\Sandra\Desktop\Elitarius2\upload\HelloKitty.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Hexe.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Hole.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Hole1.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Horizont.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Horror.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\HP.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\IN.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\JA.jpg
         39.2s C:\Users\Sandra\Desktop\Elitarius2\upload\Jamaica.jpg
         39.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Japse.jpg
         39.4s C:\Users\Sandra\Desktop\Elitarius2\upload\Jesus.jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Judenstern.jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Kleeblatt.jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\kp (2).jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\KP (3).jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\KP (4).jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\KP (5).jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\KP.jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\KP1.jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\KP2.jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\KP3.jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\kreuz (2).jpg
         39.5s C:\Users\Sandra\Desktop\Elitarius2\upload\Kreuz (3).jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Kreuz.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Kreuz1.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Kreuz2.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\L.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Lacoste.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\lama.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\LND.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\LuckyStrike.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Manga (2).jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Manga.jpg
         39.6s C:\Users\Sandra\Desktop\Elitarius2\upload\Manga1.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Mario Kart.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\McDonald.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Mensch.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Merci.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Meteorid.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Mittelfinger.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Mond (2).jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Mond.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Monster Eye.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Moslem.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\N.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Nike.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Nirvana.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\NoDog.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\NoMercy.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\OnePiece.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\P.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Pentagram.jpg
         39.7s C:\Users\Sandra\Desktop\Elitarius2\upload\Pferd.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Pilz.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Playboy (2).jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Playboy.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Player.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Portugal.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Red Tear.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\RedWhite.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Reichsadler.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Right.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Ring.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\RIP.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Ritterkreuz.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Rosenkranz.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\S (2).jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\S.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Satan.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\SAW.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Schlange.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Schweiz.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Smile.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Sonne.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Spanien (2).jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Spanien.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Star (2).jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Star.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Sterin.jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\stern (2).jpg
         39.8s C:\Users\Sandra\Desktop\Elitarius2\upload\Stern (3).jpg
         39.9s C:\Users\Sandra\Desktop\Elitarius2\upload\Stern.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Stern1.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Stier.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Sunshine.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Superman.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Tatze.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf (2).jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf (4).jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf (5).jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf (6).jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf4.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf².jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Totenkopf³.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Uhr.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Universum.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\USA.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\Verstrahlt.jpg
         40.0s C:\Users\Sandra\Desktop\Elitarius2\upload\W.jpg
         40.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Wappen.jpg
         40.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Weed.jpg
         40.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Weiblich.jpg
         40.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Welle.jpg
         40.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Welt.jpg
         40.1s C:\Users\Sandra\Desktop\Elitarius2\upload\Welt1.jpg
         40.3s C:\Users\Sandra\Desktop\Elitarius2\upload\Wrestling.jpg
         40.3s C:\Users\Sandra\Desktop\Elitarius2\upload\WS.jpg
         40.3s C:\Users\Sandra\Desktop\Elitarius2\upload\WS1.jpg
         40.3s C:\Users\Sandra\Desktop\Elitarius2\upload\YingYang.jpg
         40.3s C:\Users\Sandra\Desktop\Elitarius2\upload\Ägypten.jpg


Suspicious files ____________________________________________________________

   C:\Users\Sandra\AppData\Local\Temp\comh.150043\goopdateres_en.dll
      Size . . . . . . . : 26.792 bytes
      Age  . . . . . . . : 1.1 days (2014-06-13 12:07:51)
      Entropy  . . . . . : 5.3
      SHA-256  . . . . . : 39BA732E4C73E7A3BD96D4BE08E84ED10031E1DC8474EB45616ABDD62E03CF5F
      Product  . . . . . : globalUpdate Update
      Publisher  . . . . : globalUpdate
      Description  . . . : globalUpdate Update Resource DLL
      Version  . . . . . : 1.3.25.0
      Copyright  . . . . : LegalCopyright_XXXXXXXXXXXXXXXXXXX
      RSA Key Size . . . : 1024
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -102.0s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B065FB6E1704B95FAA47EE92DC32C8EB_D073C52B28D1DC301F641B1AA1393416
         -102.0s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B065FB6E1704B95FAA47EE92DC32C8EB_D073C52B28D1DC301F641B1AA1393416
         -97.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -97.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -97.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -97.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -96.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -96.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -96.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -96.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -96.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\
         -96.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\bin.html
         -95.5s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\
         -95.5s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\
         -95.5s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\config.dmc
         -94.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\box[1].htm
         -93.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\loading[1].css
         -93.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\doma[1].js
         -92.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\bg_app[1].png
         -92.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\safe[1].png
         -92.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\secure[1].jpg
         -92.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\secure[1].jpg
         -92.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\loading[2].gif
         -88.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\templateStyle.dfe
         -86.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\templateDisplays.dfe
         -86.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\Dockings.dfe
         -86.5s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\
         -86.5s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\
         -86.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\style.css
         -86.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\
         -86.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\bg_app.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\boton.jpg
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\boton_xl.jpg
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\bullet-short.gif
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\bullet.gif
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\butpause.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\butplay.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\check-close.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\check.jpg
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\check.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\cross.jpg
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\hide.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\less.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\logo-win.jpg
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\more.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\more.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\percentage-bg.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\percentage-bg.png
         -86.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\progress.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\progress_small.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\progress_small_bg.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-geaudioconverter.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-gevideoconverter.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-ifish.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-miul.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-olivebrowser.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-printpdf.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-printpdf.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-vafmusic.png
         -86.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-vafplayer.png
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-zipper.png
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-zipper.png
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\show.png
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\close.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\finish.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\finish.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\group.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\instalando.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\options.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\welcome.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\box.html
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position1A.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position1A.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position2A.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position2B.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position2C.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3A.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3B.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3C.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3C.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3D.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position4A.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position4A.css
         -86.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\jquery.min.js
         -85.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\base.css
         -85.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\base.css
         -81.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\Snapdoinfo.dfe
         -81.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\Snapdoinfo.dfe
         -81.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\snapdo.css
         -81.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\snapdo.css
         -81.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\snapdo.css
         -81.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\snapdo-logo.png
         -81.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\snapdo-logow.png
         -81.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\snapdo-toolbar.png
         -81.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\Snapdo\
         -81.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\Snapdo\info.html
         -61.5s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\2040-2082_Re-markit.exe
         -59.2s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_468822D23465B96A03006BD9A1AC4196
         -59.2s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_468822D23465B96A03006BD9A1AC4196
         -59.2s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_468822D23465B96A03006BD9A1AC4196
         -57.7s C:\Windows\Installer\MSI8B36.tmp-\
         -56.1s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
         -56.1s C:\Windows\System32\GroupPolicy\Machine\
         -56.1s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
         -56.1s C:\Windows\System32\GroupPolicy\User\
         -56.0s C:\Windows\System32\GroupPolicy\GPT.INI
         -52.8s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\
         -52.8s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\
         -52.8s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\LOG
         -52.8s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\LOCK
         -52.8s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\CURRENT
         -52.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\000003.log
         -52.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\MANIFEST-000002
         -52.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\MANIFEST-000002
         -52.4s C:\ProgramData\ntuser.pol
         -52.4s C:\ProgramData\ntuser.pol
         -52.4s C:\ProgramData\ntuser.pol
         -52.4s C:\ProgramData\ntuser.pol
         -48.8s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -48.8s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -48.8s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -48.8s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -48.8s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -40.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\VOPackage.exe
         -34.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\media.exe
         -31.6s C:\Users\Sandra\AppData\Local\Temp\b
         -31.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[1]
         -30.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[1]
         -29.2s C:\Windows\Prefetch\FREESOFTTODAY.TMP-49048D3E.pf
         -28.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[1]
         -28.3s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx
         -28.2s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx
         -28.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[1]
         -27.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\update[1].json
         -27.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\update[1].json
         -27.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\installer[1].gif
         -26.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\monetization[1].gif
         -26.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_5F124D17DE64DB801438EF94A4BF11CB
         -26.4s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_5F124D17DE64DB801438EF94A4BF11CB
         -26.1s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\toastNotifier.exe.log
         -26.1s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\toastNotifier.exe.log
         -26.1s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\toastNotifier.exe.log
         -22.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\JFileManager.exe
         -21.7s C:\Users\Sandra\AppData\Local\Temp\comh.94482\
         -21.6s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleCrashHandler.exe
         -21.5s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdate.exe
         -21.4s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdateBroker.exe
         -21.3s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdateHelper.msi
         -21.3s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdateOnDemand.exe
         -20.8s C:\Users\Sandra\AppData\Local\Temp\comh.94482\goopdate.dll
         -20.3s C:\Users\Sandra\AppData\Local\Temp\comh.94482\goopdateres_en.dll
         -20.1s C:\Users\Sandra\AppData\Local\Temp\comh.94482\npGoogleUpdate4.dll
         -20.0s C:\Users\Sandra\AppData\Local\Temp\comh.94482\psmachine.dll
         -19.8s C:\Users\Sandra\AppData\Local\Temp\comh.94482\psuser.dll
         -18.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\all[1].js
         -17.4s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir
         -17.3s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir
         -17.1s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir
         -17.1s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir
         -17.0s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi.vir
         -16.9s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir
         -16.8s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir
         -16.8s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir
         -16.8s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir
         -16.7s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir
         -16.7s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir
         -16.7s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir
         -15.5s C:\AdwCleaner\Quarantine\C\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job.vir
         -10.0s C:\Users\Sandra\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LTV.exe.log
         -8.9s C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore.vir
         -8.6s C:\Users\Sandra\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rundll32.exe.log
         -8.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         -8.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         -8.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         -8.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         -8.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\
         -5.9s C:\Windows\Installer\MSI557D.tmp-\
         -5.9s C:\Windows\Installer\MSI557D.tmp-\
         -5.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\update[1].json
         -5.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\installer-error[1].gif
         -5.1s C:\AdwCleaner\Quarantine\C\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job.vir
         -5.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\installer[1].gif
         -5.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\installer[1].gif
         -4.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\monetization[1].gif
         -2.0s C:\Users\Sandra\AppData\Local\Temp\comh.150043\
         -2.0s C:\Users\Sandra\AppData\Local\Temp\comh.150043\
         -2.0s C:\Users\Sandra\AppData\Local\Temp\comh.150043\
         -2.0s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleCrashHandler.exe
         -1.9s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdate.exe
         -1.8s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateBroker.exe
         -1.8s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateHelper.msi
         -1.7s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateOnDemand.exe
         -1.7s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateOnDemand.exe
         -1.0s C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA.vir
         -0.3s C:\Users\Sandra\AppData\Local\Temp\comh.150043\goopdate.dll
          0.0s C:\Users\Sandra\AppData\Local\Temp\comh.150043\goopdateres_en.dll
          0.1s C:\Users\Sandra\AppData\Local\Temp\comh.150043\npGoogleUpdate4.dll
          0.3s C:\Users\Sandra\AppData\Local\Temp\comh.150043\psmachine.dll
          0.4s C:\Users\Sandra\AppData\Local\Temp\comh.150043\psuser.dll
          7.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\installer-error[1].gif
         10.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[2]
         10.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[2]
         10.6s C:\Users\Sandra\AppData\Local\Temp\heu39T.nss
         10.6s C:\Users\Sandra\AppData\Local\Temp\heu39T.nss
         10.6s C:\Users\Sandra\AppData\Local\Temp\heu39T.nss
         11.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\facebook-errors[1].htm
         11.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\connect[2].htm
         13.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[2]
         14.1s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\YEBW0HKB.txt
         14.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[2]
         14.3s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\SGOZKFNR.txt
         14.3s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\SGOZKFNR.txt
         14.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[3]
         14.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[3]
         14.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\gif[1].gif
         14.8s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\ANBJ2B7R.txt
         14.8s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\8YSE7VI2.txt
         14.9s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\U5DVKCPC.txt
         15.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[3]
         15.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[3]
         16.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[4]
         17.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[4]
         17.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[5]
         17.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[3]
         19.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[4]
         19.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[4]
         21.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\analytics[1].htm
         22.6s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\484I0DCQ.txt
         22.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\analytics[1].htm
         27.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\jquery.min[1].js
         28.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\jquery[1].js
         28.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014061320140614\
         28.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014061320140614\container.dat
         29.1s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\D5WWA7GI.txt
         29.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\__utm[2].gif
         29.4s C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\repair-2014-06-13-12-08-20.log
         29.5s C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20140613-120736-A04B0901.LOG
         29.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\installer-error[1].gif
         29.8s C:\AdwCleaner\Quarantine\C\Windows\Tasks\6b403e51-262f-4609-95a7-d28091744cec-4.job.vir
         30.0s C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\6b403e51-262f-4609-95a7-d28091744cec-4.vir
         33.3s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_765869990270A968E3B362DDAE9D84C0
         33.3s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_765869990270A968E3B362DDAE9D84C0
         33.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\installer-error[2].gif
         33.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\installer-error[2].gif
         34.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\ch-agent-error[1].gif
         34.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\ch-agent-error[1].gif
         35.0s C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\
         35.0s C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
         37.0s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\
         37.0s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
         37.0s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
         37.0s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll

   C:\Users\Sandra\AppData\Local\Temp\comh.94482\goopdateres_en.dll
      Size . . . . . . . : 26.792 bytes
      Age  . . . . . . . : 1.1 days (2014-06-13 12:07:31)
      Entropy  . . . . . : 5.3
      SHA-256  . . . . . : A7AB91A75676FC3EFCC95F58F56DA3309F41EDD8D7B178485A4408958FF608C3
      Product  . . . . . : globalUpdate Update
      Publisher  . . . . : globalUpdate
      Description  . . . : globalUpdate Update Resource DLL
      Version  . . . . . : 1.3.25.0
      Copyright  . . . . : LegalCopyright_XXXXXXXXXXXXXXXXXXX
      RSA Key Size . . . : 1024
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -81.7s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B065FB6E1704B95FAA47EE92DC32C8EB_D073C52B28D1DC301F641B1AA1393416
         -81.7s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B065FB6E1704B95FAA47EE92DC32C8EB_D073C52B28D1DC301F641B1AA1393416
         -77.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -77.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -77.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -77.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\
         -76.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -76.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -76.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -76.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin.dmc
         -76.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\
         -76.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\bin.html
         -75.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\
         -75.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\
         -75.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\config.dmc
         -73.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\box[1].htm
         -73.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\loading[1].css
         -73.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\doma[1].js
         -72.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\bg_app[1].png
         -72.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\safe[1].png
         -72.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\secure[1].jpg
         -72.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\secure[1].jpg
         -72.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\loading[2].gif
         -67.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\templateStyle.dfe
         -66.6s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\templateDisplays.dfe
         -66.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\Dockings.dfe
         -66.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\
         -66.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\style.css
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\bg_app.png
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\boton.jpg
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\boton_xl.jpg
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\bullet-short.gif
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\bullet.gif
         -66.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\butpause.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\butplay.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\check-close.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\check.jpg
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\check.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\cross.jpg
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\hide.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\less.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\logo-win.jpg
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\more.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\more.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\percentage-bg.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\percentage-bg.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\progress.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\progress_small.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\progress_small_bg.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-geaudioconverter.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-gevideoconverter.png
         -65.9s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-ifish.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-miul.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-olivebrowser.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-printpdf.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-printpdf.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-vafmusic.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-vafplayer.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-zipper.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\screen-zipper.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\show.png
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\close.html
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\finish.html
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\finish.html
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\group.html
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\instalando.html
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\options.html
         -65.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\welcome.html
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\exe\box.html
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position1A.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position1A.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position2A.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position2B.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position2C.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3A.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3B.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3C.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3C.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position3D.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position4A.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\position4A.css
         -65.7s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\jquery.min.js
         -65.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\base.css
         -65.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\base.css
         -61.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\Snapdoinfo.dfe
         -61.4s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\temp\Snapdoinfo.dfe
         -61.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\snapdo.css
         -61.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\snapdo.css
         -61.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\snapdo.css
         -61.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\snapdo-logo.png
         -61.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\snapdo-logow.png
         -61.1s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\css\images\snapdo-toolbar.png
         -61.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\Snapdo\
         -61.0s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\bin\Snapdo\info.html
         -41.2s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\2040-2082_Re-markit.exe
         -38.9s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_468822D23465B96A03006BD9A1AC4196
         -38.9s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_468822D23465B96A03006BD9A1AC4196
         -38.9s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_468822D23465B96A03006BD9A1AC4196
         -37.5s C:\Windows\Installer\MSI8B36.tmp-\
         -35.8s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
         -35.8s C:\Windows\System32\GroupPolicy\Machine\
         -35.8s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
         -35.8s C:\Windows\System32\GroupPolicy\User\
         -35.8s C:\Windows\System32\GroupPolicy\GPT.INI
         -32.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\
         -32.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\
         -32.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\LOG
         -32.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\LOCK
         -32.6s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\CURRENT
         -32.4s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\000003.log
         -32.4s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\MANIFEST-000002
         -32.4s C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjhgnmffgdjnlminkgoljemdgmpccgmp\MANIFEST-000002
         -32.2s C:\ProgramData\ntuser.pol
         -32.2s C:\ProgramData\ntuser.pol
         -32.2s C:\ProgramData\ntuser.pol
         -32.2s C:\ProgramData\ntuser.pol
         -28.6s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -28.6s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -28.6s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -28.6s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -28.6s C:\Windows\Prefetch\RE-MARKITC67.EXE-07311138.pf
         -19.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\VOPackage.exe
         -14.3s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\media.exe
         -11.3s C:\Users\Sandra\AppData\Local\Temp\b
         -10.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[1]
         -10.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[1]
         -8.9s C:\Windows\Prefetch\FREESOFTTODAY.TMP-49048D3E.pf
         -8.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[1]
         -8.1s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx
         -8.0s C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx
         -7.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[1]
         -7.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\update[1].json
         -7.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\update[1].json
         -6.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\installer[1].gif
         -6.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\monetization[1].gif
         -6.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_5F124D17DE64DB801438EF94A4BF11CB
         -6.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_5F124D17DE64DB801438EF94A4BF11CB
         -5.8s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\toastNotifier.exe.log
         -5.8s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\toastNotifier.exe.log
         -5.8s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\toastNotifier.exe.log
         -1.8s C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\JFileManager.exe
         -1.4s C:\Users\Sandra\AppData\Local\Temp\comh.94482\
         -1.4s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleCrashHandler.exe
         -1.2s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdate.exe
         -1.1s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdateBroker.exe
         -1.1s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdateHelper.msi
         -1.0s C:\Users\Sandra\AppData\Local\Temp\comh.94482\GoogleUpdateOnDemand.exe
         -0.6s C:\Users\Sandra\AppData\Local\Temp\comh.94482\goopdate.dll
          0.0s C:\Users\Sandra\AppData\Local\Temp\comh.94482\goopdateres_en.dll
          0.2s C:\Users\Sandra\AppData\Local\Temp\comh.94482\npGoogleUpdate4.dll
          0.3s C:\Users\Sandra\AppData\Local\Temp\comh.94482\psmachine.dll
          0.5s C:\Users\Sandra\AppData\Local\Temp\comh.94482\psuser.dll
          2.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\all[1].js
          2.9s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir
          2.9s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdate.dll.vir
          3.1s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir
          3.2s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\goopdateres_en.dll.vir
          3.3s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi.vir
          3.4s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir
          3.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir
          3.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe.vir
          3.5s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir
          3.6s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir
          3.6s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir
          3.6s C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir
          4.7s C:\AdwCleaner\Quarantine\C\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job.vir
         10.3s C:\Users\Sandra\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LTV.exe.log
         11.3s C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore.vir
         11.6s C:\Users\Sandra\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\rundll32.exe.log
         12.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         12.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         12.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         12.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\
         12.1s C:\Users\Sandra\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\
         14.4s C:\Windows\Installer\MSI557D.tmp-\
         14.4s C:\Windows\Installer\MSI557D.tmp-\
         14.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\update[1].json
         15.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\installer-error[1].gif
         15.2s C:\AdwCleaner\Quarantine\C\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job.vir
         15.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\installer[1].gif
         15.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\installer[1].gif
         15.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\monetization[1].gif
         18.2s C:\Users\Sandra\AppData\Local\Temp\comh.150043\
         18.2s C:\Users\Sandra\AppData\Local\Temp\comh.150043\
         18.2s C:\Users\Sandra\AppData\Local\Temp\comh.150043\
         18.3s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleCrashHandler.exe
         18.4s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdate.exe
         18.4s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateBroker.exe
         18.5s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateHelper.msi
         18.5s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateOnDemand.exe
         18.5s C:\Users\Sandra\AppData\Local\Temp\comh.150043\GoogleUpdateOnDemand.exe
         19.3s C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA.vir
         20.0s C:\Users\Sandra\AppData\Local\Temp\comh.150043\goopdate.dll
         20.3s C:\Users\Sandra\AppData\Local\Temp\comh.150043\goopdateres_en.dll
         20.4s C:\Users\Sandra\AppData\Local\Temp\comh.150043\npGoogleUpdate4.dll
         20.6s C:\Users\Sandra\AppData\Local\Temp\comh.150043\psmachine.dll
         20.7s C:\Users\Sandra\AppData\Local\Temp\comh.150043\psuser.dll
         27.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\installer-error[1].gif
         30.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[2]
         30.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[2]
         30.9s C:\Users\Sandra\AppData\Local\Temp\heu39T.nss
         30.9s C:\Users\Sandra\AppData\Local\Temp\heu39T.nss
         30.9s C:\Users\Sandra\AppData\Local\Temp\heu39T.nss
         31.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\facebook-errors[1].htm
         31.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\connect[2].htm
         33.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[2]
         34.4s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\YEBW0HKB.txt
         34.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[2]
         34.6s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\SGOZKFNR.txt
         34.6s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\SGOZKFNR.txt
         34.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[3]
         34.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[3]
         34.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\gif[1].gif
         35.1s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\ANBJ2B7R.txt
         35.1s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\8YSE7VI2.txt
         35.2s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\U5DVKCPC.txt
         35.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[3]
         36.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[3]
         36.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[4]
         37.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[4]
         37.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[5]
         37.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[3]
         39.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[4]
         39.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[4]
         41.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\analytics[1].htm
         42.8s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\484I0DCQ.txt
         43.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\analytics[1].htm
         48.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\jquery.min[1].js
         48.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\jquery[1].js
         48.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014061320140614\
         49.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014061320140614\container.dat
         49.4s C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\D5WWA7GI.txt
         49.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\__utm[2].gif
         49.7s C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\repair-2014-06-13-12-08-20.log
         49.7s C:\ProgramData\Avira\AntiVir Desktop\LOGFILES\AVSCAN-20140613-120736-A04B0901.LOG
         50.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\installer-error[1].gif
         50.0s C:\AdwCleaner\Quarantine\C\Windows\Tasks\6b403e51-262f-4609-95a7-d28091744cec-4.job.vir
         50.3s C:\AdwCleaner\Quarantine\C\Windows\System32\Tasks\6b403e51-262f-4609-95a7-d28091744cec-4.vir
         53.5s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_765869990270A968E3B362DDAE9D84C0
         53.5s C:\Users\Sandra\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_765869990270A968E3B362DDAE9D84C0
         54.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\installer-error[2].gif
         54.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\installer-error[2].gif
         55.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\ch-agent-error[1].gif
         55.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\ch-agent-error[1].gif
         55.2s C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\
         55.2s C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
         57.2s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\
         57.2s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
         57.2s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
         57.2s C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll

   C:\Users\Sandra\AppData\Local\Temp\ICReinstall_nslC204.tmp
      Size . . . . . . . : 592.311 bytes
      Age  . . . . . . . : 1.1 days (2014-06-13 12:22:30)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 5176FF5A49540BB84F800E500C631F42A6DD4CA60EB4C59D0B2F9CBC5D7402D7
      Source URL . . . . : hxxp://www.download-servers.com/vuupc/dl.php?r=vu_vo2_&rr=R&sct=AGR&sid=00000011-0000-0000-0000-E03F49C33F67
      Fuzzy  . . . . . . : 26.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -35.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[6]
         -35.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[7]
         -34.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[7]
         -34.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[7]
         -33.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[8]
         -33.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[8]
         -32.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[7]
         -32.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[8]
         -29.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
         -29.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
         -29.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
         -29.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
         -5.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[8]
         -5.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[9]
         -5.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[8]
         -5.1s C:\Users\Sandra\AppData\Local\Temp\nslC204.tmp
         -4.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Setup[1].exe
         -4.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Setup[1].exe
          0.0s C:\Users\Sandra\AppData\Local\Temp\ICReinstall_nslC204.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\ICReinstall_nslC204.tmp
          0.0s C:\Users\Sandra\AppData\Local\Temp\ICReinstall_nslC204.tmp
          0.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\
          0.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\
          0.7s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          0.7s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          0.7s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          0.7s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          2.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS.part
          4.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp\
          4.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp\AnyProtectScannerSetup.exe
          4.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\declineBG[1].png
          4.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Yes_Button[1].png
          4.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Yes_Button_Hover[1].png
          4.8s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp.CIS
          4.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\No_Button[1].png
          4.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\No_Button_Hover[1].png
          5.0s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp.CIS
          5.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\IE_logo[1].png
          5.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\IE_logo[1].png
          5.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\CH_logo[1].png
          5.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\FF_logo[1].png
          5.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Sasatagete[1].PNG
          5.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Sasatagete_v9[1].png
          5.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Tesusutu_logo2[1].png
          5.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Gerebeben_Logo[1].png
          5.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Notonoronot1[1].png
          5.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Notonoronot2[1].png
          5.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Lilisipipe[1].png
          5.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Nobaxotat_logo[1].png
          5.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Nobaxotat_logo[1].png
          5.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Ropopi_Title[1].png
          6.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\bg1[1].jpg
          6.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg2[1].jpg
          6.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Sesakesaye_bisli[1].png
          6.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\logo[1].png
          6.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp.CIS.part
          6.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp.CIS.part
          6.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\logo_new[1].png
          6.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Rerarapepe3[1].jpg
          6.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp.CIS.part
          6.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Capas_EN[1].png
          6.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\CapasV[1].png
          6.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Capas_bg[1].png
          6.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
          6.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
          6.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
          6.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
          6.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
          7.0s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp\
          7.0s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp\RAM.dll
          7.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Mamawaj[1].png
          7.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\V1_bg[1].jpg
          7.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\V2_bg[1].jpg
          8.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\
          8.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
          8.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
          8.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
          8.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
          8.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
          8.3s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
          8.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\sqlite3.dll
          8.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\sqlite3.dll
          9.4s C:\Users\Sandra\AppData\Local\Temp\icc_051186061212\

   C:\Users\Sandra\AppData\Local\Temp\nslC204.tmp
      Size . . . . . . . : 592.311 bytes
      Age  . . . . . . . : 1.1 days (2014-06-13 12:22:25)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 5176FF5A49540BB84F800E500C631F42A6DD4CA60EB4C59D0B2F9CBC5D7402D7
      Source URL . . . . : hxxp://www.download-servers.com/vuupc/dl.php?r=vu_vo2_&rr=R&sct=AGR&sid=00000011-0000-0000-0000-E03F49C33F67
      Fuzzy  . . . . . . : 26.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -30.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[6]
         -29.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[7]
         -29.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[7]
         -29.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[7]
         -28.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[8]
         -28.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[8]
         -27.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[7]
         -27.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\r[8]
         -24.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
         -24.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
         -24.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
         -24.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
         -0.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\r[8]
         -0.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\r[9]
         -0.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\r[8]
          0.0s C:\Users\Sandra\AppData\Local\Temp\nslC204.tmp
          0.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Setup[1].exe
          0.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Setup[1].exe
          5.1s C:\Users\Sandra\AppData\Local\Temp\ICReinstall_nslC204.tmp
          5.1s C:\Users\Sandra\AppData\Local\Temp\ICReinstall_nslC204.tmp
          5.1s C:\Users\Sandra\AppData\Local\Temp\ICReinstall_nslC204.tmp
          5.6s C:\Users\Sandra\AppData\Local\Temp\is45637729\
          5.6s C:\Users\Sandra\AppData\Local\Temp\is45637729\
          5.8s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          5.8s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          5.8s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          5.8s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS
          7.6s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp.CIS.part
          9.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp\
          9.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188269_stp\AnyProtectScannerSetup.exe
          9.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\declineBG[1].png
          9.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Yes_Button[1].png
          9.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Yes_Button_Hover[1].png
          9.9s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp.CIS
          9.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\No_Button[1].png
         10.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\No_Button_Hover[1].png
         10.0s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp.CIS
         10.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\IE_logo[1].png
         10.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\IE_logo[1].png
         10.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\CH_logo[1].png
         10.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\FF_logo[1].png
         10.2s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Sasatagete[1].PNG
         10.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Sasatagete_v9[1].png
         10.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Tesusutu_logo2[1].png
         10.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Gerebeben_Logo[1].png
         10.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Notonoronot1[1].png
         10.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Notonoronot2[1].png
         10.9s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Lilisipipe[1].png
         11.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Nobaxotat_logo[1].png
         11.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Nobaxotat_logo[1].png
         11.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Ropopi_Title[1].png
         11.1s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\bg1[1].jpg
         11.3s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg2[1].jpg
         11.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\Sesakesaye_bisli[1].png
         11.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\logo[1].png
         11.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp.CIS.part
         11.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp.CIS.part
         11.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\logo_new[1].png
         11.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDU4WS8Q\Rerarapepe3[1].jpg
         11.6s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp.CIS.part
         11.6s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\Capas_EN[1].png
         11.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAV7E6H1\CapasV[1].png
         11.8s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Capas_bg[1].png
         12.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
         12.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
         12.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
         12.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
         12.0s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\bg[1].png
         12.1s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp\
         12.1s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188289_stp\RAM.dll
         12.4s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VEPHKQP5\Mamawaj[1].png
         12.5s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\V1_bg[1].jpg
         12.7s C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZEQYSAS\V2_bg[1].jpg
         13.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\
         13.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
         13.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
         13.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
         13.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
         13.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
         13.4s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\icc.dll
         13.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\sqlite3.dll
         13.5s C:\Users\Sandra\AppData\Local\Temp\is45637729\452188384_stp\sqlite3.dll
         14.5s C:\Users\Sandra\AppData\Local\Temp\icc_051186061212\


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player) -> Deleted
   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\Wpm\ (FTDownloader) -> Deleted
   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm\ (FTDownloader) -> PendingDelete
   HKU\S-1-5-21-1740782634-1134074537-3814847298-1001\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player) -> Deleted
   HKU\S-1-5-21-1740782634-1134074537-3814847298-1001\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player) -> Deleted
   HKU\S-1-5-21-1740782634-1134074537-3814847298-1001\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Cookies\BHVQ7SC6.txt
         

Alt 14.06.2014, 13:46   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Hi, was Du noch vor Schritt 5 ausprobieren könntest:

Geh mal ins Menü von Malwarebytes - Verlauf - Quarantäne
Such nach
Code:
ATTFilter
PUP.Optional.SnapDo.A, C:\Users\Sandra\AppData\Local\Temp\aa1cf115-d4a2-476f-8626-9df862f23514\software\MsiInstaller.msi, , [3dbdf483d9a2e650480225615da47f81],
         
Markiere die checkbox und gehe auf Wiederherstellen.
Versuche dann nochmal Snap.Do mit Revo zu deinstallieren...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 14.06.2014, 14:01   #10
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Ja stimmt es hat geklappt, es ist aus der Systemsteuerung raus und deinstalliert. Muss ich den 4. Schritt dann auch jetzt noch zu Ende machen oder gleich zu Schritt 5?

Alt 14.06.2014, 14:03   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware





Schritt 4 und 5 wie angewiesen bitte ausführen!
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 14.06.2014, 14:26   #12
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Also Schritt 4:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=2617832f2fad144483346a34039937bd
# engine=18717
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-14 12:23:24
# local_time=2014-06-14 02:23:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 1513 3121602 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 1226078 7139493 0 0
# scanned=14171
# found=15
# cleaned=0
# scan_time=203
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=06E4DFA138D6522C404B5AB0ECDCC2E21703B92C ft=1 fh=cfd402a2bd0317b0 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=06E4DFA138D6522C404B5AB0ECDCC2E21703B92C ft=1 fh=cfd402a2bd0317b0 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=998764836CBC3560F793ADE9A7C3C1405D00BEC6 ft=1 fh=bbe0ad0db99c4fb6 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=998764836CBC3560F793ADE9A7C3C1405D00BEC6 ft=1 fh=bbe0ad0db99c4fb6 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=D8526969FF65DF7B7BF3276BE3DFF9E62B68AF49 ft=1 fh=db26de03d3a27910 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=561249B34D97B2B2BC46BCD6123F67137BE6E30F ft=1 fh=958ee95189059e15 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=C4572103452CB2E459912D1C5F12F59066A50FA9 ft=1 fh=d0c221068451f4c6 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=8AF0B8395CA2B561C93D4704838FD4549F6D59DB ft=1 fh=7c4e70a6fcfc43b7 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=2B6CFCD7C81463D2544FDE96AD85BF6AA873379D ft=1 fh=6950e4890066eaa5 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=6EB1CCC67427C21F93B928D2FFDFD38C13637D68 ft=1 fh=34833efd3fe0ff41 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=C9A7CA3C06A8BD159C76E82BE3C0129DFAF370E2 ft=1 fh=c647e824ec6e2f74 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sandra\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
         
Schritt 5:
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Sandra (administrator) on SCHLEMMERTOPF on 14-06-2014 15:22:03
Running from C:\Users\Sandra\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1740782634-1134074537-3814847298-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Sandra\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "hxxp://www.google.de/"
CHR Extension: (AdBlock) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-13]
CHR Extension: (Google Wallet) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-09] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-11-08] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-06-14] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-14 15:22 - 2014-06-14 15:22 - 00013875 _____ () C:\Users\Sandra\Desktop\FRST.txt
2014-06-14 14:17 - 2014-06-14 14:17 - 02347384 _____ (ESET) C:\Users\Sandra\Desktop\esetsmartinstaller_deu.exe
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-14 14:11 - 2014-06-14 14:11 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-14 14:10 - 2014-06-14 14:10 - 00239708 _____ () C:\Users\Sandra\Desktop\HitmanPro_20140614_1410.log
2014-06-14 14:10 - 2014-06-14 14:10 - 00005452 _____ () C:\Windows\system32\.crusader
2014-06-14 14:04 - 2014-06-14 14:04 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-14 14:03 - 2014-06-14 14:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-14 14:02 - 2014-06-14 14:03 - 10971424 _____ (SurfRight B.V.) C:\Users\Sandra\Desktop\HitmanPro_x64.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Users\Sandra\Desktop\revouninstaller-portable
2014-06-14 01:58 - 2014-06-14 15:22 - 00000000 ____D () C:\FRST
2014-06-14 01:57 - 2014-06-14 01:57 - 02081792 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2014-06-13 16:13 - 2014-06-14 14:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-13 16:13 - 2014-06-13 16:13 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 16:13 - 2014-06-13 16:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-13 16:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-13 16:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-13 16:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 13:21 - 2014-06-13 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 12:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-13 12:55 - 2014-06-14 13:52 - 00000000 ____D () C:\AdwCleaner
2014-06-13 12:55 - 2014-06-13 12:55 - 01333465 _____ () C:\Users\Sandra\Desktop\adwcleaner_3.212.exe
2014-06-13 12:12 - 2014-06-13 12:12 - 00003118 _____ () C:\Windows\System32\Tasks\{88A67A92-8AC4-4D13-9E4A-0E60DF21621A}
2014-06-13 12:09 - 2014-06-13 12:28 - 00002300 _____ () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-13 12:06 - 2014-06-13 12:13 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-12 10:10 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 10:10 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 10:10 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 10:10 - 2014-05-24 04:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-12 10:10 - 2014-05-24 04:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 10:10 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 10:10 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 10:10 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 10:10 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 10:10 - 2014-05-24 03:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 10:10 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 10:10 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 10:10 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 10:10 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 10:10 - 2014-05-24 00:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-12 10:10 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 10:10 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-12 10:10 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-12 10:10 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-12 10:10 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-12 10:10 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-12 10:10 - 2014-04-01 00:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-12 10:10 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-12 10:10 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-12 10:09 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 10:09 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 10:08 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 10:08 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 10:08 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-08 20:59 - 2014-06-13 12:10 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-05 22:58 - 2014-06-14 14:10 - 00000000 ____D () C:\Users\Sandra\Desktop\Elitarius2
2014-06-03 15:55 - 2014-06-03 15:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 15:39 - 2014-06-03 15:38 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-03 14:59 - 2014-06-03 18:20 - 00000000 ____D () C:\Users\Sandra\Desktop\BlueJ
2014-06-02 20:26 - 2014-06-02 20:26 - 00022153 _____ () C:\Users\Sandra\Desktop\InfoZusammenfassung_Felix.odt
2014-05-31 15:54 - 2014-05-31 15:54 - 00000692 _____ () C:\Users\Sandra\Desktop\GDMO.lnk
2014-05-31 15:54 - 2014-05-31 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-05-31 15:51 - 2014-05-31 15:51 - 00000000 ____D () C:\Joymax
2014-05-31 15:26 - 2014-05-31 15:26 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Akamai
2014-05-31 09:50 - 2014-05-31 09:50 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-05-31 09:49 - 2014-05-31 09:49 - 00002072 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-31 09:49 - 2014-05-31 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\ProgramData\Avira
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-31 09:48 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-31 09:48 - 2014-05-09 11:16 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-31 09:48 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-31 09:48 - 2014-01-19 09:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-05-27 17:09 - 2014-05-27 17:09 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice
2014-05-27 17:08 - 2014-05-27 17:08 - 00001192 _____ () C:\Users\Sandra\Desktop\OpenOffice 4.1.0.lnk
2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ___SD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-27 17:06 - 2014-05-27 17:07 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-19 17:52 - 2014-05-19 17:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\Users\Sandra\bluej
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-19 17:51 - 2014-05-19 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-05-19 17:51 - 2014-05-19 17:52 - 00000000 ____D () C:\Program Files\Java
2014-05-19 17:44 - 2014-05-19 17:44 - 00001883 _____ () C:\Users\Sandra\Desktop\BlueJ.lnk
2014-05-19 17:44 - 2014-05-19 17:44 - 00000000 ____D () C:\Program Files (x86)\BlueJ
2014-05-16 16:28 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-16 16:28 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-16 16:28 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-16 16:28 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-16 16:28 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-16 16:27 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-16 16:27 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-16 16:27 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-16 16:27 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-16 16:27 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-16 16:27 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-16 16:27 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-16 16:27 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-16 16:27 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-16 16:27 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-16 16:27 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-16 16:27 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-16 16:27 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-16 16:27 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-16 16:27 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-16 16:27 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-16 16:27 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-16 16:27 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-16 16:27 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-16 16:27 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-16 16:27 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-16 16:27 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-16 16:27 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-16 16:27 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-16 16:27 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-16 16:27 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-16 16:27 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-16 16:27 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-16 16:27 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-16 16:27 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-16 16:27 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-16 16:27 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-16 16:27 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-16 16:27 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-15 17:50 - 2014-05-15 17:50 - 00000000 ____D () C:\Users\Sandra\Desktop\Kollegah

==================== One Month Modified Files and Folders =======

2014-06-14 15:22 - 2014-06-14 15:22 - 00013875 _____ () C:\Users\Sandra\Desktop\FRST.txt
2014-06-14 15:22 - 2014-06-14 01:58 - 00000000 ____D () C:\FRST
2014-06-14 15:22 - 2014-03-10 20:05 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Temp
2014-06-14 15:19 - 2014-03-10 20:14 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1740782634-1134074537-3814847298-1001
2014-06-14 15:15 - 2014-03-10 20:06 - 00000000 ____D () C:\Users\Sandra\AppData\Local\VirtualStore
2014-06-14 15:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-14 14:27 - 2014-03-26 15:12 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 14:17 - 2014-06-14 14:17 - 02347384 _____ (ESET) C:\Users\Sandra\Desktop\esetsmartinstaller_deu.exe
2014-06-14 14:17 - 2014-06-14 14:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-14 14:13 - 2014-06-13 16:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 14:13 - 2014-03-10 20:07 - 00000062 _____ () C:\Users\Sandra\AppData\Roaming\sp_data.sys
2014-06-14 14:11 - 2014-06-14 14:11 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-06-14 14:11 - 2014-03-26 15:12 - 00001134 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 14:11 - 2012-08-02 15:24 - 00200158 _____ () C:\Windows\PFRO.log
2014-06-14 14:11 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-14 14:11 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-14 14:10 - 2014-06-14 14:10 - 00239708 _____ () C:\Users\Sandra\Desktop\HitmanPro_20140614_1410.log
2014-06-14 14:10 - 2014-06-14 14:10 - 00005452 _____ () C:\Windows\system32\.crusader
2014-06-14 14:10 - 2014-06-14 14:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-14 14:10 - 2014-06-05 22:58 - 00000000 ____D () C:\Users\Sandra\Desktop\Elitarius2
2014-06-14 14:04 - 2014-06-14 14:04 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-14 14:03 - 2014-06-14 14:02 - 10971424 _____ (SurfRight B.V.) C:\Users\Sandra\Desktop\HitmanPro_x64.exe
2014-06-14 13:52 - 2014-06-13 12:55 - 00000000 ____D () C:\AdwCleaner
2014-06-14 13:52 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\L2Schemas
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Users\Sandra\Desktop\revouninstaller-portable
2014-06-14 12:51 - 2014-03-10 20:06 - 01791968 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 12:43 - 2014-01-16 19:43 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-06-14 12:43 - 2014-01-16 19:43 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-06-14 01:57 - 2014-06-14 01:57 - 02081792 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe
2014-06-14 01:19 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-06-13 16:28 - 2014-03-26 15:13 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 16:13 - 2014-06-13 16:13 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-13 16:13 - 2014-06-13 16:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-13 13:22 - 2012-08-03 01:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-06-13 13:22 - 2012-08-03 01:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-06-13 13:22 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 13:21 - 2014-06-13 13:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-13 12:55 - 2014-06-13 12:55 - 01333465 _____ () C:\Users\Sandra\Desktop\adwcleaner_3.212.exe
2014-06-13 12:42 - 2013-04-26 01:18 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-13 12:41 - 2014-04-13 20:02 - 00448888 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-13 12:28 - 2014-06-13 12:09 - 00002300 _____ () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-13 12:13 - 2014-06-13 12:06 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-13 12:12 - 2014-06-13 12:12 - 00003118 _____ () C:\Windows\System32\Tasks\{88A67A92-8AC4-4D13-9E4A-0E60DF21621A}
2014-06-13 12:10 - 2014-06-08 20:59 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Skype
2014-06-13 12:06 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-13 12:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-12 13:54 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-12 13:52 - 2014-04-04 15:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 13:51 - 2014-04-04 15:18 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 20:59 - 2014-06-08 20:59 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 20:59 - 2014-06-08 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-06 16:07 - 2012-07-26 09:21 - 00036329 _____ () C:\Windows\setupact.log
2014-06-06 14:22 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-03 18:20 - 2014-06-03 14:59 - 00000000 ____D () C:\Users\Sandra\Desktop\BlueJ
2014-06-03 17:05 - 2012-07-26 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-03 15:55 - 2014-06-03 15:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-03 15:54 - 2014-06-03 15:54 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 15:38 - 2014-06-03 15:39 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-02 20:26 - 2014-06-02 20:26 - 00022153 _____ () C:\Users\Sandra\Desktop\InfoZusammenfassung_Felix.odt
2014-05-31 15:54 - 2014-05-31 15:54 - 00000692 _____ () C:\Users\Sandra\Desktop\GDMO.lnk
2014-05-31 15:54 - 2014-05-31 15:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-05-31 15:51 - 2014-05-31 15:51 - 00000000 ____D () C:\Joymax
2014-05-31 15:26 - 2014-05-31 15:26 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Akamai
2014-05-31 09:50 - 2014-05-31 09:50 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-05-31 09:49 - 2014-05-31 09:49 - 00002072 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-31 09:49 - 2014-05-31 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-31 09:49 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\ProgramData\Avira
2014-05-31 09:48 - 2014-05-31 09:48 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-31 09:46 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-05-31 09:39 - 2014-03-26 15:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-31 07:16 - 2012-07-26 10:14 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 07:16 - 2012-07-26 10:14 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-28 19:21 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini
2014-05-27 17:09 - 2014-05-27 17:09 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\OpenOffice
2014-05-27 17:08 - 2014-05-27 17:08 - 00001192 _____ () C:\Users\Sandra\Desktop\OpenOffice 4.1.0.lnk
2014-05-27 17:08 - 2014-05-27 17:08 - 00000000 ___SD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-05-27 17:07 - 2014-05-27 17:06 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-25 11:51 - 2014-03-23 20:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-24 04:48 - 2014-06-12 10:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-24 04:47 - 2014-06-12 10:10 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-24 04:47 - 2014-06-12 10:10 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-24 04:47 - 2014-06-12 10:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-05-24 04:47 - 2014-06-12 10:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-24 04:46 - 2014-06-12 10:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-24 04:45 - 2014-06-12 10:10 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-24 04:45 - 2014-06-12 10:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-24 04:45 - 2014-06-12 10:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-24 03:26 - 2014-06-12 10:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-05-24 03:26 - 2014-06-12 10:09 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-24 03:25 - 2014-06-12 10:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-24 03:25 - 2014-06-12 10:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-24 03:25 - 2014-06-12 10:09 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-24 03:09 - 2014-06-12 10:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-24 03:03 - 2014-06-12 10:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-24 00:37 - 2014-06-12 10:10 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-05-20 15:43 - 2014-03-10 20:07 - 00000000 ___RD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-20 15:43 - 2014-03-10 20:07 - 00000000 ___RD () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-20 15:21 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-19 17:52 - 2014-05-19 17:52 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-19 17:52 - 2014-05-19 17:52 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\Users\Sandra\bluej
2014-05-19 17:52 - 2014-05-19 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-19 17:52 - 2014-05-19 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-05-19 17:52 - 2014-05-19 17:51 - 00000000 ____D () C:\Program Files\Java
2014-05-19 17:52 - 2014-03-10 20:05 - 00000000 ____D () C:\Users\Sandra
2014-05-19 17:44 - 2014-05-19 17:44 - 00001883 _____ () C:\Users\Sandra\Desktop\BlueJ.lnk
2014-05-19 17:44 - 2014-05-19 17:44 - 00000000 ____D () C:\Program Files (x86)\BlueJ
2014-05-15 17:50 - 2014-05-15 17:50 - 00000000 ____D () C:\Users\Sandra\Desktop\Kollegah

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-12 13:51

==================== End Of Log ============================
         
--- --- ---

Alt 14.06.2014, 14:27   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Bei Schritt 5 fehlt was...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 14.06.2014, 14:29   #14
FxWickl0
 
Windows 8 64-bit: Snap.do Adware - Daumen hoch

Windows 8 64-bit: Snap.do Adware



Und hier noch Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by Sandra at 2014-06-14 15:22:49
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.4.117.01527 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.4.117.01527 - Alcor Micro Corp.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GDMO (HKLM-x32\...\DMO) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/31/2013 1.0.0.191) (HKLM\...\15591935E93BF0A0E42CA53B578EE5E630971E15) (Version: 10/31/2013 1.0.0.191 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Restore Points  =========================

03-06-2014 16:06:53 Geplanter Prüfpunkt
11-06-2014 06:25:06 Geplanter Prüfpunkt
13-06-2014 10:37:59 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
14-06-2014 11:39:58 Revo Uninstaller's restore point - Snap.Do

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2220E2F3-46F0-4080-9961-D52DEF9D9656} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2A305B23-7303-412A-BAB1-7815E0B84052} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {2BCE895F-574A-4069-8C28-28713AD00362} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {366FDD06-D35A-4D69-85D3-77E2C544CD3D} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {4183475E-6EF5-4CA7-9957-29BDE448BA9A} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {584BD84C-5BAA-440F-B9F3-5EC06819155A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {60E8D447-2266-4537-A1C7-0200AA0AC656} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {6F27FDE8-7591-49F5-ACD2-E953FB758C1C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-11-08] (AsusTek)
Task: {717CF5C7-90F3-48B9-B18B-9FC3021D55D4} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {7FF552C6-D5EE-4979-9F2D-2379120FB926} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {9BDC4112-0BD5-4CEE-9449-B8A70D306660} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {9DD0B120-967D-466B-9C97-A47C4140418E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)
Task: {A0B676E0-F6A7-45B1-8D22-BC27284BC3AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-26] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AA5ADF75-3103-4807-82B9-8251C8D3E451} - \6b403e51-262f-4609-95a7-d28091744cec-4 No Task File <==== ATTENTION
Task: {AC378946-B861-45BF-91BC-5DB0D0C71456} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {AF8F54A4-E519-4B0B-AFFB-39B2FC819018} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {BC03CFD9-5655-4529-88A3-27611983A453} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8660CF8-BEBC-461F-8A8F-EDEB9DA8FB78} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-03-26 20:07 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-23 20:32 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-04-29 18:03 - 2013-04-29 18:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-11-15 05:24 - 2012-11-02 09:19 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-03-23 20:48 - 2014-03-23 20:49 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-10-08 22:41 - 2013-10-08 22:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 20:23 - 2013-09-09 20:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 16:28 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-01-16 19:33 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2014 02:58:43 PM) (Source: MsiInstaller) (EventID: 11723) (User: SCHLEMMERTOPF)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSI8EC2.tmp

Error: (06/14/2014 02:58:41 PM) (Source: MsiInstaller) (EventID: 11723) (User: SCHLEMMERTOPF)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\Windows\Installer\MSI35E3.tmp

Error: (06/14/2014 02:24:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/14/2014 02:17:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/14/2014 02:17:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/14/2014 02:17:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/14/2014 02:17:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/14/2014 02:17:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/14/2014 02:17:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (06/14/2014 01:42:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SCHLEMMERTOPF)
Description: Die App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (06/14/2014 02:12:54 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:54 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:54 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:53 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:53 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:53 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:53 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:53 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:53 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (06/14/2014 02:12:53 PM) (Source: DCOM) (EventID: 10016) (User: SCHLEMMERTOPF)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SchlemmertopfSandraS-1-5-21-1740782634-1134074537-3814847298-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar


Microsoft Office Sessions:
=========================
Error: (06/14/2014 02:58:43 PM) (Source: MsiInstaller) (EventID: 11723) (User: SCHLEMMERTOPF)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationFailed, entry: InstallationFailed, library: C:\Windows\Installer\MSI8EC2.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 02:58:41 PM) (Source: MsiInstaller) (EventID: 11723) (User: SCHLEMMERTOPF)
Description: Product: Snap.Do -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action InstallationStartUninstall, entry: InstallationStartUninstall, library: C:\Windows\Installer\MSI35E3.tmp (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/14/2014 02:24:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/14/2014 02:17:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sandra\Desktop\esetsmartinstaller_deu.exe

Error: (06/14/2014 02:17:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sandra\Desktop\esetsmartinstaller_deu.exe

Error: (06/14/2014 02:17:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sandra\Desktop\esetsmartinstaller_deu.exe

Error: (06/14/2014 02:17:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sandra\Desktop\esetsmartinstaller_deu.exe

Error: (06/14/2014 02:17:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sandra\Desktop\esetsmartinstaller_deu.exe

Error: (06/14/2014 02:17:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Sandra\Downloads\esetsmartinstaller_deu.exe

Error: (06/14/2014 01:42:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: SCHLEMMERTOPF)
Description: microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos


==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 6029.67 MB
Available physical RAM: 4179.55 MB
Total Pagefile: 6989.67 MB
Available Pagefile: 4944.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:220.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:398.07 GB) (Free:397.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 0FE4DC0A)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Hier schonmal ein großes Lob, dass es so schnell ging und ihr euch freiwillig Zeit nehmt für jemanden wie mich ein derartiges Problem zu lösen. Finde ich echt klasse von euch, macht weiter so

Alt 14.06.2014, 14:36   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 8 64-bit: Snap.do Adware - Standard

Windows 8 64-bit: Snap.do Adware



Danke!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Gibts jetzt noch Probleme mit Deinem Rechner? Oder hast Du noch Fragen?

NEIN?


Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft!
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.

Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind.

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für die Browser , Java , Flash-Player und PDF-Reader , denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine infizierte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank.
    Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Wenn du ein kommerzielles Programm kaufen möchtest, kann ich Dir Kaspersky Antivirus oder Emsisoft Anti-Malware empfehlen (die Freeware-Version davon reicht aber nicht, denn die hat keinen Hintergrundwächter).

    Bevorzugst du ein kostenloses Produkt, dann ist Avast! Free Antivirus eine gute Alternative. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware . Vor jedem Scan die Datenbank updaten.
  • Optional: Browser-in-the-box kombiniert die virtuelle, isolierte Umgebung und die Sicherheit eines Linux Betriebssystems.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons als Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.

  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.
  • Optional: Auch virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista/7/8 ).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Windows 8 64-bit: Snap.do Adware
abgebrochen, anti-malware, entfernen, internet, internet explorer, java update, malwarebytes, meldung, msil/toolbar.linkury.d, msil/toolbar.linkury.e, problem, programm, systemsteuerung, werbung, win32/downloadsponsor.a, win32/elex.ad, win32/thinknice.b, win32/toolbar.linkury.d



Ähnliche Themen: Windows 8 64-bit: Snap.do Adware


  1. Kann Snap.do & Snap.do engine gar nicht deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (3)
  2. Windows 7 Problem mit Snap.do (Firefox)
    Log-Analyse und Auswertung - 15.08.2015 (26)
  3. Windows 7 nach Datei download Virenbefall (ADWARE/SuperFish.342192 und ADWARE/CrossRider.Gen7)
    Log-Analyse und Auswertung - 23.07.2015 (36)
  4. Snap.do / Snap.do engine entdeckt
    Log-Analyse und Auswertung - 23.05.2015 (9)
  5. Windows 7: Snap.do und Webepopups
    Plagegeister aller Art und deren Bekämpfung - 23.02.2015 (15)
  6. Windows 8.1:Variant.Adware.Graftor.159320+Adware.Generic.1133960-Virenbefall?
    Log-Analyse und Auswertung - 13.01.2015 (32)
  7. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  8. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  9. Windows 7: ms search und snap.do Problem
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  10. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  11. SNAP.DO bei Windows 7
    Log-Analyse und Auswertung - 09.04.2014 (5)
  12. Windows 8.1: Snap.do nicht deinstallierbar
    Plagegeister aller Art und deren Bekämpfung - 07.04.2014 (13)
  13. Windows 8: dlprotect und snap do
    Log-Analyse und Auswertung - 28.03.2014 (17)
  14. Snap.do und andere AdWare eingefangen
    Log-Analyse und Auswertung - 04.11.2013 (9)
  15. Windows 7: Snap.do loswerden
    Log-Analyse und Auswertung - 19.10.2013 (4)
  16. Snap.Do Trojaner! Wie entferne ich Snap.Do?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2013 (12)
  17. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)

Zum Thema Windows 8 64-bit: Snap.do Adware - Also mein Problem ist folgendes: Seitdem ich heute früh ein Video angucken wollte habe ich dieses Programm Snap.do auf meinem Rechner. Bevor das Video gestartet ist hat es mir eine - Windows 8 64-bit: Snap.do Adware...
Archiv
Du betrachtest: Windows 8 64-bit: Snap.do Adware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.