|
Plagegeister aller Art und deren Bekämpfung: "A1 <rechnung@a1.net" in Word geöffnetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.07.2014, 21:07 | #1 |
| "A1 <rechnung@a1.net" in Word geöffnet Hallo, ich habe heute ein Mail von "A1 <rechnung@a1.net" erhalten und leider die Worddatei geöffnet. Die darin liegende Datei habe ich aber nicht mehr geöffnet. Ist mein Rechner nun von einem Trojaner befallen? Mein Norton Virenprog. hat 6 Tracking Cookies gelöscht. Bitte um Hilfe. Danke Florii |
01.07.2014, 21:42 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | "A1 <rechnung@a1.net" in Word geöffnet Hi, schauen wir mal nach...
__________________Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweis: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst. Los geht's: Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
01.07.2014, 22:08 | #3 |
| "A1 <rechnung@a1.net" in Word geöffnet Hallo, danke für die rasche Info.
__________________Hier die FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014 Ran by Spitzer (administrator) on SPITZER-PC-2 on 01-07-2014 23:04:00 Running from C:\Users\Spitzer\Desktop Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe () G:\Programme\Allway Sync\Bin\SyncService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\n360.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (TeamViewer GmbH) G:\Programme\TeamViewer\TeamViewer_Service.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\n360.exe (TeamViewer GmbH) G:\Programme\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (TeamViewer GmbH) G:\Programme\TeamViewer\tv_w32.exe (TeamViewer GmbH) G:\Programme\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (OLYMPUS IMAGING CORP.) G:\Programme\Olympus\Olympus Viewer 2\OV2Monitor.exe (Plex, Inc.) G:\Programme\Plex Media Server\Plex Media Server.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Samsung Electronics Co., Ltd.) G:\Programme\Samsung New PC Studio\NPSAgent.exe () C:\Users\Spitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Akamai Technologies, Inc.) C:\Users\Spitzer\AppData\Local\Akamai\netsession_win.exe (PIXELA CORPORATION) C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Akamai Technologies, Inc.) C:\Users\Spitzer\AppData\Local\Akamai\netsession_win.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Geek Software GmbH) G:\Programme\PDF24\pdf24.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe () G:\Programme\Plex Media Server\PlexScriptHost.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe () G:\Programme\Plex Media Server\PlexScriptHost.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realonemessagecenter.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM-x32\...\Run: [OV2_Monitor] => G:\Programme\Olympus\Olympus Viewer 2\FirstStart.exe [55656 2013-01-10] (OLYMPUS IMAGING CORP.) HKLM-x32\...\Run: [Olympus ib] => C:\Program Files (x86)\Olympus\ib\olycamdetect.exe [96128 2012-02-02] (OLYMPUS IMAGING CORP.) HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe [223104 2011-08-30] (CyberLink Corp.) HKLM-x32\...\Run: [NPSStartup] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PDFPrint] => G:\Programme\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-05-07] (RealNetworks, Inc.) HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\Run: [OV2_Monitor] => G:\Programme\Olympus\Olympus Viewer 2\OV2Monitor.exe [231784 2013-01-10] (OLYMPUS IMAGING CORP.) HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\Run: [Plex Media Server] => G:\Programme\Plex Media Server\Plex Media Server.exe [2699344 2011-11-26] (Plex, Inc.) HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-01-31] (AMD) HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\Run: [AutoStartNPSAgent] => G:\Programme\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Spitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Spitzer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\MountPoints2: H - H:\DTLplus_Launcher.exe HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\MountPoints2: {2625d031-09a8-11e2-aaee-3085a9400768} - M:\DTLplus_Launcher.exe HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\MountPoints2: {2e207dc0-0d8c-11e2-90d6-806e6f6e6963} - F:\AUTORUN.EXE HKU\S-1-5-21-970742469-3429963512-3099405328-1000\...\MountPoints2: {d822a38b-5e71-11e2-9029-3085a9400768} - E:\Startme.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk ShortcutTarget: Camera Monitor HD.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Spitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Spitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> G:\Spiele\XFIRE\Xfire.exe (No File) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.3.0.12\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: Symbol-Overlay-Steuerprogramm für AutoCAD Digitale Signaturen -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65315E1DFBCCCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.at/ SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=649a6597-f354-4cb4-88ac-cea63116c7e8&searchtype=ds&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=649a6597-f354-4cb4-88ac-cea63116c7e8&searchtype=ds&q={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: ProtectMe Class - {0C9F4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\ProtectMe\protectme.dll (ProtectMe) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 FireFox: ======== FF ProfilePath: C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default FF Homepage: hxxp://www.google.at/webhp?source=search_app FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - G:\Programme\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - G:\Programme\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF Plugin HKCU: @phonostar.de/Schlagerhöllen-Player - G:\Programme\Schlagerhoellen-Player\npphonostarDetectNP.dll No File FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Spitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin HKCU: opencandy.com/Ignite - C:\Users\Spitzer\AppData\Local\Ignite\npOCDM.1.1.4.0.dll No File FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF user.js: detected! => C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF SearchPlugin: C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\searchplugins\MyStart.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Protect Me - C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\Extensions\protectme@protectme.com [2013-01-21] FF Extension: Ad-Aware Security Add-on - C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013-08-31] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-01-09] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-07-01] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-01] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-23] FF HKLM-x32\...\Firefox\Extensions: [{53D8DD28-1C83-41F3-B171-C2ED5B3E5DE8}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-07] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-01] ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] () R2 BotkindSyncService; G:\Programme\Allway Sync\Bin\SyncService.exe [182784 2013-02-05] () [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\N360.exe [265040 2014-05-11] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-07] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TeamViewer8; G:\Programme\TeamViewer\TeamViewer_Service.exe [5093216 2014-02-07] (TeamViewer GmbH) ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-06-09] () R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20140630.001\IDSvia64.sys [525016 2014-06-06] (Symantec Corporation) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-06-09] () R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140701.002\ENG64.SYS [126040 2014-06-07] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20140701.002\EX64.SYS [2099288 2014-06-07] (Symantec Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-03] (Duplex Secure Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-22] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) U3 adue9dot; C:\Windows\System32\Drivers\adue9dot.sys [0 ] (Microsoft Corporation) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 vdrive; system32\DRIVERS\vdrive.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-01 23:04 - 2014-07-01 23:04 - 00031250 _____ () C:\Users\Spitzer\Desktop\FRST.txt 2014-07-01 23:03 - 2014-07-01 23:04 - 00000000 ____D () C:\FRST 2014-07-01 23:02 - 2014-07-01 23:03 - 02083840 _____ (Farbar) C:\Users\Spitzer\Desktop\FRST64.exe 2014-07-01 22:14 - 2014-07-01 22:14 - 00012084 _____ () C:\Users\Spitzer\Desktop\Malwarebytes Scan 01.07.14.txt 2014-07-01 22:09 - 2014-07-01 22:09 - 00002424 _____ () C:\Users\Spitzer\Desktop\Norton Scan 1.07.14.txt 2014-07-01 21:20 - 2014-07-01 22:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-01 21:20 - 2014-07-01 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-01 21:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-01 21:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-18 09:21 - 2014-07-01 21:14 - 00000000 ____D () C:\Users\Spitzer\AppData\Local\Adobe 2014-06-11 19:39 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 19:39 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 19:39 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 19:39 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 19:39 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 19:39 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 19:39 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 19:39 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 19:39 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 19:39 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 19:39 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 19:39 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 19:39 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 19:39 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 19:39 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 19:39 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 19:39 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 19:39 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 19:39 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 19:39 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 19:39 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 19:39 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 19:39 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 19:39 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-11 19:39 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-11 19:39 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 19:39 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 19:39 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 19:39 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-11 19:39 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 19:39 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 19:39 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 19:39 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-11 19:39 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 19:39 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 19:39 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 19:39 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-11 19:39 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-11 19:39 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 19:39 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 19:39 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 19:39 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 19:39 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 19:39 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-11 19:39 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 19:39 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 19:39 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 19:39 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 19:39 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 19:39 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 19:39 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 19:39 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-11 19:39 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-11 19:39 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-06-11 19:39 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 19:39 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 19:39 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 19:39 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 19:39 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 19:39 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 19:39 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 19:39 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-11 19:39 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 19:39 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-11 19:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-11 19:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-11 19:38 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 19:38 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-09 00:41 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-06-09 00:41 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-06-09 00:41 - 2007-01-08 15:30 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-06-09 00:41 - 2007-01-08 15:30 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-06-09 00:41 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-06-09 00:41 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-06-09 00:41 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-06-09 00:41 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll 2014-06-09 00:41 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-06-09 00:41 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-06-09 00:41 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-06-09 00:41 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-06-09 00:41 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-06-09 00:41 - 2006-09-28 16:04 - 00091928 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-06-09 00:41 - 2006-09-28 16:04 - 00068888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2014-06-09 00:41 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-06-09 00:41 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-06-09 00:41 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-06-09 00:41 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll 2014-06-09 00:41 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-06-09 00:41 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-06-09 00:41 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-06-09 00:41 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-06-09 00:41 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-06-09 00:41 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2014-06-09 00:30 - 2014-06-09 00:30 - 00000873 _____ () C:\Users\Spitzer\Desktop\Spellforce 2 - Dragon Storm.lnk 2014-06-09 00:28 - 2014-06-09 00:47 - 00088480 _____ () C:\Windows\system32\Drivers\atksgt.sys 2014-06-09 00:28 - 2014-06-09 00:47 - 00046400 _____ () C:\Windows\system32\Drivers\lirsgt.sys ==================== One Month Modified Files and Folders ======= 2014-07-01 23:04 - 2014-07-01 23:04 - 00031250 _____ () C:\Users\Spitzer\Desktop\FRST.txt 2014-07-01 23:04 - 2014-07-01 23:03 - 00000000 ____D () C:\FRST 2014-07-01 23:03 - 2014-07-01 23:02 - 02083840 _____ (Farbar) C:\Users\Spitzer\Desktop\FRST64.exe 2014-07-01 22:38 - 2013-01-26 21:16 - 00000000 ____D () C:\Users\Spitzer\Documents\Outlook-Dateien 2014-07-01 22:36 - 2012-10-03 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-01 22:20 - 2009-07-14 19:58 - 00702926 _____ () C:\Windows\system32\perfh007.dat 2014-07-01 22:20 - 2009-07-14 19:58 - 00150566 _____ () C:\Windows\system32\perfc007.dat 2014-07-01 22:20 - 2009-07-14 07:13 - 01629212 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-01 22:20 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-01 22:20 - 2009-07-14 06:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-01 22:18 - 2012-09-19 21:26 - 01498735 _____ () C:\Windows\WindowsUpdate.log 2014-07-01 22:15 - 2014-03-05 21:18 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-970742469-3429963512-3099405328-1000 2014-07-01 22:15 - 2014-03-05 21:18 - 00003222 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-970742469-3429963512-3099405328-1000 2014-07-01 22:15 - 2013-05-15 22:08 - 00000000 ____D () C:\ProgramData\boost_interprocess 2014-07-01 22:15 - 2012-09-20 21:07 - 00434240 _____ () C:\Windows\PFRO.log 2014-07-01 22:15 - 2012-09-19 21:43 - 00163736 _____ () C:\Users\Spitzer\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-01 22:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-01 22:15 - 2009-07-14 06:51 - 00090540 _____ () C:\Windows\setupact.log 2014-07-01 22:15 - 2009-07-14 06:45 - 05188528 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-01 22:14 - 2014-07-01 22:14 - 00012084 _____ () C:\Users\Spitzer\Desktop\Malwarebytes Scan 01.07.14.txt 2014-07-01 22:13 - 2014-07-01 21:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-01 22:10 - 2012-10-11 13:39 - 00000000 ____D () C:\Users\Spitzer\AppData\Local\NPE 2014-07-01 22:09 - 2014-07-01 22:09 - 00002424 _____ () C:\Users\Spitzer\Desktop\Norton Scan 1.07.14.txt 2014-07-01 22:09 - 2012-09-28 22:14 - 00000000 ____D () C:\ProgramData\Norton 2014-07-01 21:20 - 2014-07-01 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-01 21:20 - 2013-09-03 21:17 - 00000914 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-01 21:20 - 2013-09-03 21:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-07-01 21:20 - 2013-08-31 20:31 - 00000000 ____D () C:\Users\Spitzer\AppData\Roaming\Malwarebytes 2014-07-01 21:20 - 2013-08-31 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-01 21:20 - 2013-08-31 20:31 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-07-01 21:14 - 2014-06-18 09:21 - 00000000 ____D () C:\Users\Spitzer\AppData\Local\Adobe 2014-07-01 21:14 - 2012-11-13 21:55 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F2346FCA-F008-42FC-B067-84BA90BB2148} 2014-06-27 22:39 - 2014-04-21 20:39 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-970742469-3429963512-3099405328-1000 2014-06-27 22:39 - 2014-04-21 20:39 - 00003244 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-970742469-3429963512-3099405328-1000 2014-06-19 13:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-17 07:30 - 2012-10-03 19:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-06-17 07:30 - 2012-10-03 19:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-17 07:30 - 2012-10-03 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-06-12 21:15 - 2013-01-09 21:16 - 00000000 ____D () C:\Program Files (x86)\SweetIM 2014-06-11 22:12 - 2013-08-12 23:16 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-11 22:11 - 2012-09-28 22:25 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-11 22:11 - 2012-09-19 21:51 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 22:10 - 2014-05-06 22:29 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-11 22:06 - 2012-09-28 22:47 - 00000000 ____D () C:\Users\Spitzer\AppData\Local\CrashDumps 2014-06-11 20:11 - 2013-09-03 21:47 - 00000000 ____D () C:\Users\Spitzer\AppData\Local\Akamai 2014-06-09 01:08 - 2014-03-05 21:16 - 00000000 ____D () C:\ProgramData\Real 2014-06-09 01:08 - 2012-11-01 13:22 - 00000000 ____D () C:\ProgramData\HP 2014-06-09 01:08 - 2012-10-11 20:49 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-06-09 01:08 - 2012-09-28 22:42 - 00000000 __RHD () C:\MSOCache 2014-06-09 01:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-06-09 01:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-09 00:47 - 2014-06-09 00:28 - 00088480 _____ () C:\Windows\system32\Drivers\atksgt.sys 2014-06-09 00:47 - 2014-06-09 00:28 - 00046400 _____ () C:\Windows\system32\Drivers\lirsgt.sys 2014-06-09 00:41 - 2012-09-30 21:48 - 00225932 _____ () C:\Windows\DirectX.log 2014-06-09 00:30 - 2014-06-09 00:30 - 00000873 _____ () C:\Users\Spitzer\Desktop\Spellforce 2 - Dragon Storm.lnk 2014-06-09 00:26 - 2014-01-15 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpellForce 2014-06-09 00:26 - 2014-01-15 00:11 - 00000000 ____D () C:\Users\Spitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpellForce 2014-06-09 00:26 - 2012-09-19 21:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-09 00:09 - 2012-09-19 21:28 - 00000000 ____D () C:\Users\Spitzer 2014-06-08 11:13 - 2014-06-11 19:38 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-11 19:38 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-02 21:59 - 2012-11-30 21:41 - 00000000 ____D () C:\Users\Spitzer\Documents\Eigene Scans Some content of TEMP: ==================== C:\Users\Spitzer\AppData\Local\Temp\AcDeltree.exe C:\Users\Spitzer\AppData\Local\Temp\ose00000.exe C:\Users\Spitzer\AppData\Local\Temp\ose00001.exe C:\Users\Spitzer\AppData\Local\Temp\ose00002.exe C:\Users\Spitzer\AppData\Local\Temp\ose00003.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-19 13:05 ==================== End Of Log ============================ Hier die Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014 Ran by Spitzer at 2014-07-01 23:04:20 Running from C:\Users\Spitzer\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.) AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc) Allway Sync version 12.14.2 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc) Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC) AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden AMD Catalyst Install Manager (HKLM\...\{3C378793-5288-0165-FCA4-D319D5E4A490}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden AutoCAD 2012 - Deutsch (HKLM\...\AutoCAD 2012 - Deutsch) (Version: 18.2.51.0 - Autodesk) AutoCAD 2012 - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden AutoCAD 2012 Language Pack - Deutsch (Version: 18.2.51.0 - Autodesk) Hidden Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk) Autodesk Design Review 2012 (HKLM-x32\...\Autodesk Design Review 2012) (Version: 12.0.0.93 - Autodesk, Inc.) Autodesk Design Review 2012 (x32 Version: 12.0.0.93 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.) Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden Autodesk Inventor Fusion plug-in for AutoCAD 2012 (HKLM\...\Autodesk Inventor Fusion Plugin for AutoCAD 2012) (Version: 0.0.1.138 - Autodesk) Autodesk Inventor Fusion Plugin for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk) Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk) Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.) BrowserDefender (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - Bit89 Inc) <==== ATTENTION BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden C4380 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden C4380_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden Corel Graphics - Windows Shell Extension (HKLM\...\_{B16BB34E-B7BF-47DF-8658-BEABCF40CD6A}) (Version: 16.1.0.843 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.1.843 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation) CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft) Der Herr der Ringe Online (HKCU\...\lotro_midres_de) (Version: - ) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden Digital Photo Navigator 1.5 (HKLM-x32\...\{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}) (Version: - ) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC) DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION DownTango (HKLM-x32\...\DownTango) (Version: 1.0.716 - Red Sky Sp. z o.o.) <==== ATTENTION DVD-Cover v.1.5.1.6 (HKLM-x32\...\ST6UNST #1) (Version: - ) EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies) Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden Everio MediaBrowser HD Edition (HKLM-x32\...\{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}) (Version: 2.02.222 - PIXELA) FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Free Viewer (HKLM\...\{5EF92F52-FA16-4CA6-A204-811524BEE514}_is1) (Version: 1.0 - Free Viewer, LLC) Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.) FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - ) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Happy Cloud Client (HKCU\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.) HOFER Bestellsoftware 4.12.1 (HKLM-x32\...\HOFER Bestellsoftware) (Version: 4.12.1 - ORWO Net) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HydraVision (x32 Version: 4.2.228.0 - Advanced Micro Devices, Inc.) Hidden IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation) Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle) K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - ) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation) Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden Mozilla Firefox 17.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 de)) (Version: 17.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 17.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.) Olympus ib (HKLM-x32\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.6.3731 - OLYMPUS IMAGING CORP.) Olympus ib (x32 Version: 1.6.3731 - OLYMPUS IMAGING CORP.) Hidden OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.) PDF Creator (HKLM\...\{E52DB9E2-9591-4210-A96C-CF4F4DBE31D7}_is1) (Version: - PDF Creator) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDFCREATOR Port Monitor (HKLM\...\PDFCREATOR Port Monitor) (Version: - ) Plex Media Server (HKLM-x32\...\{582D40A1-995E-40D5-A399-54EA35481C6E}) (Version: 0.9.502 - Plex, Inc.) ProtectMe (HKLM-x32\...\ProtectMe) (Version: 0.0.0.1 - protectme) PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - ) Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SpellForce (HKLM-x32\...\SpellForce) (Version: SpellForce v1.52 - JoWooD Productions Software AG) Spellforce 2 - Dragon Storm (HKLM-x32\...\{339E300B-AD83-4013-BABF-E5C0DDAAFE7C}) (Version: 1.00.0000 - JoWooD Productions Software AG) SpellForce 2 - Shadow Wars (HKLM-x32\...\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}) (Version: 1.00.0000 - Ihr Firmenname) SpellForce 2 Update v1.02 (HKLM-x32\...\SpellForce 2 Update v1.02) (Version: - ) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden SweetIM Bundle by SweetPacks (HKLM-x32\...\SweetIM Bundle by SweetPacks) (Version: 1.0.0.0 - SweetPacks LTD) <==== ATTENTION SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) Toolbar 4.7 by SweetPacks (x32 Version: 4.7.0004 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.) Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - ) Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== ATTENTION ==================== Restore Points ========================= 29-05-2014 16:25:13 Geplanter Prüfpunkt 08-06-2014 22:26:41 Installiert Spellforce 2 - Dragon Storm 08-06-2014 22:41:02 DirectX wurde installiert 11-06-2014 20:10:28 Windows Update 19-06-2014 11:12:30 Geplanter Prüfpunkt 01-07-2014 20:11:28 Norton 360 Registry Clean ==================== Hosts content: ========================== 2009-07-14 04:34 - 2012-12-02 20:37 - 00000854 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= Task: {025BABEF-2CBD-4E4E-A1B0-FF2D973D5CDB} - System32\Tasks\{E6EE6FAC-E5DF-4CA7-8022-07BCC26D914A} => G:\Programme\FCIV\fciv.exe [2004-05-13] () Task: {0557544B-624B-4C3E-A49B-F0E1B814704E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {29C7D898-981F-4942-A367-D1182B5D1817} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation) Task: {3B1C90BE-D21E-4346-85BF-0CF66FB1379E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-970742469-3429963512-3099405328-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {3C3E9F10-7488-4974-8286-C80EAD6F4C30} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {3D1E7320-A56B-4CAB-8CBA-8782B7F9F215} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => Rundll32.exe url.dll,OpenURL hxxp://go.microsoft.com/fwlink/?LinkID=230628 Task: {468F793D-2B94-4B8D-9D41-E0953ED6F3DF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {4C08BBB7-B514-4528-AEFA-E1B019B22300} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-970742469-3429963512-3099405328-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {5B931A81-411E-4C58-9F09-01B28CD83EE2} - System32\Tasks\{72611942-B0B0-473F-BEE9-18F53A36AB22} => G:\Programme\FCIV\fciv.exe [2004-05-13] () Task: {6E96C1B4-AC06-42C7-864C-E3BB049CECAF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {7F8F8DF3-3965-4E45-BCDD-00495B742D85} - System32\Tasks\{054800C4-4604-4D3B-B7C8-9A37328BA408} => G:\Programme\FCIV\fciv.exe [2004-05-13] () Task: {878FAE14-8BC3-4078-AFD3-F9EBE7F2442A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-970742469-3429963512-3099405328-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.) Task: {8E928FFE-7B3A-4630-B341-DA9912CC406E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-970742469-3429963512-3099405328-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {9A2B8359-1316-48DC-A15C-1351E7BC5F7A} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe Task: {AC82A1EC-7E36-437D-B0E8-A0775E43C55D} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B55E62A8-58D8-4D54-94FC-CE12D1A846DB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {B58A2008-999E-4354-B0B0-FA9405E5454D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-970742469-3429963512-3099405328-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-07] (RealNetworks, Inc.) Task: {BAED56D9-BC31-4DCF-B483-5E729599171C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {C374D9AD-97B5-4AD9-A573-D5D75A41BE57} - System32\Tasks\{4A11646F-728B-4B7A-90BE-AF26CC8D168F} => G:\Programme\FCIV\fciv.exe [2004-05-13] () Task: {EAE30734-4AF0-4022-B934-531DC6026825} - \EPUpdater No Task File <==== ATTENTION Task: {EEA7A0A8-78D8-4AD6-A447-027034127A19} - System32\Tasks\AdobeAAMUpdater-1.0-Spitzer-PC-2-Spitzer => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: {F88708FF-CA01-4DAF-98CB-5C78A70180F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-17] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-09 21:17 - 2012-02-22 16:40 - 00087040 _____ () C:\Windows\System32\LendingQBnt64.dll 2013-01-09 21:18 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll 2011-02-02 14:08 - 2011-02-02 14:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe 2013-02-08 23:24 - 2013-02-05 15:11 - 00182784 _____ () G:\Programme\Allway Sync\Bin\SyncService.exe 2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Spitzer\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2011-11-26 03:08 - 2011-11-26 03:08 - 00033360 _____ () G:\Programme\Plex Media Server\PlexScriptHost.exe 2014-05-07 21:02 - 2014-05-07 21:02 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 01009744 _____ () G:\Programme\Plex Media Server\libxml2.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00526464 _____ () G:\Programme\Plex Media Server\sqlite3.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00086608 _____ () G:\Programme\Plex Media Server\soci_sqlite3-vc80-3_0.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00150096 _____ () G:\Programme\Plex Media Server\soci_core-vc80-3_0.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00373328 _____ () G:\Programme\Plex Media Server\CORE_RL_Magick++_.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00178256 _____ () G:\Programme\Plex Media Server\CORE_RL_lcms_.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 05564912 _____ () G:\Programme\Plex Media Server\avcodec-52.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00191192 _____ () G:\Programme\Plex Media Server\avutil-50.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 01119544 _____ () G:\Programme\Plex Media Server\avformat-52.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00628816 _____ () G:\Programme\Plex Media Server\tag.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 08493648 _____ () G:\Programme\Plex Media Server\WebKit.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00952400 _____ () G:\Programme\Plex Media Server\CFLite.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 01290832 _____ () G:\Programme\Plex Media Server\JavaScriptCore.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 01038416 _____ () G:\Programme\Plex Media Server\cairo.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00084104 _____ () G:\Programme\Plex Media Server\zlib1.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2013-03-09 14:23 - 2004-09-09 18:13 - 00364544 ____N () C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll 2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2011-11-26 03:09 - 2011-11-26 03:09 - 00049744 _____ () G:\Programme\Plex Media Server\DLLs\_socket.pyd 2011-11-26 03:09 - 2011-11-26 03:09 - 00824912 _____ () G:\Programme\Plex Media Server\DLLs\_ssl.pyd 2011-11-26 03:09 - 2011-11-26 03:09 - 00365648 _____ () G:\Programme\Plex Media Server\DLLs\_hashlib.pyd 2011-11-26 03:09 - 2011-11-26 03:09 - 00032848 _____ () G:\Programme\Plex Media Server\Exts\simplejson\_speedups.pyd 2011-11-26 03:09 - 2011-11-26 03:09 - 00841296 _____ () G:\Programme\Plex Media Server\Exts\lxml\etree.pyd 2011-11-26 03:08 - 2011-11-26 03:08 - 00063056 _____ () G:\Programme\Plex Media Server\libexslt.dll 2011-11-26 03:08 - 2011-11-26 03:08 - 00173136 _____ () G:\Programme\Plex Media Server\libxslt.dll 2011-11-26 03:09 - 2011-11-26 03:09 - 00195664 _____ () G:\Programme\Plex Media Server\Exts\lxml\objectify.pyd 2011-11-26 03:08 - 2011-11-26 03:08 - 00016976 _____ () G:\Programme\Plex Media Server\DLLs\select.pyd 2011-11-26 03:09 - 2011-11-26 03:09 - 00057424 _____ () G:\Programme\Plex Media Server\Exts\OpenSSL\crypto.pyd 2011-11-26 03:09 - 2011-11-26 03:09 - 00016976 _____ () G:\Programme\Plex Media Server\Exts\OpenSSL\rand.pyd 2011-11-26 03:09 - 2011-11-26 03:09 - 00044112 _____ () G:\Programme\Plex Media Server\Exts\OpenSSL\SSL.pyd 2011-11-26 03:08 - 2011-11-26 03:08 - 00093776 _____ () G:\Programme\Plex Media Server\DLLs\_ctypes.pyd 2011-11-26 03:08 - 2011-11-26 03:08 - 00134224 _____ () G:\Programme\Plex Media Server\DLLs\pyexpat.pyd 2011-11-26 03:08 - 2011-11-26 03:08 - 00589904 _____ () G:\Programme\Plex Media Server\DLLs\unicodedata.pyd 2014-05-07 21:02 - 2014-05-07 21:02 - 00572504 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/19/2014 03:09:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30 Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.525, Zeitstempel: 0x52a23862 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00076f11 ID des fehlerhaften Prozesses: 0x1860 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (06/19/2014 02:56:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17126, Zeitstempel: 0x53882e30 Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.525, Zeitstempel: 0x52a23862 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0041cd9a ID des fehlerhaften Prozesses: 0x2394 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (06/11/2014 10:06:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: recordingmanager.exe, Version: 17.0.9.18, Zeitstempel: 0x53423f1c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce753 ID des fehlerhaften Prozesses: 0x1208 Startzeit der fehlerhaften Anwendung: 0xrecordingmanager.exe0 Pfad der fehlerhaften Anwendung: recordingmanager.exe1 Pfad des fehlerhaften Moduls: recordingmanager.exe2 Berichtskennung: recordingmanager.exe3 Error: (06/10/2014 10:42:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4 Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.525, Zeitstempel: 0x52a23862 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0041cd9a ID des fehlerhaften Prozesses: 0x1978 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (06/10/2014 10:19:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: recordingmanager.exe, Version: 17.0.9.18, Zeitstempel: 0x53423f1c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce753 ID des fehlerhaften Prozesses: 0x19e0 Startzeit der fehlerhaften Anwendung: 0xrecordingmanager.exe0 Pfad der fehlerhaften Anwendung: recordingmanager.exe1 Pfad des fehlerhaften Moduls: recordingmanager.exe2 Berichtskennung: recordingmanager.exe3 Error: (05/29/2014 08:46:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17107, Zeitstempel: 0x536855c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0037f57a ID des fehlerhaften Prozesses: 0xaf4 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/29/2014 10:33:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17107, Zeitstempel: 0x536855c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0037f57a ID des fehlerhaften Prozesses: 0x1260 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/29/2014 10:28:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17107, Zeitstempel: 0x536855c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0037f57a ID des fehlerhaften Prozesses: 0x5c8 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/26/2014 08:46:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17041, Zeitstempel: 0x531807e4 Name des fehlerhaften Moduls: MSHTML.dll, Version: 11.0.9600.17107, Zeitstempel: 0x536855c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0037f57a ID des fehlerhaften Prozesses: 0x1b90 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (05/20/2014 11:33:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: recordingmanager.exe, Version: 17.0.9.18, Zeitstempel: 0x53423f1c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce753 ID des fehlerhaften Prozesses: 0xa5c Startzeit der fehlerhaften Anwendung: 0xrecordingmanager.exe0 Pfad der fehlerhaften Anwendung: recordingmanager.exe1 Pfad des fehlerhaften Moduls: recordingmanager.exe2 Berichtskennung: recordingmanager.exe3 System errors: ============= Error: (06/09/2014 00:44:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/09/2014 00:44:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/09/2014 00:44:06 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (06/09/2014 00:41:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/09/2014 00:39:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/09/2014 00:39:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/09/2014 00:28:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (06/09/2014 00:28:34 AM) (Source: Application Popup) (EventID: 875) (User: ) Description: Treiber atksgt.sys konnte nicht geladen werden. Error: (06/09/2014 00:09:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SRTSP Error: (06/09/2014 00:09:41 AM) (Source: SRTSP) (EventID: 4) (User: ) Description: Error loading virus definitions. Microsoft Office Sessions: ========================= Error: (06/19/2014 03:09:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.1712653882e30atidxx32.dll8.17.10.52552a23862c000000500076f11186001cf8ba0edd9cfddC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllee19706b-f7b2-11e3-912d-3085a9400768 Error: (06/19/2014 02:56:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.1712653882e30atidxx32.dll8.17.10.52552a23862c00000050041cd9a239401cf8bbdce3af14cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dll173be236-f7b1-11e3-912d-3085a9400768 Error: (06/11/2014 10:06:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: recordingmanager.exe17.0.9.1853423f1cntdll.dll6.1.7601.18247521ea8e7c0000374000ce753120801cf859bda3dfe97C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\SysWOW64\ntdll.dlle010d699-f1a3-11e3-bddd-3085a9400768 Error: (06/10/2014 10:42:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4atidxx32.dll8.17.10.52552a23862c00000050041cd9a197801cf84da2dc44378C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\atidxx32.dllad009094-f0df-11e3-8afc-3085a9400768 Error: (06/10/2014 10:19:59 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: recordingmanager.exe17.0.9.1853423f1cntdll.dll6.1.7601.18247521ea8e7c0000374000ce75319e001cf84da2e0e0e20C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\SysWOW64\ntdll.dll97e043ec-f0dc-11e3-8afc-3085a9400768 Error: (05/29/2014 08:46:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4MSHTML.dll11.0.9600.17107536855c9c00000050037f57aaf401cf7b6d588f4371C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll877fedfe-e761-11e3-a8dd-3085a9400768 Error: (05/29/2014 10:33:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4MSHTML.dll11.0.9600.17107536855c9c00000050037f57a126001cf7b1810e538d5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dlle0bb59fe-e70b-11e3-be7c-3085a9400768 Error: (05/29/2014 10:28:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4MSHTML.dll11.0.9600.17107536855c9c00000050037f57a5c801cf7b1137d3edccC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll4495e4b9-e70b-11e3-be7c-3085a9400768 Error: (05/26/2014 08:46:43 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: IEXPLORE.EXE11.0.9600.17041531807e4MSHTML.dll11.0.9600.17107536855c9c00000050037f57a1b9001cf78adae0e05d2C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll7efa696c-e4a1-11e3-8a99-3085a9400768 Error: (05/20/2014 11:33:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: recordingmanager.exe17.0.9.1853423f1cntdll.dll6.1.7601.18247521ea8e7c0000374000ce753a5c01cf744b272e3ee2C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exeC:\Windows\SysWOW64\ntdll.dll5f5be989-e066-11e3-8dbd-3085a9400768 ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 16323.31 MB Available physical RAM: 13465.96 MB Total Pagefile: 32644.8 MB Available Pagefile: 29788.93 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:18.82 GB) NTFS Drive g: (Flo 1000 GB) (Fixed) (Total:931.51 GB) (Free:716.65 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 036D98CA) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: DE617192) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
01.07.2014, 22:24 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | "A1 <rechnung@a1.net" in Word geöffnet Hi, Code:
ATTFilter Hosts: 127.0.0.1 activate.adobe.com Adobe-Software gekauft? Nur zur Info: http://www.trojaner-board.de/95394-c...-software.html
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.07.2014, 22:34 | #5 |
| "A1 <rechnung@a1.net" in Word geöffnet Keine Ahnung, hat vermutlich mein Sohn installiert. Ich weiß nur ich hatte mal eine 30 Tage Testversion von Adobe Photoshop. Soll ich das jetzt löschen um weiter machen zu können? Schöne Grüße |
01.07.2014, 22:39 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | "A1 <rechnung@a1.net" in Word geöffnet Naja, ich nehme an, dass die 30 Tage schon vorbei sind. Ja, bitte deinstallieren.
__________________ --> "A1 <rechnung@a1.net" in Word geöffnet |
01.07.2014, 22:46 | #7 |
| "A1 <rechnung@a1.net" in Word geöffnet Soll ich anschließend wieder FRST u. Addition durchlaufen lassen und anhängen? Brauche ich die Programme nur deinstallieren oder wo ist diese Datei abgelegt? Lg |
01.07.2014, 22:48 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | "A1 <rechnung@a1.net" in Word geöffnet Nur Deinstallieren...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.07.2014, 22:59 | #9 |
| "A1 <rechnung@a1.net" in Word geöffnet Ich glaub ich habs, nur noch einen Systemstart und dann sollte das Zeug weg sein. Lg |
01.07.2014, 23:25 | #10 |
/// TB-Ausbilder /// Anleitungs-Guru | "A1 <rechnung@a1.net" in Word geöffnet Ok, machen wir mal weiter... Schritt 1 Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter Hosts: 127.0.0.1 activate.adobe.com Toolbar 4.7 by SweetPacks (x32 Version: 4.7.0004 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION SweetIM for Messenger 3.7 (x32 Version: 3.7.0007 - SweetIM Technologies Ltd.) Hidden <==== ATTENTION SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=649a6597-f354-4cb4-88ac-cea63116c7e8&searchtype=ds&q={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=AT&userid=649a6597-f354-4cb4-88ac-cea63116c7e8&searchtype=ds&q={searchTerms} FF Plugin HKCU: opencandy.com/Ignite - C:\Users\Spitzer\AppData\Local\Ignite\npOCDM.1.1.4.0.dll No File
Schritt 2 Bitte deinstalliere folgende Programme: Yontoo 1.10.03 Update Manager for SweetPacks 1.1 Toolbar 4.7 by SweetPacks SweetIM Bundle by SweetPacks SweetIM for Messenger 3.7 DownTango Download Updater BrowserDefender Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren. Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 4 Scan mit Malwarebytes Antimalware Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits". Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten". Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...) Poste mir den Inhalt der Logdatei. Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle. Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread. Schritt 5 Downloade Dir HitmanProauf Deinen Desktop: HitmanPro - 32 Bit HitmanPro - 64 Bit
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.07.2014, 00:11 | #11 |
| "A1 <rechnung@a1.net" in Word geöffnet Hier die TST von AdwCleaner, Schritt 4/5 mache ich nun. Code:
ATTFilter # AdwCleaner v3.214 - Bericht erstellt am 02/07/2014 um 00:56:24 # Aktualisiert 29/06/2014 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzername : Spitzer - SPITZER-PC-2 # Gestartet von : C:\Users\Spitzer\Desktop\adwcleaner_3.214.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\blekko toolbars Ordner Gelöscht : C:\ProgramData\BrowserDefender Ordner Gelöscht : C:\ProgramData\SweetIM Ordner Gelöscht : C:\ProgramData\Uniblue Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtectMe Ordner Gelöscht : C:\Program Files (x86)\Delta Ordner Gelöscht : C:\Program Files (x86)\ProtectMe Ordner Gelöscht : C:\Program Files (x86)\Red Sky Ordner Gelöscht : C:\Program Files (x86)\SweetIM Ordner Gelöscht : C:\Program Files (x86)\Toolbar Cleaner Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Ordner Gelöscht : C:\Users\Spitzer\AppData\Local\DownTango Ordner Gelöscht : C:\Users\Spitzer\AppData\LocalLow\adawaretb Ordner Gelöscht : C:\Users\Spitzer\AppData\LocalLow\SweetIM Ordner Gelöscht : C:\Users\Spitzer\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\adawaretb Datei Gelöscht : C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi Datei Gelöscht : C:\END Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml Datei Gelöscht : C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\searchplugins\MyStart.xml Datei Gelöscht : C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}] Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjdjhojabppfhbdabcgfoibljfcpbek Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ProtectMe.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ProtectMe.ProtectMe Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ProtectMe.ProtectMe.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS Schlüssel Gelöscht : HKCU\Software\5228d8ab534e843 Schlüssel Gelöscht : HKLM\SOFTWARE\5228d8ab534e843 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winzip_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winzip_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-22BD-4BBD-9F65-E8623814F3BB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-9182-48AA-98C9-AE5E64757FCC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-22BD-4BBD-9F65-E8623814F3BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Schlüssel Gelöscht : HKCU\Software\BABSOLUTION Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Delta Schlüssel Gelöscht : HKCU\Software\ilivid Schlüssel Gelöscht : HKCU\Software\IM Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\ProtectMe Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\Delta Schlüssel Gelöscht : HKLM\Software\firstsearch Schlüssel Gelöscht : HKLM\Software\ProtectMe Schlüssel Gelöscht : HKLM\Software\Uniblue Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ProtectMe Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17126 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v17.0.1 (de) [ Datei : C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\prefs.js ] Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers"); Zeile gelöscht : user_pref("extentions.y2layers.installId", "4fee0f97-6c52-4667-8dd9-ea011f478877"); ************************* AdwCleaner[R0].txt - [11388 octets] - [02/07/2014 00:55:18] AdwCleaner[S0].txt - [10334 octets] - [02/07/2014 00:56:24] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10395 octets] ########## Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.07.2014 Suchlauf-Zeit: 01:03:13 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.01.09 Rootkit Datenbank: v2014.07.01.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Spitzer Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 303590 Verstrichene Zeit: 4 Min, 16 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Tiefer Rootkit-Suchlauf: Aktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter
|
02.07.2014, 00:20 | #12 |
/// TB-Ausbilder /// Anleitungs-Guru | "A1 <rechnung@a1.net" in Word geöffnet OK...Gute Arbeit! (Hinweis: Der ESET-Scan dauert mehrere Stunden!) Schritt 1 ESET Online Scanner
Schritt 2 Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden. Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.07.2014, 00:40 | #13 |
| "A1 <rechnung@a1.net" in Word geöffnet Ok, schönen Dank, werde dir dann morgen am Vormittag die Logs posten. Was ist eigentlich am ESET Scanner besser als an meinem Norton? |
02.07.2014, 00:41 | #14 |
/// TB-Ausbilder /// Anleitungs-Guru | "A1 <rechnung@a1.net" in Word geöffnet Warten wir das Log ab OK?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.07.2014, 08:17 | #15 |
| "A1 <rechnung@a1.net" in Word geöffnet Ok, dann bis morgen. Lg Hallo, hier die ESET Log. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=0e9f3d33738dbc4fb00b38cb82b2ce6a # engine=18977 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-02 03:50:26 # local_time=2014-07-02 05:50:26 (+0100, Mitteleuropäische Sommerzeit) # country="Austria" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Norton 360' # compatibility_mode=3598 16777213 100 100 1073730 154935522 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 30387429 155902876 0 0 # scanned=533142 # found=80 # cleaned=0 # scan_time=15188 sh=DE03AA5BFAF0F97DC13A71BF493907238C3F6411 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ProtectMe\onload.js.vir" sh=68C727C18623D847C69F44C4F6412A25AEFFBED4 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ProtectMe\protectme.crx.vir" sh=DAEAA097D76E03EFD08B2E56538B57AD9FF01BE0 ft=1 fh=c71c00119bfda168 vn="Win32/AdWare.Vonteera.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ProtectMe\ProtectMe.dll.vir" sh=FD2DAE2FD1D331A48E49F5E3FAF63AFC50DAC5CD ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Spitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\fff5f8-3605ed71" sh=4987D47E3BA54C5AD8ACC699B70760AE478EDDF2 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.B Anwendung" ac=I fn="C:\Users\Spitzer\AppData\Roaming\Mozilla\Firefox\Profiles\1d7itu7e.default\extensions\protectme@protectme.com\chrome\content\globals.js" sh=A08FE744D450C872F8F0F7E43061EAA4D16C59D8 ft=1 fh=d4b8a136ca8add0e vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Spitzer\Desktop\WinZip170.exe" sh=6E0CCC941A866F83528626A277EBFB9568884AAC ft=1 fh=fac715e54b22fe4e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-970742469-3429963512-3099405328-1000\$RDB61N2.14\FLO 8 GB\Chip Weihnachtskalender 2012\Ashampoo Burning Studio 2013\ashampoo_burning_studio_2013_11.0.5_12335.exe" sh=116F02C50E01E3441B87C2CCCF6394182518149B ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\Download\CHIP_Online_Service_Pack_2012.zip" sh=5CB5BB84D34BAAC438FA199EE7E97E1AC95E1097 ft=1 fh=77b67014d1f9f560 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\Download\cover-druckstudio-20-setup.exe" sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\Download\FreeYouTubeToMP3Converter31011.exe" sh=9CF5322CB1A5F02AADC7E225AEC6899F20E43932 ft=1 fh=3af505c2b12cd08e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\Download\isobuster25_all_lang.exe" sh=6FFBD64E4E8D41B21A7BAE8822A4B11D43CCA9AF ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Delf.OXE Trojaner" ac=I fn="G:\Lieder\Adobe Photoshop Elements v8 0 Multilingual\Adobe Photoshop Elements v8 0 Multilingual\cr-pes80.iso" sh=6E0CCC941A866F83528626A277EBFB9568884AAC ft=1 fh=fac715e54b22fe4e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="G:\Sicherung Memorystick\08.02.14\FLO 8 GB\Chip Weihnachtskalender 2012\Ashampoo Burning Studio 2013\ashampoo_burning_studio_2013_11.0.5_12335.exe" sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="G:\Users\Spitzers\Downloads\PDFCreator-1_2_3_setup.exe" sh=9E4BD35E082567687CB1C08F9939C18F807F7DEB ft=1 fh=8172777b8a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="G:\Users\Spitzers\Downloads\WinDlg_124-Downloaderzip.exe" sh=116F02C50E01E3441B87C2CCCF6394182518149B ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="S:\Downloads\Download\CHIP_Online_Service_Pack_2012.zip" sh=5CB5BB84D34BAAC438FA199EE7E97E1AC95E1097 ft=1 fh=77b67014d1f9f560 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="S:\Downloads\Download\cover-druckstudio-20-setup.exe" sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="S:\Downloads\Download\FreeYouTubeToMP3Converter31011.exe" sh=9CF5322CB1A5F02AADC7E225AEC6899F20E43932 ft=1 fh=3af505c2b12cd08e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="S:\Downloads\Download\isobuster25_all_lang.exe" sh=8C8230D102F7D66B9D0A155C935FEC0FCC530C1F ft=1 fh=b1d9bd11c1e09aa3 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="S:\Downloads\Download\SoftonicDownloader_fuer_dvd-cover-printer.exe" sh=116F02C50E01E3441B87C2CCCF6394182518149B ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung 1000GB\Downloads\Download\CHIP_Online_Service_Pack_2012.zip" sh=5CB5BB84D34BAAC438FA199EE7E97E1AC95E1097 ft=1 fh=77b67014d1f9f560 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung 1000GB\Downloads\Download\cover-druckstudio-20-setup.exe" sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung 1000GB\Downloads\Download\FreeYouTubeToMP3Converter31011.exe" sh=9CF5322CB1A5F02AADC7E225AEC6899F20E43932 ft=1 fh=3af505c2b12cd08e vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung 1000GB\Downloads\Download\isobuster25_all_lang.exe" sh=8C8230D102F7D66B9D0A155C935FEC0FCC530C1F ft=1 fh=b1d9bd11c1e09aa3 vn="Win32/SoftonicDownloader evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung 1000GB\Downloads\Download\SoftonicDownloader_fuer_dvd-cover-printer.exe" sh=6FFBD64E4E8D41B21A7BAE8822A4B11D43CCA9AF ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Delf.OXE Trojaner" ac=I fn="S:\Flo Sicherung 1000GB\Lieder\Adobe Photoshop Elements v8 0 Multilingual\Adobe Photoshop Elements v8 0 Multilingual\cr-pes80.iso" sh=3C5F4EF7B5C9986DA40C677068A19835FDC83063 ft=1 fh=e8c7c28e52d294c6 vn="Win32/TrojanDownloader.Delf.OXE Trojaner" ac=I fn="S:\Flo Sicherung 1000GB\Lieder\Damn Yankees - High Enough\Damn Yankees - High Enough.mp3.exe" sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung 1000GB\Users\Spitzers\Downloads\PDFCreator-1_2_3_setup.exe" sh=9E4BD35E082567687CB1C08F9939C18F807F7DEB ft=1 fh=8172777b8a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung 1000GB\Users\Spitzers\Downloads\WinDlg_124-Downloaderzip.exe" sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\Common Files\DVDVideoSoft\TB\ConduitInstaller.exe" sh=DE03AA5BFAF0F97DC13A71BF493907238C3F6411 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.B Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\ProtectMe\onload.js" sh=68C727C18623D847C69F44C4F6412A25AEFFBED4 ft=0 fh=0000000000000000 vn="Win32/AdWare.Vonteera.B Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\ProtectMe\protectme.crx" sh=DAEAA097D76E03EFD08B2E56538B57AD9FF01BE0 ft=1 fh=c71c00119bfda168 vn="Win32/AdWare.Vonteera.A Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\ProtectMe\ProtectMe.dll" sh=23B3E5F508EB6FC76D67A873A5AAC2D34C3CE5E1 ft=1 fh=b86fe1495473b541 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Communicator\mgcommon.dll" sh=7DB65607A18C67C0C8C0310E0FF23A202AB3F070 ft=1 fh=9f565fd3b0ad3b83 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Communicator\mgcommunication.dll" sh=3176C30E3A30990C42C968951B6BB2ADFD0B1C00 ft=1 fh=12a0591694d39321 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Communicator\mgsimcommon.dll" sh=08647AB20AED7B8385931FDF5B4A48165131A061 ft=1 fh=b4c21070436958b0 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Communicator\mgxml_wrapper.dll" sh=C6A9FB024D614702667E0768E0B673BA3A31F504 ft=1 fh=aa62bac49704426f vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll" sh=D09F832544B921CD7C61A7DB193F29EF6638AD88 ft=1 fh=58a116a27a6d5dbb vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe" sh=C6E3F8034D197C34D61701AC146694B6DBEC36CD ft=1 fh=7f9fa2fc68c7b7f4 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll" sh=FC883B83DA2A9ED93AC2A4CEC9936268A6B264C2 ft=1 fh=80a06d85550fdea2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgArchive.dll" sh=F3001B5F58A6C6AB8DD7E6E63CB89D20F74EF228 ft=1 fh=f50ea5fcbc656251 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgcommon.dll" sh=2CF3C9FBCBEBAA6D75DE43CCC487D62954538F81 ft=1 fh=446d6a4df1e456fa vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll" sh=60FCD298549E0383DFACBE66420DC922D6BAAF84 ft=1 fh=73f28a50980afe65 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgconfig.dll" sh=531A5D492B39076AA7990DD76F41B762258B86A7 ft=1 fh=a45064434f491236 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgFlashPlayer.dll" sh=AE57E26160449200540B1FD8E839F1BD5A30327A ft=1 fh=c29c62a52f555ace vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mghooking.dll" sh=B6E78443D25AF8B978DC24D515DF7B2F673629CC ft=1 fh=ece232c764d65d89 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgICQAuto.dll" sh=42B14A7D72C6EDAF5140A2C7B95149B92473853C ft=1 fh=6f2c94e91302d1a2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll" sh=B28C9BCA89A124EBD2EAAF5073370E7E0E87DB4E ft=1 fh=c56c5ff3b0e7703d vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mglogger.dll" sh=87FF2D9A36B50B5A7DF4D08F87B92BEA86D7DAB7 ft=1 fh=71dc135578fffed6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgMediaPlayer.dll" sh=C86CF9524D11A2392A491EA15ED12D2CA890F249 ft=1 fh=ae21d71fff630a17 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgMsnAuto.dll" sh=055E7A147AB9DCB141FDF58A0D3CCD825AE8B361 ft=1 fh=ac8cec2f7886b930 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll" sh=73987118D6F1799B0B29DB00BF7248B20347BB46 ft=1 fh=d25a2527398bc729 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll" sh=C786E62AB09C10B6277F3E9CFC34207FE56E1FFA ft=1 fh=6c27d70c5686a2b1 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgSweetIM.dll" sh=07695C8842935A01310F52C83BAB364950419841 ft=1 fh=e250219d9f9cd5af vn="Variante von Win32/SweetIM.F evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll" sh=093FB06E67DB8C5562A823E389853340405B8724 ft=1 fh=1b5e6676818f2ad9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll" sh=A679EB39BB32DD88C09E150B0E5F7BAED12467A6 ft=1 fh=0ba701bbd4ac4b73 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgYahooAuto.dll" sh=9B45902B8B791A84EC6F7D1AD2E8099410D1A467 ft=1 fh=3191d44e293b78d5 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll" sh=AE3254BDF03A347110068EF29CB15C7B554491F0 ft=1 fh=30381f993c8268c2 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" sh=C8F1E3F28152C6C010B7AE8FA4D167E3C388FF0C ft=1 fh=84ff0b58ed098a1d vn="Win32/SweetIM.K evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll" sh=254E6AFDCAAB3164AFF14E8DE8B3AC1BCC39F854 ft=1 fh=1fc4ebc1d7daefee vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe" sh=F7F9FB0566FD5213BF5513AA054739E2065B6D79 ft=1 fh=94c8b7ca90c36996 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll" sh=F584788A9263B72F54478BA1B85936D04253E924 ft=1 fh=9c00240e418663a3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll" sh=F939555A426C1BD14E59E2711C450CD15ECFD549 ft=1 fh=36df6d446a148e9c vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" sh=34D258C22359F7DBAB977926003EF0BF814D0E74 ft=1 fh=b406e9dec54a62a6 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe" sh=A3AF758EC386F6199DC2C921E956D7522D7897CF ft=1 fh=58e5b6d5c9901c7e vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll" sh=25FBFD0F512900220DBEB49AEA33692D201BC174 ft=1 fh=165a60b3a0b2304f vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll" sh=648FF80C1116BCC33A8E68098C77E5F6B8B32504 ft=1 fh=6ddfa765a635ace9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll" sh=36941F235EA5B4761F765AA51AF47D098829E640 ft=1 fh=84f81ded0ab12f97 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" sh=41299B4F6903804D30431AF4CF7F6C13F5F933AA ft=1 fh=415b95679a2801b3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll" sh=FAA66F853E6E81745F195A8939DD5280720DF466 ft=1 fh=aff78666cd18d1e3 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll" sh=C4ECD569EC63E6741D5A0BDA7C02AC4B3302C7B9 ft=1 fh=b3ce349f22d4038f vn="Variante von Win32/Adware.Yontoo.A Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Program Files (x86)\Yontoo\YontooIEClient.dll" sh=A08FE744D450C872F8F0F7E43061EAA4D16C59D8 ft=1 fh=d4b8a136ca8add0e vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Users\Spitzer\Desktop\WinZip170.exe" sh=94F94F7088CE281BEBCBC99E2AD6D30B5D16BD78 ft=1 fh=711f8a10e1e97bae vn="Variante von Win32/Toolbar.Babylon.A evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung SSD Laufwerk\Users\Spitzer\Downloads\Babylon9_setup.exe" sh=6E0CCC941A866F83528626A277EBFB9568884AAC ft=1 fh=fac715e54b22fe4e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="S:\Flo Sicherung USB 8GB\Chip Weihnachtskalender 2012\Ashampoo Burning Studio 2013\ashampoo_burning_studio_2013_11.0.5_12335.exe" sh=6FFBD64E4E8D41B21A7BAE8822A4B11D43CCA9AF ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Delf.OXE Trojaner" ac=I fn="S:\Lieder\Adobe Photoshop Elements v8 0 Multilingual\Adobe Photoshop Elements v8 0 Multilingual\cr-pes80.iso" sh=3C5F4EF7B5C9986DA40C677068A19835FDC83063 ft=1 fh=e8c7c28e52d294c6 vn="Win32/TrojanDownloader.Delf.OXE Trojaner" ac=I fn="S:\Lieder\Damn Yankees - High Enough\Damn Yankees - High Enough.mp3.exe" sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="S:\Users\Spitzers\Downloads\PDFCreator-1_2_3_setup.exe" sh=9E4BD35E082567687CB1C08F9939C18F807F7DEB ft=1 fh=8172777b8a0b004d vn="Variante von Win32/OpenInstall evtl. unerwünschte Anwendung" ac=I fn="S:\Users\Spitzers\Downloads\WinDlg_124-Downloaderzip.exe" |