| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbung aller Art bei Google Chrome zu sehen (Notificatoin)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.11.2014, 14:38
| #1 |
| |  Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Hallo, habe seit 2 Tagen das Problem, dass bei fast allen Websites mir komische Werbung angezeigt wird, sowie Hyperlinks zu unseriösen Websites... Code:
ATTFilter Exportierte Ereignisse:
23.11.2014 18:39 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd54721BC61.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.A.8016' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
23.11.2014 18:39 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd54721BC61.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.A.8016' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.11.2014 23:21 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Nik\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG\{2
E089831-61B1-4CF2-8553-300574316F09}_DIYIGE\tmp\wpm_v20.0.0.1270.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2a7581f9.qua'
verschoben!
22.11.2014 23:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\SupTab\RSHP.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2014 23:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\SupTab\SupTab.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2014 23:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\SupTab\SupTab.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.11.2014 23:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\SupTab\RSHP.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen2' [adware]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
22.11.2014 23:19 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Nik\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG\{2
E089831-61B1-4CF2-8553-300574316F09}_DIYIGE\tmp\wpm_v20.0.0.1270.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2014 23:17 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd547109F51.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.A.8016'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51ac9f66.qua'
verschoben!
22.11.2014 23:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd547109F51.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.A.8016' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2014 23:11 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd547109F51.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.A.8016' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
20.11.2014 18:16 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd546E21961.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Downloader.A.8016'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '515cb701.qua'
verschoben!
20.11.2014 18:15 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd546E21961.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.A.8016' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
20.11.2014 18:15 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd546E21961.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Downloader.A.8016' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
17.11.2014 15:23 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Nik\Microsoft\DesktopLayer.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '518d979a.qua'
verschoben!
17.11.2014 15:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\Microsoft\DesktopLayer.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
12.11.2014 18:21 [System-Scanner] Malware gefunden
Die Datei 'C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\setup.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Agent.75672.1'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50110115.qua'
verschoben!
12.11.2014 18:16 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Agent.75672.1' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
12.11.2014 18:16 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Agent.75672.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
12.11.2014 18:16 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\setup.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Agent.75672.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:53 [System-Scanner] Malware gefunden
Die Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
enthielt einen Virus oder unerwünschtes Programm 'Adware/SearchProtect.A.81'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '529087cf.qua'
verschoben!
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Windows\AppInit_Dlls> wurde erfolgreich repariert.
04.11.2014 18:52 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:51 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:46 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:37 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2014 18:17 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Program Files
(x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/SearchProtect.A.81'
[adware] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
01.11.2014 18:18 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd545515161.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Small.NY' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52bd814a.qua'
verschoben!
01.11.2014 18:15 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd545515161.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Small.NY' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
31.10.2014 18:20 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd5453C4611.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dldr.Small.NY' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '511750e8.qua'
verschoben!
31.10.2014 18:18 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd5453C4611.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Small.NY' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
31.10.2014 18:18 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Nik\AppData\Local\Temp\GPUpd5453C4611.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Small.NY' [trojan]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
|
|
25.11.2014, 15:32
| #2 |
| /// the machine /// TB-Ausbilder    | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
25.11.2014, 15:45
| #3 |
| | Werbung aller Art bei Google Chrome zu sehen (Notificatoin)FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Nik (administrator) on NIK-LAPTOP on 25-11-2014 15:37:45
Running from C:\Users\Nik\Downloads
Loaded Profiles: Nik & UpdatusUser (Available profiles: Nik & UpdatusUser & postgres & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
() C:\ProgramData\IBUpdaterService\ibsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Spotify Ltd) C:\Users\Nik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-02] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [InstantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] ()
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-24] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SweetIM] => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-05-29] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [TelevisionFanatic Search Scope Monitor] => C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe [42536 2013-04-02] (MindSpark)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\...\Run: [Spotify] => C:\Users\Nik\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\...\Run: [Spotify Web Helper] => C:\Users\Nik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-04] (Spotify Ltd)
HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\...\MountPoints2: {eb1e1d96-d983-11e1-a81c-206a8a898a72} - E:\pushinst.exe
HKU\S-1-5-21-2301642691-1721406929-1581638024-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation)
Startup: C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 2620 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 2620 series.lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58070;https=127.0.0.1:58070
HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1416694365&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX
HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1416694365&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX
HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=119677&tt=190313_wo2&babsrc=HP_ss_din2g&mntrId=088774E5430946AC
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1410192915&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={1B6BFA50-3EFF-11E2-BA7F-74E543098C66}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119677&tt=190313_wo2&babsrc=SP_ss_din2g&mntrId=088774E5430946AC
SearchScopes: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332201&octid=EB_ORIGINAL_CTID&ISID=M500444EB-482A-4F61-9424-4AFEB9080AF1&SearchSource=58&CUI=&UM=6&UP=SP9C5897DF-FB45-433C-B0A1-3B9ECC0AEC7B&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119677&tt=190313_wo2&babsrc=SP_ss_din2g&mntrId=088774E5430946AC
SearchScopes: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1416694365&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={1B6BFA50-3EFF-11E2-BA7F-74E543098C66}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DVDVideoSoftTB DE Toolbar -> {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -> C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO-x32: SpeedAnalysis.com -> {45564571-A21B-48ED-B584-69752EEE9C3D} -> C:\Program Files (x86)\SpeedAnalysis.com\ScriptHost.dll (SpeedAnalysis.com)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> No Name - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1416694365&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1416694365&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Nik\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @TelevisionFanatic.com/Plugin -> C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF Extension: Fast Start - C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\Extensions\faststartff@gmail.com [2014-11-22]
FF Extension: Firefox Update Hotfix - C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\Extensions\firefox-hotfix@mozilla.org.xpi [2014-01-11]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\dc7e1fc06102a3783e1eb8d55475f91f [2014-11-24]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{6F7AD6EEF4BD33EE4D5FF00560438063} [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-10]
FF HKLM-x32\...\Firefox\Extensions: [64ffxtbr@TelevisionFanatic.com] - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin
FF Extension: TelevisionFanatic - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Nik\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Extension: SpeedAnalysis.com - C:\Users\Nik\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-04-02]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Nik\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1410192915&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://istart.webssearches.com/?type=hp&ts=1416694365&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Nik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Nik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Nik\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Nik\AppData\Roaming\BabSolution\CR\Delta.crx [2013-04-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG)
R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [569120 2013-04-02] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TelevisionFanaticService; C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe [42504 2013-04-02] (COMPANYVERS_NAME)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
S1 dlowutgh; \??\C:\Windows\system32\drivers\dlowutgh.sys [X]
S1 hvvbxfkx; \??\C:\Windows\system32\drivers\hvvbxfkx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 15:37 - 2014-11-25 15:40 - 00028720 _____ () C:\Users\Nik\Downloads\FRST.txt
2014-11-25 15:37 - 2014-11-25 15:38 - 00000000 ____D () C:\FRST
2014-11-25 15:36 - 2014-11-25 15:37 - 02118144 _____ (Farbar) C:\Users\Nik\Downloads\FRST64.exe
2014-11-25 15:35 - 2014-11-25 15:36 - 01110016 _____ (Farbar) C:\Users\Nik\Downloads\FRST.exe
2014-11-25 14:36 - 2014-11-25 14:36 - 00023174 _____ () C:\Users\Nik\Documents\Ereignisse.txt
2014-11-25 14:14 - 2014-11-25 14:15 - 05598874 _____ (Swearware) C:\Users\Nik\Downloads\ComboFix.exe
2014-11-25 13:19 - 2014-11-25 13:19 - 00000000 ___RD () C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-24 18:15 - 2014-11-24 18:15 - 00003278 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2014-11-24 18:15 - 2014-11-24 18:15 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2014-11-23 23:02 - 2014-11-23 23:02 - 00000000 _____ () C:\Windows\SysWOW64\shoC749.tmp
2014-11-23 19:41 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-23 19:41 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-23 19:41 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-23 19:41 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-23 19:40 - 2014-11-23 19:41 - 00004855 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-22 23:11 - 2014-11-23 18:27 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG
2014-11-20 23:00 - 2014-11-20 23:00 - 00000000 _____ () C:\Windows\SysWOW64\sho3398.tmp
2014-11-19 11:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 11:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 11:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 20:45 - 2014-11-17 21:26 - 251529340 _____ () C:\Users\Nik\Documents\IMG_0160.MOV
2014-11-14 22:49 - 2014-11-14 22:49 - 00000000 _____ () C:\Windows\SysWOW64\sho82A7.tmp
2014-11-14 07:46 - 2014-11-14 07:46 - 00000000 __SHD () C:\Users\Nik\AppData\Local\EmieBrowserModeList
2014-11-12 17:06 - 2014-11-12 17:06 - 00001558 _____ () C:\Users\Nik\Desktop\Pokémon Trading Card Game Online.lnk
2014-11-12 17:05 - 2014-11-12 17:06 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
2014-11-12 15:26 - 2014-11-12 17:00 - 419914240 _____ () C:\Users\Nik\Downloads\PokemonInstaller (3).msi
2014-11-12 08:01 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 08:01 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 08:01 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 08:01 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 08:01 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 08:01 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 08:01 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 08:01 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 08:01 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 08:01 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 08:01 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 08:01 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 08:01 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 08:01 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 08:01 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 08:01 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 08:01 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 08:01 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 08:01 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 08:01 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 08:01 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 08:01 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 08:01 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 08:01 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 08:01 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 08:01 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 08:01 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 08:01 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 08:01 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 08:01 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 08:01 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 08:01 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 08:01 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 08:01 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 08:01 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 08:01 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 08:01 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 08:01 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 08:00 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 08:00 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 08:00 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 08:00 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 08:00 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 08:00 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 08:00 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 08:00 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 08:00 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 08:00 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 08:00 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 08:00 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 08:00 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 08:00 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 08:00 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 08:00 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 08:00 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 08:00 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 07:59 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 07:59 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 07:59 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 07:59 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 07:59 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 07:59 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 07:59 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 07:59 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 07:59 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 07:59 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 07:59 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 07:59 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 07:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 07:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 07:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 07:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 07:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 07:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 07:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 07:54 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 07:54 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 07:54 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 07:54 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 07:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 07:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 07:54 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 07:54 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 07:54 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 07:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 07:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 07:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 07:54 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 07:54 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 07:54 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 07:54 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 07:54 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 07:54 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 07:53 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 07:53 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 07:53 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 07:53 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 07:53 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 07:53 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 07:53 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 23:10 - 2014-11-11 23:10 - 00000000 _____ () C:\Windows\SysWOW64\sho165E.tmp
2014-11-11 19:04 - 2014-11-11 19:04 - 00000000 ____D () C:\Users\Nik\AppData\Local\{7DF69FDB-7F55-45CB-B0F4-6067D4DAB61C}
2014-11-11 14:37 - 2014-11-14 19:30 - 00101181 _____ () C:\Users\Nik\Documents\Entwicklungszusammenarbeit von Deutschland.pptx
2014-11-10 20:10 - 2014-11-10 20:10 - 00013017 _____ () C:\Users\Nik\AppData\Local\recently-used.xbel
2014-11-09 21:54 - 2014-11-09 21:54 - 00139332 _____ () C:\Users\Nik\gesichtprojekt3.xcf
2014-11-09 21:48 - 2014-11-09 21:48 - 00043778 _____ () C:\Users\Nik\projektgesicht2.xcf.bz2
2014-11-09 21:40 - 2014-11-09 21:40 - 00064310 _____ () C:\Users\Nik\GesichtProjekt1.xcf.bz2
2014-11-07 17:43 - 2014-09-25 14:28 - 00000000 ____D () C:\Users\Nik\Desktop\Bilder
2014-11-07 17:08 - 2014-11-07 17:40 - 315961644 _____ () C:\Users\Nik\Downloads\Bilder KNOBELIX.rar
2014-11-04 23:28 - 2014-11-04 23:28 - 00000000 _____ () C:\Windows\SysWOW64\sho6EB3.tmp
2014-11-02 16:04 - 2014-11-02 16:04 - 00472571 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1_RP (2).odt
2014-11-02 16:01 - 2014-11-02 16:01 - 00472571 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1_RP (1).odt
2014-11-02 15:54 - 2014-11-02 15:54 - 00471422 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.2.odt
2014-11-02 15:52 - 2014-11-02 15:53 - 00472571 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1_RP.odt
2014-11-01 21:07 - 2014-11-01 21:07 - 00464232 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1.odt
2014-11-01 16:42 - 2014-11-01 17:41 - 00464228 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.0_rp.odt
2014-10-30 01:20 - 2014-10-30 01:20 - 00000000 _____ () C:\Windows\SysWOW64\sho9166.tmp
2014-10-28 22:38 - 2014-10-28 22:39 - 00073144 _____ () C:\Users\Nik\Downloads\FLVPlayer-Chrome (1).exe
2014-10-28 00:26 - 2014-10-28 00:26 - 00462485 _____ () C:\Users\Nik\Downloads\Facharbeit_V0.9_RP.odt
2014-10-27 22:31 - 2014-10-27 22:31 - 00461228 _____ () C:\Users\Nik\Downloads\Facharbeit_V0.9.odt
2014-10-27 22:11 - 2014-10-27 22:25 - 00461217 _____ () C:\Users\Nik\Downloads\Facharbeit_V0.8 (1).odt
2014-10-27 22:06 - 2014-10-27 22:06 - 00077792 _____ () C:\Users\Nik\Downloads\FLVPlayer-Chrome.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-25 15:37 - 2014-05-13 14:02 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\Spotify
2014-11-25 14:59 - 2014-10-09 13:37 - 00000000 ____D () C:\postgreSQL
2014-11-25 14:52 - 2014-09-08 17:14 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\InetStat
2014-11-25 14:52 - 2013-04-02 20:04 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 14:46 - 2012-03-28 19:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 14:33 - 2012-06-12 14:55 - 01666300 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 14:18 - 2014-06-08 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-25 14:18 - 2014-06-08 11:47 - 00000000 ____D () C:\ProgramData\Avira
2014-11-25 14:18 - 2014-06-08 11:47 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-25 14:18 - 2014-03-12 16:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-25 14:06 - 2012-07-28 21:24 - 00001167 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-25 14:06 - 2012-07-28 21:15 - 00001429 _____ () C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-25 14:02 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 14:02 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-25 13:19 - 2014-09-08 17:15 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-11-25 13:19 - 2013-04-02 20:04 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 13:19 - 2012-06-12 15:09 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-11-25 13:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-25 13:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 13:18 - 2009-07-14 05:51 - 00166038 _____ () C:\Windows\setupact.log
2014-11-24 22:49 - 2012-07-28 21:33 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\Skype
2014-11-24 18:15 - 2013-04-02 20:08 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-24 18:13 - 2014-09-09 17:13 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-11-24 17:24 - 2014-07-20 17:29 - 00000000 ____D () C:\Users\Nik\Documents\888poker
2014-11-24 15:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-24 12:54 - 2014-09-05 20:10 - 00000000 ____D () C:\Users\Nik\AppData\Local\PokerStars.EU
2014-11-24 12:52 - 2012-06-12 15:09 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-11-24 12:38 - 2014-05-13 14:06 - 00000000 ____D () C:\Users\Nik\AppData\Local\Spotify
2014-11-24 06:17 - 2014-10-09 13:40 - 00000000 ____D () C:\Users\postgres
2014-11-23 19:41 - 2014-04-07 18:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-23 19:41 - 2012-09-05 15:17 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-23 18:39 - 2012-12-05 14:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-23 18:27 - 2010-11-21 04:47 - 00447316 _____ () C:\Windows\PFRO.log
2014-11-19 19:30 - 2014-09-15 20:21 - 00000000 ____D () C:\Users\Nik\Desktop\Djabber1886
2014-11-14 22:47 - 2013-04-02 20:04 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 22:47 - 2013-04-02 20:04 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 07:36 - 2009-07-14 05:45 - 00330704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 07:33 - 2014-05-07 05:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 18:48 - 2012-03-28 19:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 18:48 - 2012-03-28 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 18:48 - 2012-03-28 19:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-13 13:38 - 2012-07-28 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 13:30 - 2014-04-07 18:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 06:45 - 2014-04-07 18:02 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 17:07 - 2013-01-18 15:49 - 00000000 __SHD () C:\AI_RecycleBin
2014-11-11 20:54 - 2014-09-05 20:09 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-11-11 19:04 - 2012-06-13 00:47 - 00700134 _____ () C:\Windows\system32\perfh007.dat
2014-11-11 19:04 - 2012-06-13 00:47 - 00149984 _____ () C:\Windows\system32\perfc007.dat
2014-11-11 19:04 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-11 07:35 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-10 20:17 - 2013-11-03 21:55 - 00000000 ____D () C:\Users\Nik\.gimp-2.8
2014-11-10 20:10 - 2014-07-30 20:59 - 00000000 ____D () C:\Users\Nik\AppData\Local\gtk-2.0
2014-11-09 21:54 - 2012-07-28 21:10 - 00000000 ____D () C:\Users\Nik
2014-11-07 16:27 - 2012-10-04 05:33 - 00000000 ____D () C:\Users\Nik\AppData\Local\CrashDumps
2014-11-04 15:01 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Nik\Documents\Zeitplan, Gliederung und Exposé der Seminararbeit (Niklas Lehnert-Rappel)
Some content of TEMP:
====================
C:\Users\Nik\AppData\Local\Temp\avgnt.exe
C:\Users\Nik\AppData\Local\Temp\bpuiondk.oil.exe
C:\Users\Nik\AppData\Local\Temp\f5fwvpwo.dmh.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd54285F862.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd542C28841.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd542ECB871.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd5436B4851.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd5438061C1.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd543FEF041.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd544535041.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd544686851.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd544929851.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd544DEA701.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd545120961.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd545272151.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd5453C4682.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd5455151D2.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd5455152C3.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd545666951.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd545909971.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd546395941.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd546395962.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd546638941.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd546638962.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd54687B601.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd5468DB951.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd546A2D151.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd546B7E941.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd546CD0141.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd54710A0B2.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd54721BC61.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd547367941.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd547367972.exe
C:\Users\Nik\AppData\Local\Temp\GPUpd547367983.exe
C:\Users\Nik\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Nik\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Nik\AppData\Local\Temp\kmyjoa23.am2.exe
C:\Users\Nik\AppData\Local\Temp\post1.exe
C:\Users\Nik\AppData\Local\Temp\post2.dll
C:\Users\Nik\AppData\Local\Temp\post2.exe
C:\Users\Nik\AppData\Local\Temp\qnxnpcpi.pov.exe
C:\Users\Nik\AppData\Local\Temp\SIInvoker.exe
C:\Users\Nik\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nik\AppData\Local\Temp\yndeectf.dx1.exe
C:\Users\Nik\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-17 13:29
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Nik at 2014-11-25 15:41:18
Running from C:\Users\Nik\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1505 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1502 - CyberLink Corp.) Hidden
VIDEO DVR (HKLM-x32\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
888poker (HKLM-x32\...\888poker) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2728.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2728.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Instant Update Service (HKLM\...\{36674AE9-6D3D-48D6-BC7B-209F556D65EE}) (Version: 1.00.3004 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.126 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Atheros)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3004 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3004 - Acer Incorporated)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
Delta toolbar (HKLM-x32\...\delta) (Version: 1.8.10.0 - Delta) <==== ATTENTION
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
DVDVideoSoftTB DE Toolbar (HKLM-x32\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.1.523 - DVDVideoSoftTB DE)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Entity Framework Designer für Visual Studio 2012 - DEU (HKLM-x32\...\{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}) (Version: 11.1.20810.00 - Microsoft Corporation)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{70D065C3-77E5-45E9-A75C-EEB2E84EA869}) (Version: 11.0.2100.60 - Microsoft Corporation)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.16.327 - DVDVideoSoft Ltd.)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free YouTube to iPhone Converter version 2.12.7.711 (HKLM-x32\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.7.711 - DVDVideoSoft Ltd.)
Free YouTube to iPod Converter version 3.10.37.1212 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.10.37.1212 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.57.0 - International GeoGebra Institute)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
honestech VHS to DVD 2.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
HP Officejet 2620 series - Grundlegende Software für das Gerät (HKLM\...\{7B732633-C9ED-44DF-98E7-BBBE3D9220C9}) (Version: 31.0.1176.42778 - Hewlett-Packard Co.)
HP Officejet 2620 series Hilfe (HKLM-x32\...\{B356F70C-F1AD-4B24-B2DD-6EAABFCB1B33}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{95CECD78-72C9-4C03-8693-4C97A02AE702}) (Version: 5.005.001.002 - Hewlett-Packard)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2466 - Bandoo Media Inc) <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.1.5 - Kobo Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{98B45D1C-6EB1-460D-A87D-2B60678DC105}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 Language Pack - DEU (HKLM-x32\...\Microsoft Help Viewer 2.0 Language Pack - DEU) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{AD49BD4B-6CEE-4EA2-B53E-8EB0606F1B11}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{EF18EF0F-96D3-4A6B-9600-2197F1720A15}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{D4DA7C91-A59F-4C72-BAC4-DF7C76AB1CB8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{55FABD1D-8BE6-4A1A-958D-52B15F1DFEF0}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{13C9CD03-A5FE-4F50-AC8A-17B77C38CC52}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{28C7A4BB-3966-4373-8376-C11F38290630}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (11.1.20828.01) (HKLM-x32\...\{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) (HKLM-x32\...\{00C84D22-DB8F-4159-BF70-682B8EA56A1E}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 für Windows Desktop - DEU (HKLM-x32\...\{69ec32be-d994-44de-9eae-6d86ced6f352}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{64A5D39C-95CD-4B8B-B2FA-6C713133B57F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 310.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.70 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{F323157A-218F-4613-9673-F975AB9397CF}) (Version: 2.23.1 - The Pokémon Company International)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12939.89 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.54.309.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.27015 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SpeedAnalysis.com (HKLM-x32\...\SpeedAnalysis.com) (Version: 1.0.0.1 - SpeedAnalysis.com) <==== ATTENTION
Spotify (HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Studie zur Verbesserung von HP Officejet 2620 series (HKLM\...\{832DB126-F194-4552-982D-BDEBE5553DFE}) (Version: 31.0.1176.42778 - Hewlett-Packard Co.)
SweetIM for Messenger 3.7 (HKLM-x32\...\{7683B745-6060-41FD-AA75-0BBB383FEAD4}) (Version: 3.7.0005 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.2.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TelevisionFanatic Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall) (Version: - Mindspark Interactive Network) <==== ATTENTION
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Update Manager for SweetPacks 1.1 (HKLM-x32\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Updater Service (HKLM-x32\...\Updater Service) (Version: 15,9,28,27 - ) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
==================== Restore Points =========================
13-11-2014 05:37:15 Windows Update
20-11-2014 05:28:19 Windows Update
22-11-2014 22:04:49 Windows Update
23-11-2014 18:37:55 Installed Java 7 Update 71
25-11-2014 13:02:32 Removed 7-Zip 9.21
25-11-2014 13:48:33 Configured NTI Media Maker 9
25-11-2014 13:53:38 Removed 7-Zip 9.21
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {06353AA3-CD8A-4AAF-9B15-4F5023F8D5CD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {0D6F0487-C559-4233-BE17-A33FD4D018E1} - System32\Tasks\{66B4FC56-49CA-43D7-9186-B550166E99BE} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {3E91EAE8-B9EA-4955-8C14-B9CE7B503751} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-11-24] (Jelbrus)
Task: {4AA199FD-5CD6-4965-942E-71B603ED35DE} - System32\Tasks\HPCustParticipation HP Officejet 2620 series => C:\Program Files\HP\HP Officejet 2620 series\Bin\HPCustPartic.exe [2013-05-09] (Hewlett-Packard Co.)
Task: {58B08251-32BC-4565-90F3-B97FCDB7087C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5D903C81-1341-4C88-98A1-993AB36B2E95} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7212DA6B-51AB-4A0B-966E-EE0CAB5C0C3B} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {A58BD602-ECAA-4EAB-A6E1-BFDCF0FE715E} - System32\Tasks\NCH Software\DebutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2013-06-04] (NCH Software)
Task: {C34BFEFB-4C2B-4C7C-9521-6A91B713D7B9} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {C6F629BE-C587-435E-96D0-C0FF22C6E974} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)
Task: {DFBB7D6D-A50F-4954-A27E-A2B46CB1EF7D} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-09-08] () <==== ATTENTION
Task: {E7A965F6-4769-437E-B37B-43E612395676} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {E8915ADA-5432-4BAD-9DF4-A8C4A17A87C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {F525401D-36EE-4C53-AEBE-1738743E60E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-02] (Google Inc.)
Task: {F54E9D88-8FFB-4174-97D9-3B05B6779020} - System32\Tasks\EPUpdater => C:\Users\Nik\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {FEDC90DC-CFEC-42F5-A6CB-B5E79F6FB7D6} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-07] (Acer Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-12-05 06:09 - 2012-12-01 06:49 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-02 19:57 - 2013-04-02 19:57 - 00569120 _____ () C:\ProgramData\IBUpdaterService\ibsvc.exe
2012-06-12 15:08 - 2012-03-16 12:48 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-06-13 00:28 - 2012-03-27 02:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-06 19:29 - 2012-04-06 19:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-04-06 19:29 - 2012-04-06 19:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 22:22 - 2012-01-05 22:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-06-12 15:08 - 2012-03-07 15:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-23 19:09 - 2014-11-14 22:15 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-23 19:09 - 2014-11-14 22:15 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-23 19:09 - 2014-11-14 22:15 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-11-23 19:09 - 2014-11-14 22:15 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll
2014-11-23 19:09 - 2014-11-14 22:15 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-2301642691-1721406929-1581638024-500 - Administrator - Disabled)
Gast (S-1-5-21-2301642691-1721406929-1581638024-501 - Limited - Enabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-2301642691-1721406929-1581638024-1003 - Limited - Enabled)
Nik (S-1-5-21-2301642691-1721406929-1581638024-1001 - Administrator - Enabled) => C:\Users\Nik
postgres (S-1-5-21-2301642691-1721406929-1581638024-1006 - Limited - Enabled) => C:\Users\postgres
UpdatusUser (S-1-5-21-2301642691-1721406929-1581638024-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/25/2014 01:19:50 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-11-25 13:19:50 CETFATAL: the database system is starting up
Error: (11/25/2014 06:26:07 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-11-25 06:26:07 CETFATAL: the database system is starting up
Error: (11/24/2014 10:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8034
Error: (11/24/2014 10:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8034
Error: (11/24/2014 10:35:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/24/2014 10:35:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3682
Error: (11/24/2014 10:35:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3682
Error: (11/24/2014 10:35:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/24/2014 05:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2970992
Error: (11/24/2014 05:05:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2970992
System errors:
=============
Error: (11/25/2014 01:19:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (11/25/2014 06:32:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (11/25/2014 06:29:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (11/25/2014 06:26:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (11/24/2014 00:41:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.
Error: (11/24/2014 00:36:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (11/24/2014 06:19:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/24/2014 06:19:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst iPod-Dienst erreicht.
Error: (11/24/2014 06:19:34 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Error: (11/24/2014 06:18:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1053
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 60%
Total physical RAM: 3891.6 MB
Available physical RAM: 1553.21 MB
Total Pagefile: 7781.38 MB
Available Pagefile: 4698.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:449.55 GB) (Free:308.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 48FAF08C)
Partition 1: (Not Active) - (Size=16.1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
26.11.2014, 08:47
| #4 |
| /// the machine /// TB-Ausbilder | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.11.2014, 17:45
| #5 |
| | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Hallo, danke für die Antwort! Habe alles Deinstalliert und Combofix hat auch keine Probleme gemacht. //Edit: Zuerst waren diese Werbungen von Notificatoin weg, doch auch nach dem ComboFix Scan erscheinen sie nun wieder... Hier die Log: Code:
ATTFilter ComboFix 14-11-25.01 - Nik 26.11.2014 17:19:56.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3892.2215 [GMT 1:00]
ausgeführt von:: c:\users\Nik\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL
C:\UNWISE.EXE
c:\users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk
c:\users\Nik\AppData\Roaming\setup.exe
c:\users\Nik\Documents\~WRL0101.tmp
c:\users\Nik\videos\SoftonicDownloader_fuer_nosgba.exe
c:\users\Nik\videos\wrar420d.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-10-26 bis 2014-11-26 ))))))))))))))))))))))))))))))
.
.
2014-11-26 16:29 . 2014-11-26 16:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-11-26 16:29 . 2014-11-26 16:29 -------- d-----w- c:\users\postgres\AppData\Local\temp
2014-11-26 16:29 . 2014-11-26 16:29 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-11-26 16:29 . 2014-11-26 16:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-26 16:12 . 2013-04-02 18:34 708168 ----a-w- c:\program files (x86)\64Uninstall TelevisionFanatic.dll
2014-11-26 16:12 . 2013-04-02 18:34 186760 ----a-w- c:\program files (x86)\64res.dll
2014-11-26 06:50 . 2014-06-06 04:39 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-11-26 06:50 . 2014-06-06 04:38 822384 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc52.dll
2014-11-26 06:50 . 2014-06-06 04:38 1022576 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin52.dll
2014-11-26 06:50 . 2014-06-06 04:38 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt52.dll
2014-11-25 18:48 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2014-11-25 18:48 . 2012-07-05 20:06 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2014-11-25 14:37 . 2014-11-25 14:42 -------- d-----w- C:\FRST
2014-11-24 17:15 . 2014-11-24 17:15 -------- d-----w- c:\program files (x86)\Jelbrus Secure Web
2014-11-23 22:02 . 2014-11-23 22:02 0 ----a-w- c:\windows\SysWow64\shoC749.tmp
2014-11-23 18:41 . 2014-11-23 18:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-23 18:41 . 2014-09-26 17:42 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-22 22:11 . 2014-11-23 17:27 -------- d-----w- c:\users\Nik\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG
2014-11-22 22:09 . 2014-11-22 22:09 -------- d-----w- c:\windows\SysWow64\Wat
2014-11-22 22:09 . 2014-11-22 22:09 -------- d-----w- c:\windows\system32\Wat
2014-11-20 22:00 . 2014-11-20 22:00 0 ----a-w- c:\windows\SysWow64\sho3398.tmp
2014-11-19 10:35 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 10:35 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 10:35 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 10:35 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-14 21:49 . 2014-11-14 21:49 0 ----a-w- c:\windows\SysWow64\sho82A7.tmp
2014-11-14 06:46 . 2014-11-14 06:46 -------- d-sh--w- c:\users\Nik\AppData\Local\EmieBrowserModeList
2014-11-12 07:00 . 2014-11-07 19:23 235192 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-11-12 06:59 . 2014-11-05 17:56 304640 ----a-w- c:\windows\system32\generaltel.dll
2014-11-12 06:59 . 2014-11-05 17:56 228864 ----a-w- c:\windows\system32\aepdu.dll
2014-11-12 06:59 . 2014-11-05 17:52 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-11-12 06:59 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-12 06:59 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2014-11-12 06:59 . 2014-10-14 02:12 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-12 06:59 . 2014-10-14 02:07 681984 ----a-w- c:\windows\system32\adtschema.dll
2014-11-12 06:59 . 2014-10-14 01:46 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
2014-11-12 06:59 . 2014-10-14 02:09 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-12 06:59 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-11-12 06:59 . 2014-10-14 01:49 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-11-12 06:59 . 2014-10-14 01:47 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2014-11-12 06:53 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2014-11-12 06:53 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-12 06:53 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 06:53 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-12 06:53 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-12 06:53 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 06:53 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-11 22:10 . 2014-11-11 22:10 0 ----a-w- c:\windows\SysWow64\sho165E.tmp
2014-11-04 22:28 . 2014-11-04 22:28 0 ----a-w- c:\windows\SysWow64\sho6EB3.tmp
2014-10-30 00:20 . 2014-10-30 00:20 0 ----a-w- c:\windows\SysWow64\sho9166.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-26 14:59 . 2014-11-26 14:59 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A570E55F-2038-4E8E-8E87-71E046AEC1B2}\offreg.dll
2014-11-26 06:46 . 2012-03-28 18:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 06:46 . 2012-03-28 18:36 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-25 17:18 . 2014-09-09 16:13 70144 ----a-w- c:\windows\SysWow64\tasks.dll
2014-11-17 01:08 . 2014-11-26 14:56 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A570E55F-2038-4E8E-8E87-71E046AEC1B2}\mpengine.dll
2014-11-13 05:45 . 2014-04-07 17:02 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-04 13:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-22 18:39 . 2014-10-22 18:39 0 ----a-w- c:\windows\SysWow64\sho9AD6.tmp
2014-10-20 22:26 . 2014-10-20 22:26 0 ----a-w- c:\windows\SysWow64\sho91EC.tmp
2014-10-14 21:23 . 2014-10-14 21:23 0 ----a-w- c:\windows\SysWow64\sho5CF2.tmp
2014-10-12 20:37 . 2014-10-12 20:37 0 ----a-w- c:\windows\SysWow64\sho7847.tmp
2014-10-09 20:29 . 2014-10-09 20:29 0 ----a-w- c:\windows\SysWow64\sho4237.tmp
2014-10-09 11:26 . 2014-06-08 11:03 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-09 11:26 . 2014-06-08 10:58 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-09 11:26 . 2014-06-08 10:58 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-07 20:13 . 2014-10-07 20:13 0 ----a-w- c:\windows\SysWow64\sho748B.tmp
2014-10-04 23:56 . 2014-10-04 23:56 0 ----a-w- c:\windows\SysWow64\sho8B6D.tmp
2014-09-29 20:33 . 2014-09-29 20:33 0 ----a-w- c:\windows\SysWow64\shoDA97.tmp
2014-09-25 02:08 . 2014-10-01 10:52 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 10:52 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-23 20:51 . 2014-09-23 20:51 0 ----a-w- c:\windows\SysWow64\shoCBF7.tmp
2014-09-20 21:52 . 2014-09-20 21:52 0 ----a-w- c:\windows\SysWow64\sho7010.tmp
2014-09-09 22:11 . 2014-09-24 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 05:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-08 23:55 . 2014-09-08 23:55 0 ----a-w- c:\windows\SysWow64\sho9104.tmp
2014-09-06 22:51 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-05 01:02 . 2014-09-05 01:02 0 ----a-w- c:\windows\SysWow64\shoC228.tmp
2014-09-04 05:23 . 2014-10-16 04:32 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 04:32 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-09-04 00:51 . 2014-09-04 00:51 0 ----a-w- c:\windows\SysWow64\sho8891.tmp
2014-08-31 01:53 . 2014-08-31 01:53 0 ----a-w- c:\windows\SysWow64\sho1E03.tmp
2014-08-30 18:10 . 2014-08-30 18:10 0 ----a-w- c:\windows\SysWow64\sho37CD.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}]
2014-11-24 17:15 125608 ----a-w- c:\program files (x86)\Jelbrus Secure Web\jsie.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 18:29 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-24 1105488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-13 703736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet 2620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 2620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN38U1GG560600;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 dlowutgh;dlowutgh;c:\windows\system32\drivers\dlowutgh.sys;c:\windows\SYSNATIVE\drivers\dlowutgh.sys [x]
R1 hvvbxfkx;hvvbxfkx;c:\windows\system32\drivers\hvvbxfkx.sys;c:\windows\SYSNATIVE\drivers\hvvbxfkx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X86BDA;OEM Capture;c:\windows\system32\DRIVERS\OEMDrv.sys;c:\windows\SYSNATIVE\DRIVERS\OEMDrv.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 06:47]
.
2014-11-26 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2014-11-24 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 16:08 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-22 12452456]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-03-08 1021056]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-03-08 800896]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-07 1829768]
"InstantUpdate"="c:\program files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe" [2012-04-06 124520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1416694365&from=irs&uid=HitachiXHTS545050A7E380_TE95113RH5EGRPH5EGRPX
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = <-loopback>
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to iPod Converter - c:\users\Nik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2014-11-22 23:18; faststartff@gmail.com; c:\users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\extensions\faststartff@gmail.com
FF - ExtSQL: 2014-11-25 19:45; firefox-hotfix@mozilla.org; c:\users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\extensions\firefox-hotfix@mozilla.org.xpi
FF - ExtSQL: !HIDDEN! 2013-04-02 20:59; speedanalysis@SpeedAnalysis.com; c:\users\Nik\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF - ExtSQL: !HIDDEN! 2014-11-22 23:18; faststartff@gmail.com; c:\users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735\extensions\faststartff@gmail.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Free YouTube to iPod Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-HoldemManager2 - c:\users\Nik\Desktop\Holdem Manager 2\UninstallHoldemManager.exe
AddRemove-PokerStars.net - c:\program files (x86)\PokerStars.NET\PokerStarsUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2301642691-1721406929-1581638024-1001\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,6d,da,
94,b0,8a,ef,0c,92,40,cc,e8,45,6d,3c,22
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,ce,
01,9b,bd,e8,0d,bf,94,b9,17,8d,6a,fa,de
"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,3b,1b,d4,ea,01,
94,37,5b,bf,04,9c,03,52,ec,1e,9b,c6,3b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,21,
89,34,19,d4,05,94,ce,12,24,77,4c,24,db
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,3b,1b,10,22,df,
cb,7c,ac,2b,08,82,8c,40,9c,2e,7c,84,52
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,84,99,
81,1b,11,b6,06,83,d5,9f,c6,6a,ac,3a,a1
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,cb,fd,
37,72,0d,f2,05,ae,b4,57,2b,f9,46,26,26
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,3c,
54,88,3c,11,08,8a,f7,be,9b,04,71,3e,68
"{45564571-A21B-48ED-B584-69752EEE9C3D}"=hex:51,66,7a,6c,4c,1d,3b,1b,61,59,47,
5c,2d,f7,86,07,af,86,2a,35,2f,aa,db,20
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,df,f7,
f7,2e,34,b7,5e,86,70,43,53,21,83,df,5a
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"=hex:51,66,7a,6c,4c,1d,3b,1b,3d,c6,36,
19,c4,9c,60,04,b4,07,a1,8d,1a,9f,2b,e2
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,3b,1b,6c,5b,f0,
9b,62,e4,b8,07,82,93,70,98,3d,62,fb,ce
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,05,
6f,c6,83,47,09,ac,e9,97,9a,f0,9d,6a,5e
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,3b,1b,b5,43,be,
d8,1a,d0,fb,03,9b,2c,e4,b7,5f,45,5a,9a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d9,
c2,73,f1,30,0c,a6,76,df,65,c0,81,cf,b4
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,3b,1b,4c,df,f7,
f7,2e,34,b7,5e,86,70,43,53,21,83,df,5a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-26 17:41:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-11-26 16:41
.
Vor Suchlauf: 11 Verzeichnis(se), 331.907.907.584 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 333.407.182.848 Bytes frei
.
- - End Of File - - C5A5A9B87F6E2400E298B395D7606038
Geändert von Djabber (26.11.2014 um 18:34 Uhr) |
|
27.11.2014, 10:39
| #6 |
| /// the machine /// TB-Ausbilder | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Werbung aller Art bei Google Chrome zu sehen (Notificatoin) |
|
27.11.2014, 15:31
| #7 |
| | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Bei dem Malware-Log spuckt er nur das, als Text-Datei aus...Hab ich da irgendwas falsch gemacht oder reicht das? Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 27.11.2014 13:58:51, SYSTEM, NIK-LAPTOP, Manual, Rootkit Database, 2014.9.18.1, 2014.11.22.1, Update, 27.11.2014 13:59:53, SYSTEM, NIK-LAPTOP, Manual, Malware Database, 2014.9.19.5, 2014.11.27.5, (end) Code:
ATTFilter # AdwCleaner v4.102 - Bericht erstellt am 27/11/2014 um 15:01:56
# Aktualisiert 23/11/2014 von Xplode
# Database : 2014-11-27.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Nik - NIK-LAPTOP
# Gestartet von : C:\Users\Nik\Desktop\AdwCleaner_4.102.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IePluginServices
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\AI_RecycleBin
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\Nik\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Nik\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\SpeedanAlysis
Ordner Gelöscht : C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\nw27ejr7.default\user.js
***** [ Tasks ] *****
Task Gelöscht : BitGuard
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Nik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Nik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\Classes\keepmysearch
Schlüssel Gelöscht : HKCU\Software\5bed6deb668e441
Schlüssel Gelöscht : HKLM\SOFTWARE\5bed6deb668e441
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\PerformerSoft
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v33.1.1 (x86 de)
[j3i6rxvg.default-1366626763735\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
[j3i6rxvg.default-1366626763735\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
[j3i6rxvg.default-1366626763735\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[j3i6rxvg.default-1366626763735\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=115935&tt=4912_8&babsrc=HP_ss&mntrId=08872d8000000000000074e5430946ac");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "DVDVideoSoftTB DE Customized Web Search");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000082.isPlayDisplay", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Radio 8\",\"description\":\"Radio 8\",\"url\":\"hxxp://stream.radio8.de:8000/live.m3u\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_country", "GERMANY");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_location", "Muenchen, Germany");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_locId", "GMBY0074");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_region", "DE");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_temp_dis", "c");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_TMP_city", "MUENCHEN");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_TMP_country", "DE");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.TWC_wind_dis", "kmh");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"2°C\",\"temperatureClear\":\"2°C\",\"highTemperature\":\"2°C\",\"lowTemperature\":\"-2°C\",\"feelsLike\":\"-1°C\",\"c[...]
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzY0OTI5MjU2NjIwLCJ1cGRhdGVSZXNwVGltZSI6MTM2NDkyOTI1ODMwMywiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.enableFix404ByUser", "TRUE");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.FirstTime", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundErrorByUser", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.fixUrls", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.installType", "Unknown");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.keyword", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.lastVersion", "10.15.0.562");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DHNojZnE8Edg\",\"EB_MAIN_FRAME_TITLE\":\"Plasma%20Storm%20Booster%20Box%20Opening%20%7C[...]
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\"WEATHER\\\",\\\"BROWSER_COMPONENT\\\"]\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.PG_ENABLE", "dHJ1ZQ==");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.revertSettingsEnabled", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.search.searchCount", "0");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.SearchAppState.enc", "Mg==");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.searchFromAddressBarEnabledByUser", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabledByUser", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.selectToSearchBoxEnabledByUser", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.sendUsageEnabled", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2625848\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com//xpi\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB DE\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1364929251694");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364929255499");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364929251501");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_location_lastUpdate", "1364929249048");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.15.0.562_lastUpdate", "1364929651070");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364929251605");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1364929249036");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1364929248340");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364929251366");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1364936850851");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1364929252515");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.settingsINI", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.showToolbarPermission", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.smartbar.homepage", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.smartbar.isHidden", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.toolbarBornServerTime", "2-4-2013");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "2-4-2013");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.toolbarLoginClientTime", "Tue Apr 02 2013 21:01:11 GMT+0200");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848.UserID", "UN66358242679749915");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364929437930,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.admin", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.bbDpng", "2");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "43962FC83CBB368F231225DE45D24B41");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.id", "08872d8000000000000074e5430946ac");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlDay", "15797");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.10.020:59:20");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.newTab", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.020:59:20");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=D0DECFCE-4A5C-4AEA-AA93-82A38CDCF983&n=77fc8eb6&p2=^XP^xdm284^YY^de&si=CMbusszPrLYCFcVb3godv[...]
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013040310");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm284^YY^de");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CMbusszPrLYCFcVb3godvAgAXQ");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "D0DECFCE-4A5C-4AEA-AA93-82A38CDCF983");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1366441845074");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{1B6BFA50-3EFF-11E2-BA7F-74E543098C66}");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[nw27ejr7.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
*************************
AdwCleaner[R0].txt - [28501 octets] - [27/11/2014 15:00:03]
AdwCleaner[S0].txt - [29402 octets] - [27/11/2014 15:01:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29463 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Nik on 27.11.2014 at 15:13:40,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{038ED6BD-5AEC-4AA5-A94C-610402953EBD}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{1B98C244-049A-4305-87ED-C8660696F13F}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{1C08D32E-CE3E-4A20-A56C-6B749D3E53DD}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{251355BA-5F9A-42C6-82FE-E8103C46BBFE}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{26B6B016-498E-4671-825E-0C6BA93B2D9E}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{2C2A0153-06A8-4985-9C5C-A3DFDD612873}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{646CEC77-3825-4701-AE3E-DC4E76124704}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{7B39E09A-46E4-4FC2-BA2D-D5BF327FE6D2}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{7DF69FDB-7F55-45CB-B0F4-6067D4DAB61C}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{8C8FB35F-161A-48BF-9AF8-869DC262C16B}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{8EEF7C54-9D31-4CB1-A62B-0344DE410FC3}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{BBF5B8F5-F020-4F99-8BF9-9793F08AB2EB}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{BD6EE792-8B80-4F04-8689-093BE21910C7}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{BFB10A64-F46F-4BBE-A5E6-7B500C36EC6C}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{E1A52D2B-05F3-43C4-932B-98E321D8158A}
Successfully deleted: [Empty Folder] C:\Users\Nik\appdata\local\{E5E18A68-4659-4FF8-BAE1-EED429295007}
~~~ FireFox
Emptied folder: C:\Users\Nik\AppData\Roaming\mozilla\firefox\profiles\j3i6rxvg.default-1366626763735\minidumps [27 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.11.2014 at 15:16:35,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by Nik (administrator) on NIK-LAPTOP on 27-11-2014 15:23:30 Running from C:\Users\Nik\Downloads Loaded Profiles: Nik & UpdatusUser & Gast (Available profiles: Nik & UpdatusUser & postgres & Gast) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-02] (Synaptics Incorporated) HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated) HKLM\...\Run: [InstantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] () HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-24] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-13] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2301642691-1721406929-1581638024-1000-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] () HKU\S-1-5-21-2301642691-1721406929-1581638024-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] () HKU\S-1-5-21-2301642691-1721406929-1581638024-1006-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] () HKU\S-1-5-21-2301642691-1721406929-1581638024-501\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] () HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} AppInit_DLLs: c:\Windows\System32\nvinitx.dll => c:\Windows\System32\nvinitx.dll [245432 2012-12-03] (NVIDIA Corporation) Startup: C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 2620 series.lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 2620 series.lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:58070;https=127.0.0.1:58070 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\S-1-5-21-2301642691-1721406929-1581638024-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nik\AppData\Roaming\Mozilla\Firefox\Profiles\j3i6rxvg.default-1366626763735 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Nik\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\dc7e1fc06102a3783e1eb8d55475f91f [2014-11-26] FF HKU\S-1-5-21-2301642691-1721406929-1581638024-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-10] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Nik\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-13] (Avira Operations GmbH & Co. KG) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [162648 2012-03-16] (Intel Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-27] (Malwarebytes Corporation) S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( ) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S1 dlowutgh; \??\C:\Windows\system32\drivers\dlowutgh.sys [X] S1 hvvbxfkx; \??\C:\Windows\system32\drivers\hvvbxfkx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-27 15:23 - 2014-11-27 15:23 - 00000000 ____D () C:\Users\Nik\Downloads\FRST-OlderVersion 2014-11-27 15:21 - 2014-11-27 15:21 - 00000268 _____ () C:\Users\Nik\Desktop\Malware.txt 2014-11-27 15:16 - 2014-11-27 15:16 - 00002490 _____ () C:\Users\Nik\Desktop\JRT.txt 2014-11-27 15:13 - 2014-11-27 15:13 - 00000000 ____D () C:\Windows\ERUNT 2014-11-27 15:12 - 2014-11-27 15:13 - 01707532 _____ (Thisisu) C:\Users\Nik\Desktop\JRT.exe 2014-11-27 15:07 - 2014-11-27 15:07 - 00029556 _____ () C:\Users\Nik\Desktop\AdwCleaner[S0].txt 2014-11-27 15:07 - 2014-11-27 15:07 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Vorlagen 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Startmenü 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Netzwerkumgebung 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Lokale Einstellungen 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Eigene Dateien 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Druckumgebung 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Musik 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Documents\Eigene Bilder 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Verlauf 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\AppData\Local\Anwendungsdaten 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 _SHDL () C:\Users\TEMP\Anwendungsdaten 2014-11-27 15:07 - 2014-11-27 15:07 - 00000000 ____D () C:\Users\TEMP 2014-11-27 15:07 - 2014-03-14 13:03 - 00000000 ____D () C:\Users\TEMP\Documents\Visual Studio 2012 2014-11-27 15:07 - 2012-08-11 16:32 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help 2014-11-27 15:07 - 2012-03-28 21:56 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-11-27 15:07 - 2012-03-28 21:56 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-27 15:07 - 2012-03-28 20:00 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia 2014-11-27 15:06 - 2014-11-27 15:06 - 00000000 ___RD () C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-11-27 15:00 - 2014-11-27 15:12 - 00000000 ____D () C:\AdwCleaner 2014-11-27 14:57 - 2014-11-27 14:58 - 02148864 _____ () C:\Users\Nik\Desktop\AdwCleaner_4.102.exe 2014-11-27 14:57 - 2014-11-27 13:59 - 00000674 _____ () C:\Users\Nik\Documents\Malwarebytes.Xml 2014-11-27 13:58 - 2014-11-27 15:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-27 13:58 - 2014-11-27 13:58 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-27 13:58 - 2014-11-27 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-27 13:58 - 2014-11-27 13:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-27 13:58 - 2014-11-27 13:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-27 13:58 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-27 13:58 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-27 13:58 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-27 13:53 - 2014-11-27 13:56 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Nik\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-26 18:47 - 2014-11-26 18:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-26 17:43 - 2014-11-26 17:43 - 00034842 _____ () C:\Users\Nik\Documents\Combofix.txt 2014-11-26 17:41 - 2014-11-26 17:41 - 00034842 _____ () C:\ComboFix.txt 2014-11-26 17:17 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-11-26 17:17 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-11-26 17:17 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-11-26 17:17 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-11-26 17:17 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-11-26 17:17 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-11-26 17:17 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-11-26 17:17 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-11-26 17:09 - 2014-11-26 17:09 - 00013316 _____ () C:\Users\Nik\Desktop\ComboFix - Verknüpfung.lnk 2014-11-26 17:06 - 2014-11-26 17:41 - 00000000 ____D () C:\Qoobox 2014-11-26 17:05 - 2014-11-26 17:39 - 00000000 ____D () C:\Windows\erdnt 2014-11-26 16:38 - 2014-11-26 16:38 - 00000736 _____ () C:\Users\Nik\Desktop\Revo Uninstaller.lnk 2014-11-26 16:37 - 2014-11-26 16:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Nik\Downloads\revosetup95.exe 2014-11-26 15:49 - 2014-11-26 15:53 - 42183760 _____ (Google Inc.) C:\Users\Nik\Downloads\ChromeStandaloneSetup.exe 2014-11-26 15:41 - 2014-11-27 15:02 - 00001057 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-11-25 19:48 - 2012-07-05 21:06 - 00772544 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2014-11-25 19:48 - 2012-07-05 21:06 - 00687544 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2014-11-25 15:41 - 2014-11-25 15:42 - 00038162 _____ () C:\Users\Nik\Downloads\Addition.txt 2014-11-25 15:37 - 2014-11-27 15:23 - 00018545 _____ () C:\Users\Nik\Downloads\FRST.txt 2014-11-25 15:37 - 2014-11-27 15:23 - 00000000 ____D () C:\FRST 2014-11-25 15:36 - 2014-11-27 15:23 - 02117632 _____ (Farbar) C:\Users\Nik\Downloads\FRST64.exe 2014-11-25 14:36 - 2014-11-25 14:36 - 00023174 _____ () C:\Users\Nik\Documents\Ereignisse.txt 2014-11-25 14:14 - 2014-11-26 17:05 - 05599228 ____R (Swearware) C:\Users\Nik\Downloads\ComboFix.exe 2014-11-24 18:15 - 2014-11-26 18:18 - 00003278 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task 2014-11-24 18:15 - 2014-11-24 18:15 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web 2014-11-23 23:02 - 2014-11-23 23:02 - 00000000 _____ () C:\Windows\SysWOW64\shoC749.tmp 2014-11-23 19:41 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-23 19:41 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-11-23 19:41 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-11-23 19:41 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-11-23 19:40 - 2014-11-23 19:41 - 00004855 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-11-22 23:11 - 2014-11-23 18:27 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\{37E99E86-D615-4B08-937F-F8F935C455F3}_ANZHUANG 2014-11-20 23:00 - 2014-11-20 23:00 - 00000000 _____ () C:\Windows\SysWOW64\sho3398.tmp 2014-11-19 11:35 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 11:35 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 11:35 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 11:35 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-17 20:45 - 2014-11-17 21:26 - 251529340 _____ () C:\Users\Nik\Documents\IMG_0160.MOV 2014-11-14 22:49 - 2014-11-14 22:49 - 00000000 _____ () C:\Windows\SysWOW64\sho82A7.tmp 2014-11-14 07:46 - 2014-11-14 07:46 - 00000000 __SHD () C:\Users\Nik\AppData\Local\EmieBrowserModeList 2014-11-12 17:06 - 2014-11-12 17:06 - 00001558 _____ () C:\Users\Nik\Desktop\Pokémon Trading Card Game Online.lnk 2014-11-12 17:05 - 2014-11-12 17:06 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online 2014-11-12 15:26 - 2014-11-12 17:00 - 419914240 _____ () C:\Users\Nik\Downloads\PokemonInstaller (3).msi 2014-11-12 08:01 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 08:01 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 08:01 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 08:01 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 08:01 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 08:01 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 08:01 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 08:01 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 08:01 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 08:01 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 08:01 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 08:01 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 08:01 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 08:01 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 08:01 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 08:01 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 08:01 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 08:01 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 08:01 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 08:01 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 08:01 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 08:01 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 08:01 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 08:01 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 08:01 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 08:01 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 08:01 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 08:01 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 08:01 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 08:01 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 08:01 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 08:01 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 08:01 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 08:01 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 08:01 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 08:01 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 08:01 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 08:01 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 08:00 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 08:00 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 08:00 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 08:00 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 08:00 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 08:00 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 08:00 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 08:00 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 08:00 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 08:00 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 08:00 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 08:00 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 08:00 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 08:00 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 08:00 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 08:00 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 08:00 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 08:00 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 07:59 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 07:59 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 07:59 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 07:59 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 07:59 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 07:59 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 07:59 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 07:59 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 07:59 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 07:59 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 07:59 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 07:59 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 07:54 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 07:54 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 07:54 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 07:54 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 07:54 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 07:54 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 07:54 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 07:54 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 07:54 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 07:54 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 07:54 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 07:54 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 07:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 07:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 07:54 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 07:54 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 07:54 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 07:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 07:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 07:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 07:54 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 07:54 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 07:54 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 07:54 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 07:54 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 07:54 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 07:53 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 07:53 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 07:53 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 07:53 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 07:53 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 07:53 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 07:53 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 23:10 - 2014-11-11 23:10 - 00000000 _____ () C:\Windows\SysWOW64\sho165E.tmp 2014-11-11 14:37 - 2014-11-14 19:30 - 00101181 _____ () C:\Users\Nik\Documents\Entwicklungszusammenarbeit von Deutschland.pptx 2014-11-10 20:10 - 2014-11-10 20:10 - 00013017 _____ () C:\Users\Nik\AppData\Local\recently-used.xbel 2014-11-09 21:54 - 2014-11-09 21:54 - 00139332 _____ () C:\Users\Nik\gesichtprojekt3.xcf 2014-11-09 21:48 - 2014-11-09 21:48 - 00043778 _____ () C:\Users\Nik\projektgesicht2.xcf.bz2 2014-11-09 21:40 - 2014-11-09 21:40 - 00064310 _____ () C:\Users\Nik\GesichtProjekt1.xcf.bz2 2014-11-07 17:43 - 2014-09-25 14:28 - 00000000 ____D () C:\Users\Nik\Desktop\Bilder 2014-11-07 17:08 - 2014-11-07 17:40 - 315961644 _____ () C:\Users\Nik\Downloads\Bilder KNOBELIX.rar 2014-11-04 23:28 - 2014-11-04 23:28 - 00000000 _____ () C:\Windows\SysWOW64\sho6EB3.tmp 2014-11-02 16:04 - 2014-11-02 16:04 - 00472571 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1_RP (2).odt 2014-11-02 16:01 - 2014-11-02 16:01 - 00472571 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1_RP (1).odt 2014-11-02 15:54 - 2014-11-02 15:54 - 00471422 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.2.odt 2014-11-02 15:52 - 2014-11-02 15:53 - 00472571 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1_RP.odt 2014-11-01 21:07 - 2014-11-01 21:07 - 00464232 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.1.odt 2014-11-01 16:42 - 2014-11-01 17:41 - 00464228 _____ () C:\Users\Nik\Downloads\Facharbeit_V1.0_rp.odt 2014-10-30 01:20 - 2014-10-30 01:20 - 00000000 _____ () C:\Windows\SysWOW64\sho9166.tmp 2014-10-28 22:38 - 2014-10-28 22:39 - 00073144 _____ () C:\Users\Nik\Downloads\FLVPlayer-Chrome (1).exe 2014-10-28 00:26 - 2014-10-28 00:26 - 00462485 _____ () C:\Users\Nik\Downloads\Facharbeit_V0.9_RP.odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-27 15:14 - 2012-10-04 05:33 - 00000000 ____D () C:\Users\Nik\AppData\Local\CrashDumps 2014-11-27 15:12 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-27 15:12 - 2009-07-14 05:45 - 00031472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-27 15:04 - 2012-06-12 15:09 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-11-27 15:03 - 2012-07-28 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-27 15:03 - 2010-11-21 04:47 - 00549908 _____ () C:\Windows\PFRO.log 2014-11-27 15:03 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Performance 2014-11-27 15:03 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-27 15:03 - 2009-07-14 05:51 - 00166262 _____ () C:\Windows\setupact.log 2014-11-27 15:02 - 2012-07-28 21:24 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-11-27 15:02 - 2012-07-28 21:15 - 00000995 _____ () C:\Users\Nik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-27 15:02 - 2012-06-12 14:55 - 01752037 _____ () C:\Windows\WindowsUpdate.log 2014-11-27 15:01 - 2013-02-15 22:22 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-11-27 14:46 - 2012-03-28 19:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-26 22:14 - 2012-07-28 21:33 - 00000000 ____D () C:\Users\Nik\AppData\Roaming\Skype 2014-11-26 18:13 - 2014-09-09 17:13 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll 2014-11-26 17:41 - 2013-11-22 21:11 - 00000000 ____D () C:\Users\Administrator 2014-11-26 17:41 - 2012-11-17 18:07 - 00000000 ____D () C:\Users\Yannik 2014-11-26 17:41 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2014-11-26 17:34 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-11-26 16:31 - 2014-07-20 17:29 - 00000000 ____D () C:\Users\Nik\Documents\888poker 2014-11-26 16:29 - 2014-09-15 20:21 - 00000000 ____D () C:\Users\Nik\Desktop\Djabber1886 2014-11-26 15:42 - 2013-04-02 20:04 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-26 15:41 - 2014-10-09 13:40 - 00000000 ____D () C:\Users\postgres 2014-11-26 15:41 - 2013-04-02 20:04 - 00000000 ____D () C:\Users\Nik\AppData\Local\Google 2014-11-26 15:38 - 2012-07-28 21:25 - 00000000 ____D () C:\Users\Nik\AppData\Local\Mozilla 2014-11-26 07:47 - 2012-03-28 19:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-26 07:46 - 2012-03-28 19:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 07:46 - 2012-03-28 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-25 19:36 - 2012-03-28 19:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-25 19:21 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-11-25 14:59 - 2014-10-09 13:37 - 00000000 ____D () C:\postgreSQL 2014-11-25 14:18 - 2014-06-08 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-25 14:18 - 2014-06-08 11:47 - 00000000 ____D () C:\ProgramData\Avira 2014-11-25 14:18 - 2014-06-08 11:47 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-25 14:18 - 2014-03-12 16:48 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-25 13:19 - 2014-09-08 17:15 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-11-25 13:18 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-24 18:15 - 2013-04-02 20:08 - 00002251 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-24 15:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-24 12:54 - 2014-09-05 20:10 - 00000000 ____D () C:\Users\Nik\AppData\Local\PokerStars.EU 2014-11-24 12:52 - 2012-06-12 15:09 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-11-23 19:41 - 2014-04-07 18:29 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-23 19:41 - 2012-09-05 15:17 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-14 07:36 - 2009-07-14 05:45 - 00330704 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-14 07:33 - 2014-05-07 05:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-13 13:38 - 2012-07-28 21:41 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-13 13:30 - 2014-04-07 18:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-13 06:45 - 2014-04-07 18:02 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 20:54 - 2014-09-05 20:09 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU 2014-11-11 19:04 - 2012-06-13 00:47 - 00700134 _____ () C:\Windows\system32\perfh007.dat 2014-11-11 19:04 - 2012-06-13 00:47 - 00149984 _____ () C:\Windows\system32\perfc007.dat 2014-11-11 19:04 - 2009-07-14 06:13 - 01622300 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-11 15:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-11 07:35 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-10 20:17 - 2013-11-03 21:55 - 00000000 ____D () C:\Users\Nik\.gimp-2.8 2014-11-10 20:10 - 2014-07-30 20:59 - 00000000 ____D () C:\Users\Nik\AppData\Local\gtk-2.0 2014-11-09 21:54 - 2012-07-28 21:10 - 00000000 ____D () C:\Users\Nik 2014-11-04 15:01 - 2014-05-06 16:02 - 00000000 ____D () C:\Users\Nik\Documents\Zeitplan, Gliederung und Exposé der Seminararbeit (Niklas Lehnert-Rappel) 2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Some content of TEMP: ==================== C:\Users\Nik\AppData\Local\Temp\avgnt.exe C:\Users\Nik\AppData\Local\Temp\GPUpd54760A9A3.exe C:\Users\Nik\AppData\Local\Temp\tbDVDV.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-26 18:04 ==================== End Of Log ============================ |
|
28.11.2014, 12:55
| #8 |
| /// the machine /// TB-Ausbilder | Werbung aller Art bei Google Chrome zu sehen (Notificatoin)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.11.2014, 23:42
| #9 |
| | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Mittlerweile sind alle Werbungen verschwunden und Links zu Werbungen auch, allerdings wenn ich irgendwo in geöffnetes Fenster klicke, öffnet sich ein neuer Tab mit einer Werbeanzeige... Hier der ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a63cd5a3fe0ce54d8b8d8dcec988cda0
# engine=21335
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-30 09:43:10
# local_time=2014-11-30 10:43:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 15557 17756788 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 214792 169013640 0 0
# scanned=244730
# found=606
# cleaned=0
# scan_time=11144
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=74736C9A54C385AF16A42795E231B4C3425D9338 ft=1 fh=f92a8b260b274c8c vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir"
sh=B3F76FB12066DC4F51780F3F9DABA5A9018F359F ft=1 fh=70d549a263d539ed vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v1.82.exe.vir"
sh=A52A0A88E01D07793898EF21E8D7DF43BA0A0E7D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\NVIDIA\DisplayDriver\310.70\Win8_WinVista_Win7_64\International\NVI2\progress.htm"
sh=C0BA6B558599F58B445AB93C2CB2AC9AC5EFA55C ft=1 fh=66c795aa68840c54 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\Audio\PCEE4\Dolby4A3.exe"
sh=24E679D198EF7292DC13FC2155363D79EDFE6A42 ft=1 fh=66c795aa02bee2c9 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\Audio\PCEE4\Dolby4H3.exe"
sh=5BE407D8C3687DDF8B38A711E839E43402CBF7B8 ft=1 fh=66c795aa0fb84d47 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\ig4icd32.dll"
sh=02B67181A7C9E6E01B5004D283619E4A8A014A3B ft=1 fh=66c795aa77736f9f vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\ig7icd32.dll"
sh=E8E9C8E3ECDA9C10832596473E3CEB62A9A83299 ft=1 fh=66c795aaae444857 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igd10umd32.dll"
sh=0655FB160E3A887AD38113D595D1B2CAD2308755 ft=1 fh=66c795aac22d715d vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igdbcl32.dll"
sh=A9AA9D505A6E451AB4B3177E7770AB9B342DAA9A ft=1 fh=66c795aaa9583af7 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igdde32.dll"
sh=AA6289A0E45E376448CD3C93DBD2BDF0EEFE113F ft=1 fh=66c795aa6babed08 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igdfcl32.dll"
sh=21B9725D99B55B11A560C0EBAAD39954C7061632 ft=1 fh=66c795aac50c5048 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igdrcl32.dll"
sh=382C007096E650FB60BB4E1AAF1C0F261B7E2E2F ft=1 fh=66c795aacf821534 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igdumd32.dll"
sh=061D0A2FC70B6A8C38F8EDAE2911B03BFA357ACE ft=1 fh=66c795aa74ff929b vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igfxcmjit32.dll"
sh=90FB0D105D8EEC094DF9D579C86D0661D15D8047 ft=1 fh=66c795aab4623d3c vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igfxcmrt32.dll"
sh=E01B9406F36959BEF5BA51D1314640B635801B7C ft=1 fh=66c795aa11489a07 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\igfxdv32.dll"
sh=A5DA843433EEA32732BE78BF1041C7382B839ED2 ft=1 fh=66c795aacca1f05c vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\OpenCL.dll"
sh=E2D3FC74A40F89E3E22CCE508B6EC2C1BF3904DE ft=1 fh=66c795aa982b96de vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\IVB\win32\mfx_mft_h264vd_32.dll"
sh=088C5095C190980784BA11E977B6974AE750A4A0 ft=1 fh=66c795aa296d7379 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\IVB\win32\mfx_mft_h264ve_32.dll"
sh=F47EFFD0F033B2DE46E8D44DDA3E2D7F606B595A ft=1 fh=66c795aa15a39a1a vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\IVB\win32\mfx_mft_mp2vd_32.dll"
sh=00559A28AD458441244E51F5B86A14F3F17E49D0 ft=1 fh=66c795aa98523ca9 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\IVB\win32\mfx_mft_vc1vd_32.dll"
sh=44B6AE09B52F293BB7AAD9D84AFE4E3789FAD147 ft=1 fh=66c795aaac940af2 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\IVB\win32\mfx_mft_vpp_32.dll"
sh=E2D3FC74A40F89E3E22CCE508B6EC2C1BF3904DE ft=1 fh=66c795aa982b96de vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\SNB\win32\mfx_mft_h264vd_32.dll"
sh=088C5095C190980784BA11E977B6974AE750A4A0 ft=1 fh=66c795aa296d7379 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\SNB\win32\mfx_mft_h264ve_32.dll"
sh=F47EFFD0F033B2DE46E8D44DDA3E2D7F606B595A ft=1 fh=66c795aa15a39a1a vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\SNB\win32\mfx_mft_mp2vd_32.dll"
sh=00559A28AD458441244E51F5B86A14F3F17E49D0 ft=1 fh=66c795aa98523ca9 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\SNB\win32\mfx_mft_vc1vd_32.dll"
sh=44B6AE09B52F293BB7AAD9D84AFE4E3789FAD147 ft=1 fh=66c795aaac940af2 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\Graphics\MediaSDK\SNB\win32\mfx_mft_vpp_32.dll"
sh=E2D3FC74A40F89E3E22CCE508B6EC2C1BF3904DE ft=1 fh=66c795aa982b96de vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\IVB\win32\mfx_mft_h264vd_32.dll"
sh=088C5095C190980784BA11E977B6974AE750A4A0 ft=1 fh=66c795aa296d7379 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\IVB\win32\mfx_mft_h264ve_32.dll"
sh=F47EFFD0F033B2DE46E8D44DDA3E2D7F606B595A ft=1 fh=66c795aa15a39a1a vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\IVB\win32\mfx_mft_mp2vd_32.dll"
sh=00559A28AD458441244E51F5B86A14F3F17E49D0 ft=1 fh=66c795aa98523ca9 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\IVB\win32\mfx_mft_vc1vd_32.dll"
sh=44B6AE09B52F293BB7AAD9D84AFE4E3789FAD147 ft=1 fh=66c795aaac940af2 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\IVB\win32\mfx_mft_vpp_32.dll"
sh=E2D3FC74A40F89E3E22CCE508B6EC2C1BF3904DE ft=1 fh=66c795aa982b96de vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\SNB\win32\mfx_mft_h264vd_32.dll"
sh=088C5095C190980784BA11E977B6974AE750A4A0 ft=1 fh=66c795aa296d7379 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\SNB\win32\mfx_mft_h264ve_32.dll"
sh=F47EFFD0F033B2DE46E8D44DDA3E2D7F606B595A ft=1 fh=66c795aa15a39a1a vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\SNB\win32\mfx_mft_mp2vd_32.dll"
sh=00559A28AD458441244E51F5B86A14F3F17E49D0 ft=1 fh=66c795aa98523ca9 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\SNB\win32\mfx_mft_vc1vd_32.dll"
sh=44B6AE09B52F293BB7AAD9D84AFE4E3789FAD147 ft=1 fh=66c795aaac940af2 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\IntelVGA\MediaSDK\SNB\win32\mfx_mft_vpp_32.dll"
sh=5751DB5936641FE6B8FD9288DB3BAF318AB529EE ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Arabic\bottom.html"
sh=3B58A0A770AB6C6F3815BDAF5DF755F065BCBCA4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Arabic\contactInfo.html"
sh=ED8AC878C6BF9B0F3B4C5DAB665EDB103036CF1B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Arabic\setup.html"
sh=D938AE2C544055DFD680D97BF34553BD994505BA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\English\bottom.html"
sh=95619462AAA963254CC9D825B0A74F1B8E35E2CB ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\English\top.html"
sh=5B9D597A47E54A1EB0EEFFEBE188CADF6889B94C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\English\troubleshooting.html"
sh=8E81BA76F5586533C1B185873812FC8EF1B3C138 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\French\AdvProperties.html"
sh=58FDE20B837B5318373126E5B2A9D2E19A088323 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\French\troubleshooting.html"
sh=0AAB4395B048D5659BEE6BD5AF9FAF56BDF5E9F6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\German\AdvProperties.html"
sh=598B745870DEE04F4999EF575574E7B9F2811E26 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\German\contactInfo.html"
sh=88B49663FD5EEB6B5DAECF443D124922C114A889 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Hebrew\contactInfo.html"
sh=1D9C42CD382B6AEFEBB0126C6508912E98E213F5 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Hebrew\troubleshooting.html"
sh=48CA60340FCD5AE243BCA955E61F0F5D475B9FBE ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Hungarian\bottom.html"
sh=20741D3289C12B01EBA88683A8B0D9669834D03B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Hungarian\left.html"
sh=62783EE4555C77502FF6CB935A60E4E1F2E20714 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Italian\contactInfo.html"
sh=53034F7D1E7FDA38D71C68E4791EF2F19E57D439 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Italian\index.html"
sh=54044F871303A4008D6C424B70A2C0B1695E5FD3 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Italian\setup.html"
sh=63AFBB4A516900E18DAF6D2553EC68BEB54C05DD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Italian\troubleshooting.html"
sh=1DAEAEC68635F8C3A7FE454F7B354C48627A4DFC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Japanese\bottom.html"
sh=536149CC41F4DD54747058720565508E466CAF9E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Japanese\contactInfo.html"
sh=3AA9DC043800179B94606582068C08808017CB69 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Korean\troubleshooting.html"
sh=84E636B2CCD4F9DD692558D104A1A501C0E8C273 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Korean\welcome.html"
sh=13F4FB612E5D90DF87FCA4FCE7B34730BB5753A2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Portuguese\index.html"
sh=93184D33AD517DAC89720157CBF90E5B5C2DB4D3 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Portuguese\setup.html"
sh=BC4FC1906161162E9722491319311D6B3EFA65A5 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Portuguese\top.html"
sh=9A8910A9F5DA4F7160C107AC12D54E283AEC9E60 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Portuguese\troubleshooting.html"
sh=3F30E1B716ACB2E201D908624399641FCC51A7FD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Simplified_Chinese\bottom.html"
sh=1CA6D060279931D179BE2D02B0778193D3919776 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Simplified_Chinese\index.html"
sh=50E4B5E3F8AD870575D4ADC7B182EE3667A3FB4B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Simplified_Chinese\top.html"
sh=89E9E22F6D7507260F1E9D6FA7DAA52A7D739FDE ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Spanish\AdvProperties.html"
sh=C63B394E1E7DBF71CA148C6C2C81FD4ED0DBBB51 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Spanish\left.html"
sh=5C029649F09A1E34740645770CA7CCED7AD68EFA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Spanish\top.html"
sh=E3E4BF1A5E03B5385B1CD7C588FFC4BB45BE165C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Spanish\troubleshooting.html"
sh=3F30E1B716ACB2E201D908624399641FCC51A7FD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Traditional_Chinese\bottom.html"
sh=15FFD48E7BFF2E71DD70F99D5A2805CA0D69FCB4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Traditional_Chinese\left.html"
sh=2CD8430F557EA05D5D1F9B819915F7E5B2D7BA2D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Traditional_Chinese\top.html"
sh=A300715244D15AA6458F190337DBE95AD03FC38A ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Traditional_Chinese\troubleshooting.html"
sh=1BBEBD8F04ECA0C7757B437181FA26C39E9DCE02 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\REALTEKLAN\README\WIN7\Turkish\welcome.html"
sh=BD08565272AAF1D504935D05DE59F00651955FD0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\Synaptics\WinWDF\x64\Syn4FingerFlickLeftRight.html"
sh=F6C49CE06F7600B34D3353771E15B6A0A156BA3E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\Synaptics\WinWDF\x86\Syn2FingerScrolling.html"
sh=C5BA86785C410C3D58F88E93F11D6A0C3A73EB19 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\Synaptics\WinWDF\x86\SynScrollingHorizontal.html"
sh=7431D30C3B67D8B1417615D2A8DBCC127151944E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\Synaptics\WinWDF\x86\SynScrollingVertical.html"
sh=0A04BCF3816401E571AD19A2B55EA5DBE3036437 ft=1 fh=66c795aacf5dc202 vn="Win32/Ramnit.A Virus" ac=I fn="C:\OEM\Preload\Autorun\DRV\WLAN_JTC00106\ISSetup.dll"
sh=3736E3DD6781F26718C1ED30CABA7C420514E170 ft=1 fh=66c795aa8a742410 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\wtap.dll"
sh=D7EE32A7F1412C886D9CCB21B7C2C26770C41FDF ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\de\going_online.html"
sh=9304E0D08E3ECAF3DA697CEDB607EA24384C77F3 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\de\start_right.html"
sh=D9B97ABC5A06CC5DEFE65ED3B70D7B6E74038FE1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\en-US\login.html"
sh=748B5F6D65D515FDF9133F2C36464E77A7FE59AB ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\en-US\offline_help.html"
sh=FE640CB07CF30ABD6BE7888278941D7880176821 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\en-US\start.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\caption.html"
sh=C3294193F906378006924761C540D74E2C7B59BC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\end.html"
sh=351626D65345BEADD9778F4F7CE542CDE2FEA747 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\error.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\extracting.html"
sh=91312BB8C69E856044319C38799D0780B9C37AA2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\login.html"
sh=005E13F1DE32F9125F771A302001461FFD2B6838 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\processing.html"
sh=1DEFDA54FFFC44C20B144DF2BBAFA82A000757E3 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\start.html"
sh=2253AFC394BA99A4E327575C4398BC2899749285 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\start_no_trials.html"
sh=4CE7B8E96182B62C1FF9177FED5BAFFC1B465851 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es\start_right.html"
sh=4E46C5A372B50D28BF0D86BE1306AD7891ECC4E2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es-es\error.html"
sh=B4E536FE30383C2C9D69F1050753E821C4A5CDC1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es-es\going_online.html"
sh=7ADE1F88E8E7C086930D3CB1A50BE166A697B9FE ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es-es\offline_help.html"
sh=C188C6D30F99039D8D3B1E8DE6ECF505A7B022BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es-es\processing.html"
sh=4E90D15FB07F3728E8B12A7523E061EADA0DDCE8 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es-es\start.html"
sh=80B4059C2ACD2E34ACA42E431C8296C228A55D3B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es-es\start_no_trials.html"
sh=269097A6E1458488CFD169D0FDA10CACCF3DF03C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\es-es\unlock.html"
sh=08AE35B2186151F597F109AAAF197BF26A6F94A0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\fr\error.html"
sh=5D5E2583DF4667C7BA6B21D3F78BD11E9D7C5C4C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\fr\login.html"
sh=41A59BA19B33E03C51BECD75AC24D431F51BFABB ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\fr\unlock.html"
sh=C178E351C019895C87FD759102E0A6E090FA289C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\it\error.html"
sh=58DB621166CF55CC93D229594DC5E3E5A2EFDAF9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\it\timeout.html"
sh=677A5ACB285F5D86CFEC1DD8345DCF0AFF7A5595 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\ko\going_online.html"
sh=78B7E84F81CF3CD33B453AAAF1910C6381DF1349 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\ko\login.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\pt\extracting.html"
sh=34374D0690F9CC892301B3FDCE902DD535C9C3EA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\pt\start_right.html"
sh=FC2AF98CBC86A1C8D560EEED343FAC927FDFB172 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\pt\timeout.html"
sh=CBF0D2C806B3BD00CE1426EC12A10D72F14DAE75 ft=1 fh=66c795aafee5798a vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\wtmui_de\dbghelp.dll"
sh=CBF0D2C806B3BD00CE1426EC12A10D72F14DAE75 ft=1 fh=66c795aafee5798a vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\wtmui_default\dbghelp.dll"
sh=2674DCD0ED2B30F9AEA513EBFEE013550E3C6748 ft=1 fh=66c795aac424a5dc vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\wtmui_fr\fmod.dll"
sh=304D291263463EDD5FC27E56B6C908A9410D7A0F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh\offline_help.html"
sh=20AFABB8C8E5E82EFE08AB8A1FAFEDC4331367A6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh\processing.html"
sh=D44D2C4DA316584F4736027EAB5D9DC872EA2049 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh\start_no_trials.html"
sh=25E53EDD5F40E8CB82B99F2032C2BEB121C4A727 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh\start_right.html"
sh=B974361DD2A67DB6CD4E31F34D45089695C578B9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh-CN\caption.html"
sh=0BE0331077DAA6AA6808B10EA40C264A32622E7D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh-CN\end.html"
sh=9E79C1F0DFAB386C134A650DBE6A8ACA9B67EAE5 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh-CN\error.html"
sh=0F0D1797B24708397F1120B928CC24FAD07948DC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh-CN\offline_help.html"
sh=56579698EC3DB233BB156731D9DECB9DDD091065 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh-CN\processing.html"
sh=704FBE2D5C59AC138168CF0214A4438CEC643630 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh-CN\start_no_trials.html"
sh=4E57EA34ECBEABEFCCDCD82C87BCE08ADF50E36C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\zh-CN\start_right.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\fr\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\pt\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Bejeweled 3\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\es-es\extracting.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\it\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\de\extracting.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\es\extracting.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\fr\extracting.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\FATE\pt\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\de\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\it\extracting.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\pt\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Final Drive Nitro\zh-CN\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\de\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\en-US\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\fr\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\es\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\pt\extracting.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Match 3\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Jewel Quest Mysteries The Seventh Gate Collectors Edition\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\John Deere Drive Green\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\en-US\extracting.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Penguins!\zh-CN\extracting.html"
sh=800AFD16D333EF7F3669764090CF2FCE21740D25 ft=1 fh=66c795aa8a742410 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\wtap.dll"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\caption.html"
sh=4CC40450EF5EFDD3E9E72450C81697CB29612F66 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\end.html"
sh=1EA825237100D90771036692BE467AB2B81D9052 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\error.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\extracting.html"
sh=D7EE32A7F1412C886D9CCB21B7C2C26770C41FDF ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\going_online.html"
sh=E3271EBECF6F0C2769CDECCFBD190805B9B79432 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\login.html"
sh=8A51C74446FE20AE0A35D01A082C234E83A78033 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\offline_help.html"
sh=BE349320574BF23BB91DD7B0E01445202BEDD782 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\pin_help.html"
sh=98DF11BE711BB2DE0522E9CA3A43CA1B54C9062B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\processing.html"
sh=874EC7907BBEB6E33B21B7278CE478A1AFB971B1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\start.html"
sh=81E57D7E18217905F1A01FE22D053B793CC429EB ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\start_no_trials.html"
sh=9304E0D08E3ECAF3DA697CEDB607EA24384C77F3 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\start_right.html"
sh=7CE7BA79D0B8C8FCDAD364542911C4C864EDB8F0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\timeout.html"
sh=057E1D8116B188FBB007C91993C562F0725E881C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\de\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\caption.html"
sh=BCBB862AA018F4476E85DDEA23E616E97FB33BF0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\end.html"
sh=EFADFE6ABD45309BB18C0C645F54425B8E07B447 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\error.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\extracting.html"
sh=10D3FF42DBF686A037DF1608C91D8D1BE2DFAB73 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\going_online.html"
sh=D9B97ABC5A06CC5DEFE65ED3B70D7B6E74038FE1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\login.html"
sh=748B5F6D65D515FDF9133F2C36464E77A7FE59AB ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\offline_help.html"
sh=BA4E17842E4AE8F1DEBA161B4EB29A5CA9AB83B7 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\pin_help.html"
sh=5D825745001A95569C97A92789FD2873D895D7A4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\processing.html"
sh=FE640CB07CF30ABD6BE7888278941D7880176821 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\start.html"
sh=2EACE9D2BA69670CF89613ADE32AA49AA3255143 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\start_no_trials.html"
sh=7D20527527D00005E4AF6B3A30FF55257E43AAE1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\start_right.html"
sh=74C9394B57F109750A2F3607DA2923FB396482D8 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\timeout.html"
sh=2D4BD445CC9FCC4BAE9A54FE48CBFEA73BA49B5B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\en-US\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\caption.html"
sh=C3294193F906378006924761C540D74E2C7B59BC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\end.html"
sh=351626D65345BEADD9778F4F7CE542CDE2FEA747 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\error.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\extracting.html"
sh=40563E50BB48CF7C3B03CE215DAFB47CA861D086 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\going_online.html"
sh=91312BB8C69E856044319C38799D0780B9C37AA2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\login.html"
sh=AD3D01FEECB6D27991A079CB3C9275A0CD798091 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\offline_help.html"
sh=5C75279F74A7D0E1DF84810EA2939B9BED5630BF ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\pin_help.html"
sh=005E13F1DE32F9125F771A302001461FFD2B6838 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\processing.html"
sh=1DEFDA54FFFC44C20B144DF2BBAFA82A000757E3 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\start.html"
sh=2253AFC394BA99A4E327575C4398BC2899749285 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\start_no_trials.html"
sh=4CE7B8E96182B62C1FF9177FED5BAFFC1B465851 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\start_right.html"
sh=CBD5FA03F6612CB889ECC40AC5966CEDB517D425 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\timeout.html"
sh=08AE57962E04DC94032291E79BC9C740B1E029B0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\caption.html"
sh=E5A543C9872A63CCF5D08FCCD5B683E472085668 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\end.html"
sh=4E46C5A372B50D28BF0D86BE1306AD7891ECC4E2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\error.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\extracting.html"
sh=B4E536FE30383C2C9D69F1050753E821C4A5CDC1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\going_online.html"
sh=F729A85A34585039EAA733DB4851EEA4E88290B2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\login.html"
sh=7ADE1F88E8E7C086930D3CB1A50BE166A697B9FE ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\offline_help.html"
sh=735949B6C9E0526DFC839E56B6846044F5914AC1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\pin_help.html"
sh=C188C6D30F99039D8D3B1E8DE6ECF505A7B022BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\processing.html"
sh=4E90D15FB07F3728E8B12A7523E061EADA0DDCE8 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\start.html"
sh=80B4059C2ACD2E34ACA42E431C8296C228A55D3B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\start_no_trials.html"
sh=BACEB468AC3089497C691EAD2DB977CA25A44C7C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\start_right.html"
sh=60E823E7170B36B2B33705617BE8976C5A9A9496 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\timeout.html"
sh=269097A6E1458488CFD169D0FDA10CACCF3DF03C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\es-es\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\caption.html"
sh=0CD6213C8BB4BC1FEDB5FE82EDA192F80D4A3798 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\end.html"
sh=08AE35B2186151F597F109AAAF197BF26A6F94A0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\error.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\extracting.html"
sh=61C1C0B64E741274B9761F0837039526888B3448 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\going_online.html"
sh=5D5E2583DF4667C7BA6B21D3F78BD11E9D7C5C4C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\login.html"
sh=9CDF6CE607297D9F0B551687A9227DDB266049BC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\offline_help.html"
sh=4038378BF6C2731EA083860802164478DE691365 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\pin_help.html"
sh=EEFB90F5A5502CA816AEFD5DD21E6AAF0FC73CEF ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\processing.html"
sh=17D377B110AA81710275978C0C689A2E099C7567 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\start.html"
sh=F8DE1FDE9E09D7B2F687F46D58540F853BA8C9B2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\start_no_trials.html"
sh=48668280398A94612DBD584896D0EDA570AFDDFA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\start_right.html"
sh=3117BCD620B94B2C73FCF8782AA839CC812799A7 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\timeout.html"
sh=41A59BA19B33E03C51BECD75AC24D431F51BFABB ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\fr\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\caption.html"
sh=1B261D69E8735344A780ECD2B1096B03AD63318B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\end.html"
sh=C178E351C019895C87FD759102E0A6E090FA289C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\error.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\extracting.html"
sh=022B998DC7FEB8405B5B669C57BD096DC5B05866 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\going_online.html"
sh=B0C46BC080849659EEF14350C10348CFA5EF39D1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\login.html"
sh=E41534DC62FB224EF966E9440D7E622984D93DCD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\offline_help.html"
sh=CDBAD4BF8397E013E4C423BB02910FF27745E44F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\pin_help.html"
sh=17AB9B49FA51F23467D9FC68C519995FFE072156 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\processing.html"
sh=3D3AC1DACE9BCBA72EEB008D66CCA34EB59BCAE6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\start.html"
sh=8CD33CC9C771EF646DCF7F7F6295C7683D32CFFE ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\start_no_trials.html"
sh=F15878022F48FA6009C31B3C0C4523A335D54642 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\start_right.html"
sh=58DB621166CF55CC93D229594DC5E3E5A2EFDAF9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\timeout.html"
sh=8ABC19846BA4AFEEBAD4186B51603C9581F308B5 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\it\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\caption.html"
sh=69576507AC0A51FEC354E6B1D16C5B4706BBC3D2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\end.html"
sh=1089D890B40FDFFEBEF1B7D36591F91459D10AAE ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\error.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\extracting.html"
sh=677A5ACB285F5D86CFEC1DD8345DCF0AFF7A5595 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\going_online.html"
sh=78B7E84F81CF3CD33B453AAAF1910C6381DF1349 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\login.html"
sh=C80F51C5D0F8475D0786EC5AC28E0DE3694FCC42 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\offline_help.html"
sh=4C7C3647F0227A222C5F8740EFD8D1A77A1BC2E8 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\pin_help.html"
sh=5D10D0EC61AD5C920C1E239366D408577BAF139D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\processing.html"
sh=A280B6B003C05474A59070DAE2C580BC68CF6EEA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\start.html"
sh=B89A698BC1B2698E37EB01EB8D52613435765829 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\start_no_trials.html"
sh=4939A2F48AB18919D42F55CD4D288175EC4C996D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\start_right.html"
sh=B5300E53126B850AC71E677254EA2E9E29D7084F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\timeout.html"
sh=10BFF6209085680C8FE55EE8E8CA8CE369D3863E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\ko\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\caption.html"
sh=A55DEC23DBD502F79C5BCFFC5025429F353AE8E0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\end.html"
sh=18874F1FA19FFB270CBF79AE822721B88CAEEAD3 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\error.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\extracting.html"
sh=8357A26FB8B422863EC1A44E7D1084534958217A ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\going_online.html"
sh=ECFEB829CB4696BA9AB73B17CB1EE127EB155D1A ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\login.html"
sh=BC1F028994BD124140DA67E50B03E63131B94BA6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\offline_help.html"
sh=D3600F85A6E3649A4839F511A3C87916A97728AC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\pin_help.html"
sh=2A512C04CD82B0BCC2CE98E7F7226AA8F2484584 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\processing.html"
sh=9A7FA9E83DD88FC7EA2A29896D04779325B0D76E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\start.html"
sh=2561564BED24CD203BEA610AE577AE02FA4E4D73 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\start_no_trials.html"
sh=34374D0690F9CC892301B3FDCE902DD535C9C3EA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\start_right.html"
sh=FC2AF98CBC86A1C8D560EEED343FAC927FDFB172 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\timeout.html"
sh=989A73AD218C078154E370774DF6282380CEE8FC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\pt\unlock.html"
sh=BA54BBA11188313CE16A13A3FB0EF874675D004D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\wtmui_de\liesmich.html"
sh=C6F256D993855837A5B5EEAD2832F7F95C6EF0DF ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\wtmui_default\readme.html"
sh=BC22ABAA4690DD9FBE877DB24ECAB774F4EA76D8 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\wtmui_es\leeme.html"
sh=BF0B4DD8E205F337FB76ED10FE740BF4C0D38FE1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\wtmui_fr\Lisez-moi.html"
sh=5776F7816E5BD9F10BBD4A97BFF38F339E7A4539 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\wtmui_it\leggimi.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\caption.html"
sh=96F84DF570693E3D6DA1D8CE712A749C677DC7D9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\end.html"
sh=CF51DAD93CDAC739E876D022C13A2C17E2D5B81F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\error.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\extracting.html"
sh=91182F428A1E25EEBDE3BD1583E674EE69B63D58 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\going_online.html"
sh=FBA25B90117034FE067404415ADFD9754E18B474 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\login.html"
sh=304D291263463EDD5FC27E56B6C908A9410D7A0F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\offline_help.html"
sh=B7BA1752D3971B064BF600C7E41AEE9B9D7D3C3B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\pin_help.html"
sh=20AFABB8C8E5E82EFE08AB8A1FAFEDC4331367A6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\processing.html"
sh=63C92D4ACDF6637BF473D0A1EAF606565951FE19 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\start.html"
sh=D44D2C4DA316584F4736027EAB5D9DC872EA2049 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\start_no_trials.html"
sh=25E53EDD5F40E8CB82B99F2032C2BEB121C4A727 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\start_right.html"
sh=ECB44F3AE81391234153A92EBF6DCC1BC70D18FD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\timeout.html"
sh=B974361DD2A67DB6CD4E31F34D45089695C578B9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh\unlock.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh-CN\caption.html"
sh=0BE0331077DAA6AA6808B10EA40C264A32622E7D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh-CN\end.html"
sh=9E79C1F0DFAB386C134A650DBE6A8ACA9B67EAE5 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh-CN\error.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh-CN\extracting.html"
sh=B4198110ABF388717B8C8DF72D52117D32365BA0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh-CN\going_online.html"
sh=0F0D1797B24708397F1120B928CC24FAD07948DC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh-CN\offline_help.html"
sh=9D3E69D70373F1BA5DC054715D2E66F33B804ABC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\zh-CN\start.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\es\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\es-es\caption.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Polar Bowler\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Slingo Deluxe\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Tales of Lagoona\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Torchlight\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Wedding Dash\zh-CN\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\de\caption.html"
sh=495EB9FB51B600141D2AA89B66D3703701D4FAE4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\de\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\en-US\caption.html"
sh=E0187A3F843136FB48DE1B7C0AD54C7AAB9116C9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\en-US\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\es\caption.html"
sh=F27F37BA73BD16B46B76F5976E049BC39DB23DA9 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\es-es\caption.html"
sh=A482FA693E7FE23F991CA82C2212185ED7375F71 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\es-es\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\fr\caption.html"
sh=D828B119D10786C9312EA0FEFF089593F9C85656 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\fr\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\it\caption.html"
sh=F7574F0F36F1ED6D982696DD755CDA73E1BA101B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\it\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\ko\caption.html"
sh=444683D78F19ECE865E7CE289A29E013DBA9ECAA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\ko\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\pt\caption.html"
sh=F4F806C7CF18A088F54645C960F6F39F30138FB0 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\pt\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\zh\caption.html"
sh=F1B5BA0A5656ADB7844E27CAF18E24E007D6A61E ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\zh\extracting.html"
sh=D32E71A1ADBE10E72E1F4934E4EF2D57F54AC8E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\zh-CN\caption.html"
sh=A1CFE38E8BD32C2B1D91A61E6D6BD7EBC95A38BD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Acer Games\Zuma Deluxe\zh-CN\extracting.html"
sh=E849F00E62F86B2574D13EFAB760DF9AFCB2E145 ft=1 fh=24a3f53dccb74aa9 vn="Variante von Win32/Techsnab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll"
sh=FFC57D365E593228DCB686402536DD66B1D0ED15 ft=1 fh=3c119b0bfde3808c vn="Variante von Win32/Techsnab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe"
sh=2DCC051E4CE3724E36CA0F6B756823317F023996 ft=1 fh=22694afbc34cdf3b vn="Variante von Win32/Techsnab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe"
sh=BAB58F7F0B072578ADBFD93DD8098CBDA4530A5C ft=1 fh=92e92e339c07c166 vn="Variante von Win32/Techsnab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll"
sh=C107EF3AF2AEF62E07D9F456EB446B9B5E812FAB ft=1 fh=5ce9beb3c0a9f707 vn="Variante von Win32/Techsnab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll"
sh=4AE47BD616260A154760048A0F80799E9FEF3EA2 ft=1 fh=40caa7e00aa91efb vn="Variante von Win32/Techsnab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe"
sh=ED8E5BB441444E450700F2EEB8153B4B68FA5E1E ft=1 fh=7bfec8fee6bd0e35 vn="Variante von Win32/Techsnab.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe"
sh=5C5B28CF2242E886DAB4CC90744DA41E485CCFDC ft=1 fh=8806f5648674ec74 vn="Variante von Win32/Toolbar.MyWebSearch.W evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll.vir"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe.vir"
sh=42CE8151701D304F90C50D93382EC8F956596672 ft=1 fh=a679a919f9f3ac66 vn="Variante von Win32/AdWare.iBryte.AX Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nik\AppData\Roaming\setup.exe.vir"
sh=51F279198CFE74D7693F3AA4513AE371E077D415 ft=1 fh=ce9a44ddd6a6b070 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Nik\Videos\SoftonicDownloader_fuer_nosgba.exe.vir"
sh=F3214533B5D04D4F9BD0D36DBB8C74C16953FB30 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\denoise.html"
sh=85A8DCB023C4ED1CD9340D1313A4372CBD85B50F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\denoise_iframe.html"
sh=BF8C6E97F30E3A77C4F1BD89E4D828907A6023F2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\dolby.html"
sh=13C08E5787450EFC6DB08CEED9F71BBFA2436DDF ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\hwdec.html"
sh=EB0546D48D36C0C24F007673434D794C5DEE114A ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\hwenc.html"
sh=FE59F6EE65BA95398FBD5FF087222E3479BCBB44 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\import.html"
sh=8723C83D2A26513904D050ACA8F691D04CBF0DBF ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\import_audio.html"
sh=85A8DCB023C4ED1CD9340D1313A4372CBD85B50F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\import_audio_iframe.html"
sh=57D34016C7B32A0BEE289834BD0361A8A9DF09C1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\lighting.html"
sh=85A8DCB023C4ED1CD9340D1313A4372CBD85B50F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\lighting_iframe.html"
sh=85A8DCB023C4ED1CD9340D1313A4372CBD85B50F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\POU_iframe.html"
sh=4AF49A728C89CFE8B663B51CFD28AA8E974EE56C ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\profile.html"
sh=8214E1FCB68761E5735B11B4500238F5368F0D7D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\resolutions.html"
sh=485D145714AC8EC94D935AA8916BA21548A083F5 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\ttdenoise.html"
sh=85A8DCB023C4ED1CD9340D1313A4372CBD85B50F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\ttdenoise_iframe.html"
sh=AADD2220EC81FF922AD209DC63606BD13007284F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\tthd.html"
sh=85A8DCB023C4ED1CD9340D1313A4372CBD85B50F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\tthd_iframe.html"
sh=EA17A153944BEBD47376D9B712C90F75074205B1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\ttlighting.html"
sh=85A8DCB023C4ED1CD9340D1313A4372CBD85B50F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\CyberLink\MediaEspresso\6.5\promotion\DEU\ttlighting_iframe.html"
sh=2FC2D64FEDCFACE2E4FD0B06C6F4711389E788E6 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\Bing Bar Settings_ac63306dfaef4dd89310251954aea031\7.0.765\GlobalSettings.html"
sh=80615B42B2FC0A00EC1376E0A1AD4EA737D74DD2 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\Error Application_6685fcaddd1644138dfc117bdf47c3e6\7.0.765\error.html"
sh=37AE453355965C63A1AD60C1FA70F44937318BAD ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.0.765\facebooklike.html"
sh=D5A6C8DD3AFC96D8D77DD5D54E854389DFF57B3B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.0.765\facebook.html"
sh=66D27E402FFB05C80282DFE76DAF34DD571E889B ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\MAARJewel_6e63e04e0d414ffea37b34d0344815ae\7.0.766\jewel.html"
sh=2C4E3E420D76000F748E4348FAEEE2DF0DAAE6F1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.0.765\mail.html"
sh=582ED5372887DEDC239C104F086B0CADECFEBB21 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\Maps_e4b69397ea59436c9d8611b45fdb79f9\7.0.765\maps.html"
sh=53D35D0E280D1DB61718AEBA675C46429839C50D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\BingBar\Apps\Weather_63630244a02f4e4cb6cb9b09b2f886f3\7.0.765\weather.html"
sh=596935FDBB11B7C116F97B6CAD2575E54DCF8961 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm"
sh=DB0DC8FEEAFE9AE856B8DDC3E24DCCEBD6187E5F ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm"
sh=60E52A41A1B35C4F8DBD34F61C3FF770BD75FF2D ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm"
sh=4314F1E27DFF3A282BA654ADF83F2ABCEA95E6EC ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm"
sh=E36AC9D61B039501094B1546FC5BA7CB9C71735A ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm"
sh=7987E8C3237F6D7608F8F1AB871D080ACE35C56A ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm"
sh=6D2681AFE5151B99303AF3583183438FF495E068 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm"
sh=43A83E076058A230E5E4EDED331F29F35C0664D1 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm"
sh=46882A0593808827DDA35C7689F4F4A8E9D70CDA ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm"
sh=63FAF062A36F70122B31FA5946E89ADCB84D41A4 ft=0 fh=0000000000000000 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm"
sh=08467794F54FB143423C28762E9AC2A1DD9D0D8A ft=1 fh=a355946c37795057 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\AppData\Local\Temp\tbDVDV.dll"
sh=27502E7289FA04B60B3FA9242F9FD4EF5488196F ft=1 fh=66c795aaabdd0bbc vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Roaming\.minecraft\bin\natives\jinput-dx8.dll"
sh=A6D383A9A3EA369741473A27E4E62E3E528451A4 ft=1 fh=66c795aa3d2d9148 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Roaming\.minecraft\bin\natives\jinput-raw.dll"
sh=722DB441B5B0B7BD5E04E421C67044173FE68801 ft=1 fh=66c795aa8e95122d vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Roaming\.minecraft\bin\natives\lwjgl.dll"
sh=E1D4D0F66F8FF100D1C604131A90B90CD3411C2D ft=1 fh=66c795aaec36ca28 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Users\Nik\AppData\Roaming\.minecraft\bin\natives\OpenAL32.dll"
sh=41B5679706C5F7E25A0BC394950929282F3DEA87 ft=1 fh=5afbbf87309a6083 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Desktop\readmes\Holdem Manager 2\fastfold.dll"
sh=0F2D7802242E8A9122AD3DB1BC79C12F2E2B944E ft=1 fh=8af067ddec49a2c6 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Desktop\readmes\Holdem Manager 2\iPokerCommunicator.hm2"
sh=23D2715A1EF6EE5B83D56CF086987E6422126904 ft=1 fh=405d6d36f28e9fd8 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Desktop\readmes\Holdem Manager 2\PartyCommunicator.hm2"
sh=256504ACAAB94D192A6E55387B1A46F8A5384C5E ft=1 fh=2c72850585b16fc2 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Desktop\readmes\Holdem Manager 2\StarsCommunicator.hm2"
sh=2C60C92B555DF0336062AC12915E8F9EBD3AFDFF ft=1 fh=a8e03131d11db690 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Desktop\readmes\Holdem Manager 2\TiltCommunicator.hm2"
sh=555E61DEE16612C56BF87C209B7C37088CB395EA ft=1 fh=dea2334fc8e7092d vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\8219_HoldemManager2Setup.exe"
sh=B3F76FB12066DC4F51780F3F9DABA5A9018F359F ft=1 fh=70d549a263d539ed vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\debutpsetup_1.82.exe"
sh=429837C10452C1C26AC9CD26D7B1C186A8A54429 ft=1 fh=6680d037c9d5d482 vn="NSIS/TrojanDownloader.Adload.AB Trojaner" ac=I fn="C:\Users\Nik\Downloads\FLVPlayer-Chrome (1).exe"
sh=FC0881B4CFA752E2EA05629766C7D1039F0D9D98 ft=1 fh=692bce2566b721c0 vn="NSIS/TrojanDownloader.Adload.AB Trojaner" ac=I fn="C:\Users\Nik\Downloads\FLVPlayer-Chrome.exe"
sh=3C80C6A5C2E01803F1132A6B1BBC846FCAC25C71 ft=1 fh=eb23a3a716e305cd vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\Free PDF to Word Doc Converter - CHIP-Downloader.exe"
sh=C2E1261EF0FB54C9ED6DA67C0F3336318013919B ft=1 fh=366b8bfd3666840c vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\FreeVideoConverterSetup.exe"
sh=81734A29A83C8E5140B98A89218623B93601B6A2 ft=1 fh=fd8186eec8a88d5c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\FreeYouTubeToiPodConverter_3.10.32.918.exe"
sh=D3AB380887A1ABF98EFB0CFB39455381AA918339 ft=1 fh=3f08c45ad7ed1202 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\FreeYouTubeToiPodConverter_3.10.37.1212.exe"
sh=3250046EC4C77AF1D19D1126AE12DD3F115DF20F ft=1 fh=ebc33c2e9b633db8 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\gimp-2.8.6-setup - CHIP-Downloader.exe"
sh=A1A20BA6BC3CD893410FCC19D8443EEB39413E0D ft=1 fh=39f10edabe958761 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\Luminance HDR - CHIP-Downloader.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\PDFCreator-1_7_2_setup.exe"
sh=8D2A9E163F07334EA15254C9E48361EDEE3A6A9C ft=1 fh=ab707b389babb24a vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Nik\Downloads\PT-Install-v4.11.11.exe"
sh=5FC035FE763CBC7B209F8709327E3979A75E0303 ft=1 fh=c2bfb2c21f4e9d45 vn="Variante von Win32/AdWare.iBryte.AR Anwendung" ac=I fn="C:\Users\Nik\Downloads\Setup (1).exe"
sh=EEB4D6CC0E8383DE156DCF18D1B5938285597B15 ft=1 fh=f080ad1c6747f9a7 vn="Variante von Win32/AdWare.iBryte.AR Anwendung" ac=I fn="C:\Users\Nik\Downloads\Setup (2).exe"
sh=ACB6E77DDE8CDA0F36FE46F001318D614ECE3512 ft=1 fh=f7904160209e2928 vn="Variante von Win32/AdWare.iBryte.AR Anwendung" ac=I fn="C:\Users\Nik\Downloads\Setup (3).exe"
sh=F61AAB3E0DA799F7F19AA0D7DBBA53A2D156AF3F ft=1 fh=6380986776aff605 vn="Variante von Win32/AdWare.iBryte.AR Anwendung" ac=I fn="C:\Users\Nik\Downloads\Setup.exe"
SecurityCheck-Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.91 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 2.0.3.1025 Java 7 Update 71 Adobe Flash Player 15.0.0.239 Adobe Reader 10.1.0 Adobe Reader out of Date! Mozilla Firefox (33.1.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Vielen Dank nochmal für die Hilfe! |
|
30.11.2014, 23:43
| #10 |
| | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) und hier noch der FRST-Log, weil die erste Nachricht sonst zu lange gewesen wäre... Code:
ATTFilter FRST-Log: FRST Logfile: |
|
01.12.2014, 20:48
| #11 |
| /// the machine /// TB-Ausbilder | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) BEvor wir jetzt irgendwas machen: Du siehst ja im ESET log alle die Dateien die anegblich mit Ramnit infiziert sind. Schnapp dir davon mal 4 oder 5, und lass sie bei www.virustotal.com scannen. POste hier wieviele Scanner angeschlagen haben.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.12.2014, 20:58
| #12 |
| | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Ich habs grad bei fast 15 Dateien probiert, aber es kommt die Meldung, dass ich nicht die Rechte habe, diese Scannen zu lassen...und sobald ich auf eine infizierte Datei klicke, schlägt Avira Alarm und will diese löschen... |
|
02.12.2014, 17:43
| #13 |
| /// the machine /// TB-Ausbilder | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Was sagt Avira genau? Screenshot?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.12.2014, 20:02
| #14 |
| | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Hier: |
|
03.12.2014, 11:57
| #15 |
| /// the machine /// TB-Ausbilder | Werbung aller Art bei Google Chrome zu sehen (Notificatoin) Das wären dann schon 2 AV Programm die Ramnit finden. Option 1: Avira beenden, dann die Dateien bei virustotal scannen Option 2: Hin nehmen dass es Ramnit ist. Das bedeutet keine Daten sichern ausser Texte und Bilder, Rechner und alle externen Medien komplett formatieren und neu aufsetzen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
