Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded Word.doc with HANCITOR/PONY MALSPAM


  • This topic is locked This topic is locked
32 replies to this topic

#1 Kaninchen

Kaninchen

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 09 February 2017 - 05:21 AM

Hello,

 

I received a email that I got a fax message. I opened the link and there was a word doc with macros but no content.

Too late I entered the first part of the link (http://naemura-fuel.co.jp) in google and found the following: http://www.malware-traffic-analysis.net/2017/02/07/index.html

Since in this description is exactly decribed what I did, I am infected with hancitor and mypony, I think.

 

This was yesterday (February 08, 2017) between 15:00 and 15:15.

 

I did not restart the computer since then. I run serveral anti virus programs, one told me that there is another trojan dmr72.exe in the users AppData local Temp DMR directory (if this is true, this should be delted too?) but they did not find it, however, since I did not resart the computer since then, I think it might be still coming.

 

I found the thread "Infected with Pony downloader and Vawtrak by .doc hancitor injection." Started by Bateson , Jan 31 2017 03:05 PM who seems to have had the same problem.

 

Can you please help me? Very many thanks!

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
durchgeführt von XXXXX (Administrator) auf XXX (09-02-2017 09:31:49)
Gestartet von C:\Users\XXXX\Downloads
Geladene Profile: XXXXX & UpdatusUser (Verfügbare Profile: WGuenther & Administrator & UpdatusUser & CairoH)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
() C:\Program Files (x86)\Sierra Wireless Inc\Lenovo MBIM Toolkit\FirmwareUpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
() C:\Program Files (x86)\Sierra Wireless Inc\Lenovo MBIM Toolkit\FirmwareApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe

Attached Files


Edited by olgun52, 23 February 2017 - 07:27 AM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 09 February 2017 - 09:03 AM

Hello Kaninchen and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
    
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

Your FRST.txt report looks incomplete.
Please check again.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Kaninchen

Kaninchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 09 February 2017 - 09:47 AM

Hello Yilmaz,

 

thank you for taking the time helping me! Sorry, here is the complete logfile:

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
durchgeführt von xxxx(Administrator) auf xxxx (09-02-2017 09:31:49)
Gestartet von C:\Users\xxxx\Downloads
Geladene Profile: xxxxxx & UpdatusUser (Verfügbare Profile: xxxxxx & Administrator & UpdatusUser & CairoH)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
() C:\Program Files (x86)\Sierra Wireless Inc\Lenovo MBIM Toolkit\FirmwareUpdaterService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
() C:\Program Files (x86)\Sierra Wireless Inc\Lenovo MBIM Toolkit\FirmwareApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Password Manager\password_manager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(LIB-IT DMS GmbH) C:\Program Files (x86)\LIB-IT DMS GmbH\FILERO Client v. 9.0 (All Users)\FILERO Client.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Lenovo) C:\Users\xxxxx\AppData\Local\Apps\2.0\RE36BGE3.Z2V\JWOP3HX8.KYJ\lsb...tion_2d7b41b05b24775e_0001.0006_4ccd0b1bea5227ca\LSB.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\verclsid.exe
(Microsoft Corporation) C:\Windows\SysWOW64\verclsid.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett Packard) C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe
(Lenovo) C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MessageCenterPlus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [296648 2015-09-29] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [70672 2016-06-23] (Lenovo)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-02-25] (NVIDIA Corporation)
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [4013056 2014-08-17] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM\...\Run: [PasswordManager] => C:\Program Files\Lenovo\Password Manager\password_manager.exe [1792800 2014-10-21] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874984 2016-06-17] (Synaptics Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-03] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [733936 2013-07-02] (Lenovo)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313656 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2710090503-2485011656-832934822-1140\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1790616 2016-10-13] (Lavasoft)
HKU\S-1-5-21-2710090503-2485011656-832934822-1140\...\MountPoints2: {00c7fc6f-2499-11e4-9454-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [185816 2015-12-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164008 2015-12-22] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\xxxxxxx\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\xxxxx\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\xxxxxx\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\xxxxxx\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\xxxxxx\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\xxxxx\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FILERO Client.lnk [2014-09-17]
ShortcutTarget: FILERO Client.lnk -> C:\Windows\Installer\{1C2644EC-53C8-4949-9E36-1DFC1C81BC45}\_642771441F8A3E9EDBB7DA.exe ()
GroupPolicy: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-10-13] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-10-13] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.5 192.168.0.20
Tcpip\..\Interfaces\{54714CDB-A0EB-4A1C-BC2D-8E06CC6A9CA5}: [DhcpNameServer] 192.168.0.5 192.168.0.20
Tcpip\..\Interfaces\{9115EF35-0893-498C-8115-C8B046FE8D31}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-2710090503-2485011656-832934822-1140\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D101316-A8D15A5DDE3&form=CONMHP&conlogo=CT3335578
HKU\S-1-5-21-2710090503-2485011656-832934822-1140\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-2710090503-2485011656-832934822-1140\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2710090503-2485011656-832934822-1140 -> DefaultScope {2295B41E-F435-47A0-B13F-03A739B87D4B} URL =
SearchScopes: HKU\S-1-5-21-2710090503-2485011656-832934822-1140 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101316-A8D15A5DDE3&form=CONBDF&conlogo=CT3335578&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default [2017-02-09]
FF NewTab: Mozilla\Firefox\Profiles\cbgp5vhf.default -> hxxp://www.bing.com/?pc=COSP&ptag=D101316-A8D15A5DDE3&form=CONMHP&conlogo=CT3335578
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cbgp5vhf.default -> Bing®
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\cbgp5vhf.default -> Bing®
FF Homepage: Mozilla\Firefox\Profiles\cbgp5vhf.default -> hxxp://192.168.0.35/csp/filero/
FF Extension: (Avira Browser Safety) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\abs@avira.com.xpi [2016-11-22]
FF Extension: (Cliqz) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\cliqz@cliqz.com.xpi [2017-02-03]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-10-17]
FF Extension: (Mailvelope) - C:\Users\xxxxr\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2017-01-17]
FF Extension: (PAYBACK Internet Assistent) - C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\toolbar-ff@payback.de-sh.xpi [2016-09-29]
FF Extension: (FireShot) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-08-30]
FF Extension: (Flagfox) - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-01-17]
FF Extension: (Adblock Plus) - C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF SearchPlugin: C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\searchplugins\bing-lavasoft.xml [2016-10-13]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2017-01-27] [ist nicht signiert]
FF HKU\S-1-5-21-2710090503-2485011656-832934822-1140\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\extensions\cliqz@cliqz.com => nicht gefunden
FF HKU\S-1-5-21-2710090503-2485011656-832934822-1140\...\Firefox\Extensions: [{F74D5734-46F5-4B16-96F0-1E7FBF41B750}] - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12
FF Extension: (ThinkVantage Password Manager) - C:\Program Files (x86)\Lenovo\Password Manager\PWM Firefox Extension\2.0b12 [2017-01-31] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\xxxxx\AppData\Local\Google\Chrome\User Data\Default [2016-10-13]
CHR Extension: (Kein Name) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\xxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-13] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [569344 2015-07-31] (REINER SCT)
R2 connect2hotspot; C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe [100680 2016-12-23] (Lenovo)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [140016 2013-07-02] (Lenovo)
R2 FirmwareUpdaterService; C:\Program Files (x86)\Sierra Wireless Inc\Lenovo MBIM Toolkit\FirmwareUpdaterService.exe [22016 2014-01-09] () [Datei ist nicht signiert]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [Datei ist nicht signiert]
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2048720 2015-11-13] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-11-13] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [851152 2015-11-13] (AnchorFree Inc.)
S2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130664 2015-03-12] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [354280 2016-11-15] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Datei ist nicht signiert]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-03] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-10-13] (Lavasoft Limited)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197320 2015-09-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [114632 2015-07-13] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [711256 2016-11-01] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [Datei ist nicht signiert]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [Datei ist nicht signiert]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-11] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-11] (Lenovo Group Limited)
S3 ShareItSvc; C:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [31176 2016-01-20] (SHAREit Technologies Co.Ltd)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2017-02-08] (Enigma Software Group USA, LLC.)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-01-18] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [88400 2015-12-06] (Synaptics Incorporated)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25240 2016-10-13] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-13] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-08-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-19] (Avira Operations GmbH & Co. KG)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [36112 2015-03-23] (REINER SCT)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [519680 2015-12-08] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2017-02-08] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S3 Fastboot; C:\Windows\System32\DRIVERS\fastboot.sys [56048 2013-07-02] (Windows ® Win 7 DDK provider)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB.sys [19968 2014-01-09] (Intel Mobile Communications)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-12-23] (AnchorFree Inc.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-15] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [246512 2015-01-22] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100824 2013-12-03] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3423496 2016-10-20] (Intel Corporation)
R1 OMNISMI; C:\Windows\SysWOW64\drivers\omnismi.sys [14776 2014-03-31] ()
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [41576 2016-06-17] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv64.sys [748704 2016-07-01] (Sunplus Innovation Technology Inc.)
S3 SWMBIM; C:\Windows\System32\DRIVERS\SWMBIM01.sys [112920 2014-01-09] (Smith Micro Software, Inc.)
R3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [51352 2015-06-03] (Generic)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-12-23] (Anchorfree Inc.)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-09 09:31 - 2017-02-09 09:35 - 00033610 _____ C:\Users\xxxxx\Downloads\FRST.txt
2017-02-09 09:30 - 2017-02-09 09:31 - 00000000 ____D C:\FRST
2017-02-09 09:30 - 2017-02-09 09:30 - 02421248 _____ (Farbar) C:\Users\xxxxx\Downloads\FRST64.exe
2017-02-08 16:22 - 2017-02-08 16:22 - 00881904 _____ (Plumbytes Software) C:\Users\xxx\Downloads\antimalwaresetup.exe
2017-02-08 16:22 - 2017-02-08 16:22 - 00604928 _____ (Reimage) C:\Users\xxxx\Downloads\ReimageRepair.exe
2017-02-08 15:44 - 2017-02-08 15:44 - 00000000 _____ C:\autoexec.bat
2017-02-08 15:43 - 2017-02-08 15:43 - 00003332 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2017-02-08 15:43 - 2017-02-08 15:43 - 00001098 _____ C:\Users\xxxx\Desktop\SpyHunter.lnk
2017-02-08 15:43 - 2017-02-08 15:43 - 00000000 ____D C:\Users\xxxx\AppData\Roaming\Enigma Software Group
2017-02-08 15:43 - 2017-02-08 15:43 - 00000000 ____D C:\sh4ldr
2017-02-08 15:42 - 2017-02-08 15:42 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\wguenther\Downloads\SpyHunter-Installer(1).exe
2017-02-08 15:42 - 2017-02-08 15:42 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2017-02-08 15:42 - 2017-02-08 15:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-02-08 15:41 - 2017-02-08 15:41 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\wguenther\Downloads\SpyHunter-Installer.exe
2017-02-08 13:09 - 2017-02-08 13:09 - 11768860 _____ C:\Users\xxxx\Desktop\Documents\Berufungsbegründung_Hottgenroth_2016-12-14.pdf
2017-02-08 12:29 - 2017-02-08 12:29 - 00155591 _____ C:\Users\xxxx\Downloads\Leistungsbeschreibung_juris_Spectrum.pdf
2017-02-08 11:11 - 2017-02-08 12:21 - 00039136 _____ C:\Users\xxxx\Desktop\Documents\Sicherungskopie von Shareholder Agreement_2017-02-08.wbk
2017-02-08 10:37 - 2017-02-08 11:47 - 00036904 _____ C:\Users\xxxx\Desktop\Documents\Sicherungskopie von Shareholder AGREEMENT.wbk
2017-02-08 10:27 - 2017-02-08 10:27 - 00037179 _____ C:\Users\xxxx\Downloads\WERTPAPIER-JAHRESDEPOTAUSZUG_428416726_dat20161231_id599532729.pdf
2017-02-08 10:27 - 2017-02-08 10:27 - 00026412 _____ C:\Users\xxxx\Downloads\UMTAUSCH_AUSGANG_428416726_ord22178103_wknA1JRZM_dat20170125_id599666190.pdf
2017-02-07 17:04 - 2017-02-07 17:04 - 00051270 _____ C:\Users\xxxx\Downloads\trt_madridp_gp_001en.pdf
2017-02-07 17:02 - 2017-02-07 17:02 - 00630668 _____ C:\Users\xxxx\Downloads\partb2.pdf
2017-02-07 16:59 - 2017-02-07 17:00 - 00528963 _____ C:\Users\xxxx\Downloads\madrid_2014_23.pdf
2017-02-07 16:59 - 2017-02-07 16:59 - 00482744 _____ C:\Users\xxxx\Downloads\making_the_most_of_the_madrid_system_mm_forms.pdf
2017-02-07 16:57 - 2017-02-07 16:57 - 00710806 _____ C:\Users\xxxx\Downloads\pct_regs.pdf
2017-02-07 16:57 - 2017-02-07 16:57 - 00127181 _____ C:\Users\xxxx\Downloads\m8940.pdf
2017-02-07 16:27 - 2017-02-07 16:27 - 00922904 _____ C:\Users\xxxx\Desktop\Documents\Compliance_Stuttgart_2017-02-07.pptx
2017-02-07 16:02 - 2017-02-07 16:02 - 00414025 _____ C:\Users\xxxx\Desktop\Documents\Compliance_Stuttgart_2017-02-07.pdf
2017-02-07 13:53 - 2017-02-07 13:53 - 00445324 _____ C:\Users\xxxx\Downloads\FLT_P7ABMH37848_0.pdf
2017-02-07 13:31 - 2017-02-07 16:26 - 00922904 _____ C:\Users\xxxx\Desktop\Compliance_Stuttgart_2017-02-07.pptx
2017-02-07 13:28 - 2017-02-07 13:28 - 01342003 _____ C:\Users\xxxx\Downloads\Firmengruendung_in_den_USA-data.pdf
2017-02-07 13:28 - 2017-02-07 13:28 - 00111720 _____ C:\Users\xxxx\Downloads\delawarehandb.pdf
2017-02-07 13:12 - 2017-02-07 13:12 - 00199624 _____ C:\Users\xxxx\Downloads\Article-ZurInformation-DieFuhrung_einer_U_S_-Corporation-Spring-Fruling2013.pdf
2017-02-07 13:12 - 2017-02-07 13:12 - 00148292 _____ C:\Users\xxxx\Downloads\Merkblatt_Gruendung_USA-data.pdf
2017-02-07 13:01 - 2017-02-07 13:01 - 00983706 _____ C:\Users\xxxx\Desktop\Documents\Schreiben_des_LG_Darmstadt_2017-02-01_nebst_Widerklage_2017-01-30.pdf
2017-02-07 12:40 - 2017-02-07 12:40 - 00123934 _____ C:\Users\xxxxx\Desktop\Documents\DPMAregister _ Marken - compliant sourcinge.pdf
2017-02-07 11:55 - 2017-02-07 11:55 - 00114467 _____ C:\Users\xxxxxx\Downloads\Unbenannt.PDF - Adobe Acrobat Pro.pdf
2017-02-07 10:12 - 2017-02-07 10:12 - 00064845 _____ C:\Users\xxxxx\Desktop\Documents\Schriftsatz_an_OLG_Hamburg_2017-02-07.pdf
2017-02-07 09:37 - 2017-02-07 09:37 - 00175296 _____ C:\Users\xxxxx\Desktop\Documents\Sicherungskopie von IKB_2017-02-07.wbk
2017-02-06 17:03 - 2017-02-06 17:03 - 00029582 _____ C:\Users\xxxxxx\Downloads\DIVIDENDENGUTSCHRIFT_428416726_wkn750000_dat20170201_id602169335(1).pdf
2017-02-06 17:02 - 2017-02-06 17:03 - 00613642 _____ C:\Users\xxxxx\Desktop\Documents\Vergaberecht_ifm_2017-03-13_14.pptx
2017-02-06 16:55 - 2017-02-06 16:55 - 00444912 _____ C:\Users\xxxxxx\Downloads\WICHTIGE_MITTEILUNG_dat20170127_id601106706(2).pdf
2017-02-06 16:38 - 2017-02-06 16:38 - 00127235 _____ C:\Users\xxxxx\Downloads\TERMINANSCHREIBEN_428416726_wknA2DLK8_dat20170206_id602872182(1).pdf
2017-02-06 16:38 - 2017-02-06 16:38 - 00028824 _____ C:\Users\xxxxx\Downloads\VERK_TEIL-_BEZUGSR_428416726_ord107273844_001_wknA2DJV6_dat20170203_id602779020.pdf
2017-02-06 16:38 - 2017-02-06 16:38 - 00028824 _____ C:\Users\xxxxx\Downloads\VERK_TEIL-_BEZUGSR_428416726_ord107273844_001_wknA2DJV6_dat20170203_id602779020(1).pdf
2017-02-06 16:37 - 2017-02-06 16:37 - 00032586 _____ C:\Users\xxxxx\Downloads\WERTPAPIER-JAHRESDEPOTAUSZUG_468092090_dat20161231_id599914209.pdf
2017-02-06 16:37 - 2017-02-06 16:37 - 00026411 _____ C:\Users\xxxx\Downloads\UMTAUSCH_AUSGANG_428416726_ord22173824_wknA1JRZM_dat20170125_id599404140.pdf
2017-02-06 16:37 - 2017-02-06 16:37 - 00026372 _____ C:\Users\xxxxx\Downloads\UMTAUSCH_EINGANG_428416726_ord22178103_wknA2DJV6_dat20170125_id599666191.pdf
2017-02-06 16:37 - 2017-02-06 16:37 - 00026367 _____ C:\Users\xxxxx\Downloads\UMTAUSCH_EINGANG_428416726_ord22173824_wknA2DJV6_dat20170125_id599404141.pdf
2017-02-06 16:36 - 2017-02-06 16:36 - 00444912 _____ C:\Users\xxxx\Downloads\WICHTIGE_MITTEILUNG_dat20170127_id601106706(1).pdf
2017-02-06 16:36 - 2017-02-06 16:36 - 00026380 _____ C:\Users\xxxxx\Downloads\UMTAUSCH_EINGANG_428416726_ord22188665_wknA2DKCH_dat20170127_id600940033.pdf
2017-02-06 16:35 - 2017-02-06 16:35 - 00029095 _____ C:\Users\xxxxx\Downloads\VERK_TEIL-_BEZUGSR_428416726_ord107246378_001_wknA2DKCH_dat20170203_id602779019.pdf
2017-02-06 16:35 - 2017-02-06 16:35 - 00026368 _____ C:\Users\xxxxx\Downloads\WERTPAPIER_EINGANG_428416726_ord22239015_wknA2DLK8_dat20170206_id602831379.pdf
2017-02-06 16:34 - 2017-02-06 16:34 - 00127235 _____ C:\Users\xxxxxx\Downloads\TERMINANSCHREIBEN_428416726_wknA2DLK8_dat20170206_id602872182.pdf
2017-02-06 16:34 - 2017-02-06 16:34 - 00026369 _____ C:\Users\xxxxx\Downloads\WERTPAPIER_EINGANG_428416726_ord22239016_wknA2DLK8_dat20170206_id602831380.pdf
2017-02-06 14:44 - 2017-02-06 15:50 - 00613648 _____ C:\Users\xxxx\Desktop\Vergaberecht_ifm_2017-03-13_14.pptx
2017-02-06 11:01 - 2017-02-06 11:16 - 00032768 _____ C:\Users\xxxxx\Desktop\Documents\Kopie von Abrechnung_WG_01-2017.xls
2017-02-06 10:50 - 2017-02-06 10:50 - 00329833 _____ C:\Users\xxxx\Desktop\Documents\Schriftsatz_an_OLG_Hamburg_2017-02-06.pdf
2017-02-06 09:49 - 2017-02-06 09:49 - 00186942 _____ C:\Users\xxxx\Downloads\PREZZI-2017(1).pdf
2017-02-06 09:44 - 2017-02-06 09:44 - 00779316 _____ C:\Users\xxxx\Desktop\Documents\Recherche_DIVA_ITALY__2017-02-06.pdf
2017-02-06 09:40 - 2017-02-06 09:40 - 00075852 _____ C:\Users\xxxxx\Downloads\Musikgarten-Vertrag MuGa 1_Bahnstadt, Februar 2017_15.00.pdf
2017-02-03 16:40 - 2017-02-03 16:57 - 01837008 _____ C:\Users\xxxx\Desktop\Documents\Sicherungskopie von MM6_Änderungen_WIPO_Korea.wbk
2017-02-03 16:15 - 2017-02-03 16:15 - 00186942 _____ C:\Users\xxxxx\Downloads\PREZZI-2017.pdf
2017-02-03 14:23 - 2017-02-03 14:23 - 00058605 _____ C:\Users\xxxx\Desktop\Documents\Online Text-Übersetzer Koreanisch-Deutsch_2.pdf
2017-02-03 14:22 - 2017-02-03 14:22 - 00079149 _____ C:\Users\xxxx\Desktop\Documents\Online Text-Übersetzer Koreanisch-Deutsch.pdf
2017-02-03 11:54 - 2017-02-03 11:54 - 00761134 _____ C:\Users\xxxxx\Downloads\TrademarkAct.pdf
2017-02-03 10:46 - 2017-02-03 10:46 - 00555033 _____ C:\Users\xxxxx\Downloads\ALLGEMEINE_KUNDENINFORMATION_dat20170131_id601109154(1).pdf
2017-02-03 10:46 - 2017-02-03 10:46 - 00444912 _____ C:\Users\xxxxxx\Downloads\WICHTIGE_MITTEILUNG_dat20170127_id601106706.pdf
2017-02-03 10:46 - 2017-02-03 10:46 - 00027318 _____ C:\Users\xxxxxx\Downloads\KONTOAUSZUG_TAGESGELDKONTO_8532947010_dat20170131_id601992153.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00555033 _____ C:\Users\xxxxx\Downloads\ALLGEMEINE_KUNDENINFORMATION_dat20170131_id601109154.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00029599 _____ C:\Users\xxxxx\Downloads\DIVIDENDENGUTSCHRIFT_428416726_wkn901626_dat20170127_id600972142.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00029582 _____ C:\Users\xxxx\Downloads\DIVIDENDENGUTSCHRIFT_428416726_wkn750000_dat20170201_id602169335.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00028825 _____ C:\Users\xxxxx\Downloads\VERK_TEIL-_BEZUGSR_428416726_ord106981642_001_wknA2DJV6_dat20170131_id601358225.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00028825 _____ C:\Users\xxxxxx\Downloads\VERK_TEIL-_BEZUGSR_428416726_ord106981642_001_wknA2DJV6_dat20170131_id601358225(1).pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00027707 _____ C:\Users\xxxxx\Downloads\KONTOAUSZUG_VERRECHNUNGSKONTO_7314270005_dat20170131_id601618356.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00026410 _____ C:\Users\xxxxx\Downloads\UMTAUSCH_AUSGANG_428416726_ord22213832_wkn901626_dat20170130_id601255185.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00026410 _____ C:\Users\xxxxx\Downloads\UMTAUSCH_AUSGANG_428416726_ord22188665_wkn901626_dat20170127_id600940032.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00026402 _____ C:\Users\xxxxx\Downloads\STORNO_AUSGANG_428416726_ord22207283_wkn901626_dat20170130_id601255183.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00026361 _____ C:\Users\xxxxx\Downloads\UMTAUSCH_EINGANG_428416726_ord22213832_wknA2DKCH_dat20170130_id601255186.pdf
2017-02-03 10:39 - 2017-02-03 10:39 - 00026342 _____ C:\Users\xxxx\Downloads\STORNO_EINGANG_428416726_ord22207283_wknA2DKCH_dat20170130_id601255184.pdf
2017-02-03 09:23 - 2017-02-03 09:23 - 00001107 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-02 16:52 - 2017-02-02 16:52 - 00166816 _____ C:\Users\xxxx\Desktop\Documents\Sicherungskopie von Zustellung_RAeIKB.wbk
2017-02-02 16:38 - 2017-02-02 16:43 - 00175883 _____ C:\Users\xxxxx\Desktop\Documents\Sicherungskopie von IKB_2017-02-06_DRAFT.wbk
2017-02-02 16:30 - 2017-02-02 16:30 - 00336497 _____ C:\Users\xxxxx\Downloads\Beschlussvorlage.pdf
2017-02-02 16:28 - 2017-02-02 16:28 - 01329084 _____ C:\Users\xxxxx\Downloads\02_Pfaffengrunder_Terrasse_Plan_2.pdf
2017-02-02 16:26 - 2017-02-02 16:26 - 00363009 _____ C:\Users\xxxxx\Downloads\01_Pfaffengrunder_Terrasse_Plan_1.pdf
2017-02-02 16:20 - 2017-02-02 16:20 - 00535476 _____ C:\Users\xxxxx\Downloads\01_Vorentwurfsplan_Spitzes_Eck.pdf
2017-02-02 15:39 - 2017-02-02 15:39 - 04867588 _____ C:\Users\xxx\Downloads\2017_05_stablakompl.pdf
2017-02-02 15:13 - 2017-02-02 15:30 - 00043226 _____ C:\Users\xxx\Desktop\Documents\Sicherungskopie von Escrow_Agreement_Orbis_2017-02-02.wbk
2017-02-02 14:48 - 2017-02-02 14:48 - 00041341 _____ C:\Users\xxx\Desktop\Documents\Sicherungskopie von Escrow_Agreement_2017-02-02.wbk
2017-02-02 13:18 - 2017-02-02 13:18 - 00039541 _____ C:\Users\xxxxx\Downloads\Sacheinlagen bei Gruendung einer GmbH(1).pdf
2017-02-02 12:22 - 2017-02-02 12:22 - 00203205 _____ C:\Users\xxxx\Downloads\gesamt.pdf
2017-02-02 12:15 - 2017-02-02 12:15 - 00039541 _____ C:\Users\xxxxx\Downloads\Sacheinlagen bei Gruendung einer GmbH.pdf
2017-02-02 10:29 - 2017-02-02 12:27 - 00037238 _____ C:\Users\wguenther\Desktop\Documents\Sicherungskopie von Gesellschaftsvertrag_JV_GmbH_DRAFT_2017-02-02.wbk
2017-02-02 10:28 - 2017-02-02 11:23 - 00040489 _____ C:\Users\wguenther\Desktop\Documents\Sicherungskopie von Joint_Venture_Vertrag_2017-02-02_DRAFT.wbk
2017-02-01 11:24 - 2017-02-01 11:24 - 00119735 _____ C:\Users\wguenther\Downloads\Abgrenzung DEHOGA-DTV 2012.pdf
2017-02-01 10:56 - 2017-02-01 10:56 - 00487687 _____ C:\Users\wguenther\Downloads\Deutsche_Hotelklassifizierung_2015-2020-3.pdf
2017-02-01 10:56 - 2017-02-01 10:56 - 00008656 _____ C:\Users\wguenther\Downloads\Entgelte_Februar_2016_2.pdf
2017-02-01 10:11 - 2017-02-01 10:11 - 00304464 _____ C:\Users\wguenther\Downloads\2017 Schließzeiten Evang. Kinderhaus PANAMA - kalendarisch.pdf
2017-02-01 10:11 - 2017-02-01 10:11 - 00132562 _____ C:\Users\wguenther\Downloads\Anmeldeformular Krippe EvaKiTa_ab2015-09.pdf
2017-01-31 17:06 - 2017-02-02 10:13 - 00037934 _____ C:\Users\wguenther\Desktop\Documents\Sicherungskopie von Kooperationsvertrag_JV_2017-02-01_DRAFT.wbk
2017-01-31 16:42 - 2017-02-02 10:01 - 00040999 _____ C:\Users\wguenther\Desktop\Documents\Sicherungskopie von Distributionsvertrag_JV_2017-02-01_DRAFT.wbk
2017-01-31 16:28 - 2017-01-31 16:29 - 02031379 _____ C:\Users\wguenther\Downloads\944.pdf
2017-01-31 16:28 - 2017-01-31 16:28 - 00038710 _____ C:\Users\wguenther\Downloads\joint_venture(1).pdf
2017-01-31 16:19 - 2017-01-31 16:19 - 00066172 _____ C:\Users\wguenther\Desktop\Documents\UnternehmenKooperationsvertrag.pdf
2017-01-31 16:18 - 2017-01-31 16:18 - 00038710 _____ C:\Users\wguenther\Downloads\joint_venture.pdf
2017-01-31 13:56 - 2017-01-31 13:56 - 00310813 _____ C:\Users\wguenther\Downloads\990308.pdf
2017-01-31 11:59 - 2017-01-31 11:59 - 00177610 _____ C:\Users\wguenther\Desktop\Documents\Verlängerungsantrag_SoftRobotTM_2017-01-31.pdf
2017-01-31 10:51 - 2013-08-28 02:35 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2017-01-31 10:43 - 2017-01-31 10:43 - 00091816 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip
2017-01-31 10:34 - 2017-01-31 10:34 - 00000000 ____D C:\ProgramData\SZCCID
2017-01-31 10:34 - 2017-01-31 10:34 - 00000000 ____D C:\Program Files (x86)\AlcorMicroData
2017-01-31 10:34 - 2017-01-31 10:34 - 00000000 ____D C:\Program Files (x86)\AlcorMicro
2017-01-31 10:32 - 2017-01-31 10:32 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-01-31 10:32 - 2017-01-31 10:32 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-01-31 10:29 - 2017-01-31 10:29 - 00000000 ____D C:\Program Files (x86)\SunplusIT Integrated Camera
2017-01-31 10:29 - 2016-03-24 09:07 - 00088248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2017-01-31 10:29 - 2016-03-24 09:06 - 00634528 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2017-01-31 10:29 - 2016-03-24 09:06 - 00387248 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2017-01-31 10:26 - 2017-01-31 10:26 - 00000000 ____D C:\Windows\system32\DAX2
2017-01-31 10:26 - 2017-01-31 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2017-01-31 10:26 - 2017-01-31 10:26 - 00000000 ____D C:\Program Files (x86)\Dolby Advanced Audio v2
2017-01-31 10:25 - 2016-02-23 13:36 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 05576400 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-01-31 10:25 - 2016-02-23 13:36 - 05338936 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 04803840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-01-31 10:25 - 2016-02-23 13:36 - 03283248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 03282032 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 03198720 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 03081808 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 02894976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-01-31 10:25 - 2016-02-23 13:36 - 02049664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 01356512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 01060504 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00370840 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00192992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-01-31 10:25 - 2016-02-23 13:36 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-01-31 10:22 - 2017-02-08 09:14 - 00000182 _____ C:\Windows\Tasks\Lenovo Active Protection System.job
2017-01-31 10:22 - 2017-01-31 10:22 - 00002476 _____ C:\Windows\System32\Tasks\Lenovo Active Protection System
2017-01-31 10:22 - 2016-06-17 14:38 - 00414312 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2017-01-31 10:22 - 2016-06-17 14:38 - 00263272 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2017-01-31 10:22 - 2016-06-17 14:38 - 00216680 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo20.dll
2017-01-31 10:22 - 2016-06-17 14:37 - 00576104 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2017-01-31 10:22 - 2016-06-17 14:37 - 00041576 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2017-01-31 10:22 - 2016-06-15 13:42 - 00001741 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Properties (Touchpad Clickpad Trackpad TrackPoint Mouse Pointer Pointing Pad).lnk
2017-01-31 10:21 - 2017-02-08 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage
2017-01-31 10:21 - 2017-01-31 10:21 - 00001577 _____ C:\Windows\Delfg.cmd
2017-01-31 10:21 - 2017-01-31 10:21 - 00000146 _____ C:\Windows\launchpw.cmd
2017-01-31 10:21 - 2017-01-31 10:21 - 00000006 _____ C:\Windows\systemtype.txt
2017-01-31 10:20 - 2017-01-31 10:20 - 00001093 _____ C:\Users\Public\Desktop\Connect2.lnk
2017-01-31 10:20 - 2017-01-31 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connect2
2017-01-31 10:20 - 2014-05-16 14:56 - 04456520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc110u.dll
2017-01-31 10:20 - 2014-05-16 14:56 - 04423680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc110.dll
2017-01-31 10:20 - 2014-05-16 14:56 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110u.dll
2017-01-31 10:20 - 2014-05-16 14:56 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcm110.dll
2017-01-31 10:19 - 2017-01-31 10:19 - 00002022 _____ C:\Users\Public\Desktop\REACHit.lnk
2017-01-31 10:19 - 2017-01-31 10:19 - 00001831 _____ C:\Users\wguenther\AppData\Roaming\Microsoft\Windows\Start Menu\REACHit Drive.lnk
2017-01-31 10:19 - 2017-01-31 10:19 - 00000000 ____D C:\Users\wguenther\REACHit
2017-01-31 09:54 - 2017-01-31 09:54 - 02803904 _____ C:\Users\wguenther\Downloads\Hochzeitseinladung_deutsch.pdf
2017-01-31 09:53 - 2017-01-31 09:53 - 00000000 ____D C:\Users\wguenther\AppData\Local\Tvsukernel
2017-01-30 10:35 - 2017-01-30 10:35 - 00027576 _____ C:\Users\wguenther\Desktop\Documents\Mitteilung_EUIPO_2016-01-30.pdf
2017-01-27 13:07 - 2017-01-27 13:07 - 01815947 _____ C:\Users\wguenther\Downloads\A03_Broschuere.pdf
2017-01-27 13:07 - 2017-01-27 13:07 - 00317543 _____ C:\Users\wguenther\Downloads\Informationsvorlage_Beschlusslauf.pdf
2017-01-27 13:07 - 2017-01-27 13:07 - 00057356 _____ C:\Users\wguenther\Downloads\A01_Sachstand.pdf
2017-01-27 13:07 - 2017-01-27 13:07 - 00057155 _____ C:\Users\wguenther\Downloads\A02_Empfehlung_Kuratorium.pdf
2017-01-27 13:06 - 2017-01-27 13:07 - 00210697 _____ C:\Users\wguenther\Downloads\Informationsvorlage.pdf
2017-01-27 09:51 - 2017-01-27 15:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-26 09:37 - 2017-01-26 09:37 - 00134665 _____ C:\Users\wguenther\Desktop\Documents\Anschreiben_RAe_Bietmann_2017-01-25.pdf
2017-01-25 10:57 - 2017-01-25 10:57 - 01072758 _____ C:\Users\wguenther\Desktop\Documents\Recherche_INDIGO_fabrics_2017-01-25.pdf
2017-01-25 09:13 - 2017-01-25 09:13 - 00107581 _____ C:\Users\wguenther\Desktop\Documents\Anschreiben_RAe_Bietmann_2017-01-25_DRAFT.pdf
2017-01-23 17:06 - 2017-01-23 17:06 - 00087258 _____ C:\Users\wguenther\Desktop\Documents\20170109_Invoice_Miller_Canfield_1345765.pdf
2017-01-23 16:51 - 2017-01-23 16:51 - 00903068 _____ C:\Users\wguenther\Desktop\Documents\Recherche_VECTOR_ARRAY_2017-01-23.pdf
2017-01-23 13:43 - 2017-01-23 13:43 - 00876673 _____ C:\Users\wguenther\Desktop\Documents\Recherche_VECTOR_PLANNING_2017-01-23.pdf
2017-01-23 12:49 - 2017-01-23 12:49 - 00010828 _____ C:\Users\wguenther\Desktop\Documents\Domestictransferorder_189_012853800_20161222_141642.pdf
2017-01-19 15:42 - 2017-01-19 15:42 - 00125270 _____ C:\Users\wguenther\Desktop\Documents\IKB_2017-01-19_DRAFT.pdf
2017-01-17 16:00 - 2017-01-17 16:00 - 02289722 _____ C:\Users\wguenther\Desktop\Documents\Veranstaltungs_und_Eventrecht_2017-01-17.pptx
2017-01-17 15:56 - 2017-01-17 15:56 - 00532891 _____ C:\Users\wguenther\Desktop\Documents\Veranstaltungs_und_Eventrecht_2017-01-17.pdf
2017-01-17 15:00 - 2017-01-17 15:00 - 00532802 _____ C:\Users\wguenther\Desktop\Documents\Veranstaltungs_und_Eventrecht_2017-01-16.pdf
2017-01-17 14:18 - 2017-01-17 16:02 - 02289711 _____ C:\Users\wguenther\Desktop\Veranstaltungs_und_Eventrecht_2017-01-16.pptx
2017-01-17 13:04 - 2017-01-17 13:04 - 00060677 _____ C:\Users\wguenther\Desktop\Documents\Recherche_VECTOR_LEAN_2017-01-17.pdf
2017-01-17 10:02 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-17 10:02 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-17 10:02 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-17 10:02 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-17 10:02 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-17 10:02 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-17 10:02 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-17 10:02 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-17 10:02 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-17 10:02 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-17 10:02 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-17 10:02 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-17 10:02 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-16 14:02 - 2017-01-16 14:02 - 05263260 _____ C:\Users\wguenther\Desktop\Documents\kinderland-qualitaetsversprechen.pdf
2017-01-16 10:48 - 2017-01-16 10:48 - 00832646 _____ C:\Users\wguenther\Desktop\Documents\Recherche_CAMLOG_2017-01-16.pdf
2017-01-13 16:23 - 2017-01-13 16:23 - 00055420 _____ C:\Users\wguenther\Desktop\Documents\Überwachungsmitteilung_CAMLOG_2017-01-13.pdf
2017-01-11 15:09 - 2017-01-11 15:09 - 00205650 _____ C:\Users\wguenther\Desktop\Documents\m15796-41795-94.pdf
2017-01-11 15:08 - 2017-01-11 15:08 - 00207661 _____ C:\Users\wguenther\Desktop\Documents\m15796-41872-63.pdf
2017-01-11 15:07 - 2017-01-11 15:07 - 00368640 _____ C:\Users\wguenther\Desktop\Documents\Possible opposition in Spain - Ref. 364111914489918.msg
2017-01-11 15:07 - 2017-01-11 15:07 - 00366592 _____ C:\Users\wguenther\Desktop\Documents\Possible opposition in Spain - Ref. 36411192132892.msg
2017-01-11 15:06 - 2017-01-11 15:06 - 00208389 _____ C:\Users\wguenther\Desktop\Documents\m15796-41761-467.pdf
2017-01-11 15:06 - 2017-01-11 15:06 - 00207584 _____ C:\Users\wguenther\Desktop\Documents\m15796-41922-280.pdf
2017-01-11 15:00 - 2017-01-11 15:00 - 00110726 _____ C:\Users\wguenther\Desktop\Documents\PoA_vector.pdf
2017-01-11 11:44 - 2017-01-11 11:44 - 00131439 _____ C:\Users\wguenther\Desktop\Documents\Fee Calculation_VCS_und_VecCon_Serv_nurVCS_minus249_daCN_Kl42_zurückgewiesen.pdf
2017-01-11 10:35 - 2017-01-11 10:35 - 00077435 _____ C:\Users\wguenther\Downloads\form_mm11.pdf
2017-01-11 10:22 - 2017-01-11 10:22 - 00130451 _____ C:\Users\wguenther\Desktop\Documents\Fee Calculation_Microsar_minus249_daCN_Kl9_zurückgewiesen.pdf
2017-01-11 10:15 - 2017-01-11 10:15 - 00129644 _____ C:\Users\wguenther\Desktop\Documents\Fee Calculation_FRcable_term_stress_piggy.pdf
2017-01-10 17:28 - 2017-01-10 17:28 - 00708145 _____ C:\Users\wguenther\Desktop\Documents\Recherche_KanCap_2017-01-10.pdf
2017-01-10 16:20 - 2017-01-10 16:20 - 00117330 _____ C:\Users\wguenther\Downloads\djt_70_Thesen_Prozessrecht_140804.pdf
2017-01-10 15:00 - 2017-01-10 15:00 - 00207600 _____ C:\Users\wguenther\Desktop\Documents\Vollmacht_neu.pdf
2017-01-10 11:01 - 2017-01-10 11:01 - 00207585 _____ C:\Users\wguenther\Desktop\Documents\Vollmacht_neues_Logo.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-09 09:34 - 2009-07-14 05:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-09 09:34 - 2009-07-14 05:45 - 00032128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-09 09:13 - 2014-09-17 10:09 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2017-02-09 09:12 - 2015-01-20 09:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-08 15:58 - 2016-11-21 09:31 - 00000000 ____D C:\Users\wguenther\AppData\LocalLow\Mozilla
2017-02-08 15:43 - 2014-09-17 12:00 - 00000000 ____D C:\Users\wguenther
2017-02-08 13:05 - 2014-08-16 03:07 - 00705546 _____ C:\Windows\system32\perfh007.dat
2017-02-08 13:05 - 2014-08-16 03:07 - 00151752 _____ C:\Windows\system32\perfc007.dat
2017-02-08 13:05 - 2009-07-14 06:13 - 01636088 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-08 13:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-02-08 11:49 - 2014-08-15 17:55 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2017-02-08 11:49 - 2014-08-15 17:52 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-02-08 11:49 - 2014-08-15 17:43 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-02-08 09:43 - 2014-09-22 14:51 - 00000000 ____D C:\Users\xxxxxx\Desktop\Documents\Filero
2017-02-08 09:15 - 2014-09-17 12:01 - 00000000 ____D C:\Users\xxxxxx\.FileroClient
2017-02-08 09:14 - 2016-06-29 07:51 - 00000000 __SHD C:\Users\xxxxx\IntelGraphicsProfiles
2017-02-08 09:13 - 2016-03-29 08:09 - 00000000 ____D C:\ProgramData\Synaptics
2017-02-08 09:13 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-07 09:32 - 2016-05-19 09:09 - 00002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 09:20 - 2016-07-15 10:24 - 00000000 ____D C:\Users\wguenther\AppData\Local\Deployment
2017-02-06 09:11 - 2015-09-03 14:39 - 00003418 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2017-02-03 09:23 - 2015-09-03 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-03 09:23 - 2014-08-15 17:39 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-01 09:38 - 2014-08-15 17:36 - 00000000 ____D C:\Program Files (x86)\Intel
2017-02-01 09:37 - 2014-10-21 14:42 - 00000000 ____D C:\Users\wguenther\AppData\Roaming\HpUpdate
2017-02-01 09:37 - 2014-08-15 17:54 - 00000000 ____D C:\Windows\Downloaded Installations
2017-01-31 10:51 - 2014-09-29 11:32 - 00003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-01-31 10:47 - 2016-07-15 10:12 - 00000000 ____D C:\Users\wguenther\AppData\Roaming\Lenovo
2017-01-31 10:34 - 2014-08-15 17:38 - 00000630 _____ C:\Windows\hbcikrnl.ini
2017-01-31 10:34 - 2014-08-15 17:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-31 10:32 - 2014-08-15 17:37 - 00000000 ____D C:\ProgramData\Intel
2017-01-31 10:30 - 2014-08-15 17:37 - 00000000 ____D C:\Program Files\Intel
2017-01-31 10:26 - 2014-08-15 17:47 - 00003170 _____ C:\Windows\System32\Tasks\RtHDVBg_LENOVO_MICPKEY
2017-01-31 10:26 - 2014-08-15 17:47 - 00003158 _____ C:\Windows\System32\Tasks\RtHDVBg_Dolby
2017-01-31 10:26 - 2014-08-15 17:47 - 00003146 _____ C:\Windows\System32\Tasks\RTKCPL
2017-01-31 10:26 - 2014-08-15 17:47 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-01-31 10:26 - 2014-08-15 17:47 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-01-31 10:21 - 2014-08-16 02:44 - 00000000 ____D C:\ProgramData\Lenovo
2017-01-31 10:21 - 2014-08-15 17:37 - 00000000 ____D C:\Program Files\Lenovo
2017-01-31 10:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2017-01-31 10:19 - 2015-05-08 12:19 - 00000000 ____D C:\Users\wguenther\AppData\Local\Downloaded Installations
2017-01-31 10:19 - 2014-09-17 12:01 - 00000000 ____D C:\Users\wguenther\AppData\Local\Lenovo
2017-01-31 10:19 - 2014-08-15 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-01-30 09:41 - 2014-08-15 17:56 - 00000000 ____D C:\Windows\System32\Tasks\TVT
2017-01-27 15:07 - 2014-09-17 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-23 09:12 - 2016-02-29 11:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-17 14:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-01-17 10:08 - 2014-09-15 10:00 - 00000000 ____D C:\Windows\system32\MRT
2017-01-17 10:04 - 2014-09-15 10:00 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-12 09:15 - 2015-05-19 08:06 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 10:44 - 2016-10-26 09:44 - 20358232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-01-10 10:44 - 2015-01-20 09:05 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 10:44 - 2014-09-17 18:09 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 10:44 - 2014-09-17 18:09 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 10:44 - 2014-09-17 18:09 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 10:44 - 2014-09-17 18:09 - 00000000 ____D C:\Windows\system32\Macromed

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-06-23 10:33 - 2016-12-13 12:27 - 0007603 _____ () C:\Users\wguenther\AppData\Local\Resmon.ResmonCfg
2014-08-15 17:47 - 2014-08-15 17:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-15 18:00 - 2014-08-15 18:01 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-15 17:58 - 2014-08-15 17:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-15 17:59 - 2014-08-15 18:00 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-15 18:00 - 2014-08-15 18:00 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log

Einige Dateien in TEMP:
====================
2014-09-17 10:28 - 2014-02-05 11:18 - 0204328 _____ (F-Secure Corporation) C:\Users\Administrator\AppData\Local\Temp\fsprod.dll
2014-09-17 10:28 - 2014-04-22 11:22 - 0343080 _____ (F-Secure Corporation) C:\Users\Administrator\AppData\Local\Temp\fssfm.dll
2014-09-17 10:28 - 2014-04-22 11:21 - 0183336 _____ (F-Secure Corporation) C:\Users\Administrator\AppData\Local\Temp\preconfig.exe
2017-02-08 18:14 - 2017-02-08 18:14 - 0032768 _____ () C:\Users\wguenther\AppData\Local\Temp\7ndabec7.dll
2015-09-03 16:08 - 2015-09-03 16:08 - 0000000 ____D () C:\Users\wguenther\AppData\Local\Temp\avgnt.exe
2017-02-09 09:17 - 2017-02-09 09:17 - 0438048 _____ (Add-in Express Ltd.) C:\Users\wguenther\AppData\Local\Temp\IntResource.dll
2016-10-19 08:46 - 2016-10-19 08:46 - 0737856 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u111-windows-au.exe
2015-07-29 10:13 - 2015-07-29 10:13 - 0563808 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u51-windows-au.exe
2015-09-02 08:06 - 2015-09-02 08:06 - 0585824 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-10-23 08:13 - 2015-10-23 08:13 - 0585824 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-20 09:08 - 2015-11-20 09:08 - 0585824 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u66-windows-au.exe
2016-01-28 09:26 - 2016-01-28 09:27 - 0644704 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-15 13:52 - 2016-02-15 13:52 - 0736352 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-30 08:06 - 2016-03-30 08:06 - 0736320 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-04-20 12:41 - 2016-04-20 12:41 - 0739904 _____ (Oracle Corporation) C:\Users\wguenther\AppData\Local\Temp\jre-8u91-windows-au.exe
2015-08-03 11:21 - 2016-09-05 08:39 - 16826944 ____T (Geek Software GmbH                                          ) C:\Users\wguenther\AppData\Local\Temp\pdf24-creator-update.exe
2016-07-13 08:47 - 2016-07-13 08:47 - 0000000 _____ () C:\Users\wguenther\AppData\Local\Temp\qqs1vtzo.dll
2015-10-16 08:37 - 2015-10-16 08:37 - 0000000 _____ () C:\Users\wguenther\AppData\Local\Temp\s1s4szgc.dll

Einige mit null Byte Größe Dateien/Ordner:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-02 13:53

==================== Ende von FRST.txt ============================


Edited by olgun52, 23 February 2017 - 07:44 AM.


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 09 February 2017 - 11:35 AM

Hi Kaninchen,

 

Please do the following;

 

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

Lavasoft

Hotspot Shield
bing

 

and PC restart.

===========================================

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Edited by olgun52, 11 February 2017 - 03:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Kaninchen

Kaninchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 10 February 2017 - 04:20 AM

Hello Yilmaz,

 

I will do so now. I dont have disabeld Windows firewall, because it was not on the list in the link disable your security applications, is this ok or have I do it again with disabeld firewall?



#6 Kaninchen

Kaninchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 10 February 2017 - 04:51 AM

Hello Yilmaz,
 
here is the logfile. As said before, I do not have disabeld Windows firewall, because it was not on the list in the link disable your security applications, is this ok or have I do it again with disabled firewall?

 

Thank you.

Attached Files


Edited by Kaninchen, 10 February 2017 - 06:19 AM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 10 February 2017 - 01:44 PM

Hi Kaninchen,

Please do the following;
Run FRST fixlist

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-2710090503-2485011656-832934822-1140\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D101316-A8D15A5DDE3&form=CONMHP&conlogo=CT3335578
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2710090503-2485011656-832934822-1140 -> DefaultScope {2295B41E-F435-47A0-B13F-03A739B87D4B} URL =
SearchScopes: HKU\S-1-5-21-2710090503-2485011656-832934822-1140 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101316-A8D15A5DDE3&form=CONBDF&conlogo=CT3335578&q={searchTerms}
FF ProfilePath: C:\Users\wguenther\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default [2017-02-09]
FF NewTab: Mozilla\Firefox\Profiles\cbgp5vhf.default -> hxxp://www.bing.com/?pc=COSP&ptag=D101316-A8D15A5DDE3&form=CONMHP&conlogo=CT3335578
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\cbgp5vhf.default -> Bing®
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\cbgp5vhf.default -> Bing®
FF Homepage: Mozilla\Firefox\Profiles\cbgp5vhf.default -> hxxp://192.168.0.35/csp/filero/
FF SearchPlugin: C:\Users\wguenther\AppData\Roaming\Mozilla\Firefox\Profiles\cbgp5vhf.default\searchplugins\bing-lavasoft.xml [2016-10-13]
FF Extension: (Hotspot Shield Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2017-01-27] [ist nicht signiert]
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
CHR Extension: (Kein Name) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-19]
CHR Extension: (Kein Name) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-23]
CHR Extension: (Kein Name) - C:\Users\wguenther\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx
2016-06-23 10:33 - 2016-12-13 12:27 - 0007603 _____ () C:\Users\wguenther\AppData\Local\Resmon.ResmonCfg
2014-08-15 17:47 - 2014-08-15 17:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-15 18:00 - 2014-08-15 18:01 - 0000107 _____ () C:\ProgramData\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}.log
2014-08-15 17:58 - 2014-08-15 17:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-08-15 17:59 - 2014-08-15 18:00 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2014-08-15 18:00 - 2014-08-15 18:00 - 0000115 _____ () C:\ProgramData\{D6E853EC-8960-4D44-AF03-7361BB93227C}.log
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25240 2016-10-13] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-10-13] (Lavasoft Limited)
C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
2016-10-13 11:19 - 2016-10-13 11:19 - 00025240 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2016-10-13 11:19 - 2016-10-13 11:19 - 00017048 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00037008 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2015-11-13 00:25 - 2015-11-13 00:25 - 00261328 _____ () C:\Program Files (x86)\Hotspot Shield\bin\CrashRpt1403.dll
2015-11-06 20:44 - 2015-11-06 20:44 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00129680 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00058512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00018072 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00300176 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00030360 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00059024 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00128152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00044184 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-10-13 11:19 - 2016-10-13 11:19 - 00078992 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
C:\Users\wguenther\AppData\Local\Temp
C:\Users\Administrator\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\Users\wguenther\Desktop\GULP:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\wguenther\Desktop\Documents\Hinterlegung Erben:AFP_AfpInfo [122]
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:
End

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.
======================================================
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

======================================================
RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Edited by olgun52, 11 February 2017 - 03:09 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 Kaninchen

Kaninchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 13 February 2017 - 11:54 AM

Hi Yilmaz,

 

here are the reports. Was there a trojan that yould steel my passwords and if so, after what step exactly was it removed?

 

Malwarebytes

www.malwarebytes.com

 

-Protokolldetails-

Scan-Datum: 13.02.17

Scan-Zeit: 11:39

Protokolldatei:

Administrator: Ja

 

-Softwaredaten-

Version: 3.0.6.1469

Komponentenversion: 1.0.50

Version des Aktualisierungspakets: 1.0.1249

Lizenz: Testversion

 

-Systemdaten-

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: System

 

-Scan-Übersicht-

Scan-Typ: Bedrohungs-Scan

Ergebnis: Abgeschlossen

Gescannte Objekte: 618681

Abgelaufene Zeit: 1 Std., 33 Min., 17 Sek.

 

-Scan-Optionen-

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert

 

-Scan-Details-

Prozess: 0

(keine bösartigen Elemente erkannt)

 

Modul: 0

(keine bösartigen Elemente erkannt)

 

Registrierungsschlüssel: 0

(keine bösartigen Elemente erkannt)

 

Registrierungswert: 0

(keine bösartigen Elemente erkannt)

 

Registrierungsdaten: 0

(keine bösartigen Elemente erkannt)

 

Daten-Stream: 0

(keine bösartigen Elemente erkannt)

 

Ordner: 0

(keine bösartigen Elemente erkannt)

 

Datei: 4

PUP.Optional.Reimage, C:\USERS\WGUENTHER\DOWNLOADS\REIMAGEREPAIR.EXE, In Quarantäne, [1320], [331559],1.0.1249

PUP.Optional.SpyHunter, C:\USERS\WGUENTHER\DOWNLOADS\SPYHUNTER-INSTALLER(1).EXE, In Quarantäne, [1670], [331753],1.0.1249

PUP.Optional.Plumbytes, C:\USERS\WGUENTHER\DOWNLOADS\ANTIMALWARESETUP.EXE, In Quarantäne, [10931], [123575],1.0.1249

PUP.Optional.SpyHunter, C:\USERS\WGUENTHER\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, In Quarantäne, [1670], [331753],1.0.1249

 

Physischer Sektor: 0

(keine bösartigen Elemente erkannt)

 

 

(end)

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 13 February 2017 - 12:52 PM

Was there a trojan that yould steel my passwords and if so, after what step exactly was it removed?

Yes there was, but we have deleted it with combofix. Q:\AUTORUN.INF  .

What are autorun-viruses?
Please read:
https://blog.comodo.com/malware/manually-removing-autorun-virus/
http://zentimo.com/blog/what-are-autorun-viruses/
==========================================================

 

Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Regards

Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Kaninchen

Kaninchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 16 February 2017 - 03:19 AM

Hi Yilmaz,

 

here are the reports of AdwareCleaner and JRT. The link to ESRT goes to a Mac product, I run a windows system. Do I have to buy this or is there a free version? What exactly do I have to download?

 

Kind regards.

Attached Files



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 16 February 2017 - 03:35 AM

ESRT ??

What is ESRT ?

 

ESET Online Scanner

https://www.eset.com/int/home/online-scanner/


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Kaninchen

Kaninchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 16 February 2017 - 05:30 AM

Sorry, of course I meant ESET. However, the link still goes to a website with "Mac Antivirus and Security Software from ESET" and orptions to buy.  Do I have to switch to the windows site and buy the windows product? There are two products offered, "internet security" and "anti virus"? Thank you for checking the link!



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 16 February 2017 - 06:07 AM

Do I have to switch to the windows site and buy the windows product?

No,no.
Eset online scanner is completely free.You should click on the '' scan now '' button. Is that what you do?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 Kaninchen

Kaninchen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 17 February 2017 - 03:15 AM

I have found the problem. When clicking on the link, firefox automatically redirected me to the site where ESET Mac Products can be bought. I entered the adress manually in the browser and the it worked. Here are the results from ESET:

 

C:\Users\wguenther\Desktop\Documents\2014\Eigene Dateien bis 2013\HSS-2.78-install-a-393-conduit.exe    Win32/Toolbar.Conduit potentially unwanted application,a variant of Win32/Toolbar.Conduit.AI potentially unwanted application    
C:\Users\wguenther\Desktop\Documents\2014\Eigene Dateien bis 2013\iLividSetup.exe    Win32/Toolbar.SearchSuite potentially unwanted application,a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    
C:\Users\wguenther\Music\Eigene Dateien bis 2013\HSS-2.78-install-a-393-conduit.exe    Win32/Toolbar.Conduit potentially unwanted application,a variant of Win32/Toolbar.Conduit.AI potentially unwanted application    
C:\Users\wguenther\Music\Eigene Dateien bis 2013\iLividSetup.exe    Win32/Toolbar.SearchSuite potentially unwanted application,a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    
 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:13 AM

Posted 17 February 2017 - 05:12 AM

Hi,

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\wguenther\Desktop\Documents\2014\Eigene Dateien bis 2013\HSS-2.78-install-a-393-conduit.exe"
"C:\Users\wguenther\Desktop\Documents\2014\Eigene Dateien bis 2013\iLividSetup.exe"
"C:\Users\wguenther\Music\Eigene Dateien bis 2013\HSS-2.78-install-a-393-conduit.exe"
"C:\Users\wguenther\Music\Eigene Dateien bis 2013\iLividSetup.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this: vista_bat_icon.png

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

=====================================================================

Please run again;

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users