| |
| |||||||
Log-Analyse und Auswertung: Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.07.2014, 16:22
| #1 |
 |  Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Hi, Ich bin grad dabei ein Notebook wieder zum Ansatzweise-Arbeiten zu bringen und hab nun einen Scan mit Malewarebytes durchgeführt... Nach den ersten 300 Funden war mir klar, dass es etwas härter werden könnte... Beim letzten Blick mit 1880 Funden wurde dies zur bitteren Sicherheit...  Ich benötige bei dieser enormen Anzahl dringenst Hilfe, da es nicht infrage kommt das Notebook neu aufzusetzen, da es kein Laufwerk besitzt.   Das Logfile ist selbst gepackt noch zu groß zum hochladen mit ca. 600000 Zeichen...  Ich bedanke mich bereits im voraus für die Hilfe. MFG Geändert von Andyleinchen (27.07.2014 um 16:29 Uhr) Grund: Anhang |
|
27.07.2014, 17:41
| #2 |
| |  Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Han nen neuen Scan gemacht den ich hochladen konnte
__________________ |
|
29.07.2014, 19:51
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
30.07.2014, 14:57
| #4 |
| | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Splitten würde ewig dauern.... Es sind 600000 zeichen nur von dem malewarebytes scan... Anders ist dies leider nicht möglich.... |
|
30.07.2014, 15:13
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Ok, aber bitte die FRST Logs in CODE-Tags posten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.07.2014, 19:50
| #6 |
| | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check...Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2014 Ran by Andrea (administrator) on ANDREA-PC on 30-07-2014 20:22:39 Running from C:\Users\Andrea\Downloads Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\PC Beschleunigen\PCSUService.exe (Stardock Corporation) C:\Program Files\Stardock\MyColors\VistaSrv.exe () C:\Program Files\Stardock\MyColors\WBVista.exe () C:\Windows\System32\AsusService.exe () C:\Program Files\Guard-ICQ\GuardICQ.exe () C:\Windows\System32\dmwu.exe () C:\Windows\System32\PnkBstrA.exe () C:\Windows\System32\PnkBstrB.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Blabbers Communications Ltd) C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe () C:\Windows\System32\jmdp\stij.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AsusTek Computer Inc.) C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (ASUS) C:\Program Files\Asus\CapsHook\CapsHook.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe () C:\Program Files\AVG Secure Search\vprot.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe () C:\Users\Andrea\AppData\Roaming\BrowserCompanion\tbhcn.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\S-1-5-21-3601385101-2140175397-1978509390-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin HKU\S-1-5-21-3601385101-2140175397-1978509390-1000\...\MountPoints2: {9bba8ab2-87ee-11e2-8299-5404a629b83b} - E:\Startme.exe AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2013-04-01] (Bandoo Media, inc) AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-08-06] (Bandoo Media, inc) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk ShortcutTarget: tbhcn.lnk -> C:\Users\Andrea\AppData\Roaming\BrowserCompanion\tbhcn.exe () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation) ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB8} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll () ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {618A47A2-528B-4D9A-AFC8-97D3233511E2} => C:\Program Files\Asus\ASUS WebStorage\3.0.108.222\AsusWSShellExt.dll () ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=10&cc= HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms} SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7FFBF5DA-D170-40D3-91A7-55FD28DB7790}&mid=937d7987183b47d19f81854de0cd51c8-a1eab306f4f7adae3faf3915e98e941f41c4ab04&lang=de&ds=AVG&pr=pr&d=2013-01-03 16:30:22&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=b2e820680000000000005404a629b83b SearchScopes: HKCU - {23BE01D0-C186-4456-A856-F33472C1EF2D} URL = hxxp://search.softonic.com/MON00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=201 SearchScopes: HKCU - {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} SearchScopes: HKCU - {48E9923A-16C4-410A-9D2B-97CA7A6E9743} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7FFBF5DA-D170-40D3-91A7-55FD28DB7790}&mid=937d7987183b47d19f81854de0cd51c8-a1eab306f4f7adae3faf3915e98e941f41c4ab04&lang=de&ds=AVG&pr=pr&d=2013-01-03 16:30:22&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms} SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyK0cewlx&i=26 BHO: Ginyas Browser Companion -> {00cbb66b-1d3b-46d3-9577-323a336acb50} -> C:\Program Files\BrowserCompanion\jsloader.dll ( ) BHO: ICQ Sparberater -> {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} -> C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh) BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: I Want This -> {11111111-1111-1111-1111-110011221158} -> C:\Program Files\I Want This\I Want This.dll (215 Apps) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) BHO: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension32.dll () BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File BHO: Incredibar.com Helper Object -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) BHO: BetterAds -> {BA56787C-729F-4715-8F11-EB2A16908B91} -> C:\Program Files\BetterAds\ScriptHost.dll () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com) BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) Toolbar: HKLM - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com) Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default FF SearchEngineOrder.1: Search Results FF NetworkProxy: "type", 0 FF Homepage: user_pref("browser.startup.homepage", ""); FF Keyword.URL: hxxp://mystart.incredibar.com/mb203?a=6OyK0cewlx&i=26&search= FF DefaultSearchEngine: AVG Secure Search FF SelectedSearchEngine: AVG Secure Search FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File FF Plugin: @java.com/DTPlugin,version=1.6.0_32 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Andrea\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\user.js FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\MyStart Search.xml FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\Plusnetwork.xml FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\searchplugins\softonic.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Heroes Updater - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\battlefieldheroespatcher@ea.com [2012-03-03] FF Extension: Ginyas Browser Companion - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\bbrs_002@blabbers.com [2012-08-17] FF Extension: Ginyas Browser Companions - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\bbrs_003@blabbers.com [2013-01-26] FF Extension: I Want This - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\crossriderapp2258@crossrider.com [2013-12-10] FF Extension: Babylon - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\ffxtlbr@babylon.com [2012-03-11] FF Extension: incredibar.com - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\ffxtlbr@incredibar.com [2012-08-04] FF Extension: softonic.com - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\ffxtlbra@softonic.com [2012-09-02] FF Extension: Searchqu Toolbar - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2012-08-06] FF Extension: BetterAds - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\betterads@BetterAds.org.xpi [2012-08-21] FF Extension: Yontoo - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7uf201vf.default\Extensions\plugin@yontoo.com.xpi [2013-02-20] FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4 FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-08-04] FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: hxxp://search.babylon.com/?AF=109867&babsrc=HP_ss&mntrId=b2e820680000000000005404a629b83b CHR DefaultSearchKeyword: t-online-shop.de CHR DefaultSearchProvider: t-online.de Shop Deutschland Produktsuche CHR DefaultSearchURL: hxxp://www.t-online-shop.de/tonline/celebrosSearch.do?action=ExecuteSearch&searchString={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Browser Companion Helper) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf [2013-07-30] CHR Extension: (BetterAds) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki [2013-07-30] CHR Extension: (New tab for Chrome™) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2013-07-30] CHR Extension: (I Want This) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk [2013-07-11] CHR Extension: (AVG Security Toolbar) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-07-30] CHR Extension: (Google Wallet) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03] CHR HKLM\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files\BrowserCompanion\blabbers-ch.crx [2012-07-02] CHR HKLM\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Andrea\AppData\Local\MediaBA\betterads.crx [2012-08-21] CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-08-04] CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx [2012-08-04] CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-08-04] CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Andrea\AppData\Local\I Want This\Chrome\I Want This.crx [2012-02-21] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx [2013-12-09] CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Andrea\AppData\Local\Temp\YontooLayers.crx [2013-12-09] CHR StartMenuInternet: Google Chrome - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe |
|
30.07.2014, 23:05
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Ist unvollständig. Und das Addition.txt Logfile fehlt auch leider...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2014, 01:00
| #8 |
| | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Das tut mir Leid... Da muss irgendetwas schief gelaufen sein, anbei sind die FRST und GMER Logs. GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-31 01:40:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0003SDM1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Andrea\AppData\Local\Temp\uwdiqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 81E4CA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E86212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Elantech\ETDCtrl.exe[300] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrl.exe[300] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxtray.exe[2528] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\hkcmd.exe[2544] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\igfxpers.exe[2672] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\igfxsrvc.exe[2712] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2868] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\system32\taskhost.exe[2996] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\windows\Explorer.EXE[3180] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe[3372] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\AVG Secure Search\vprot.exe[3432] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Users\Andrea\Downloads\Gmer-19357.exe[3480] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Windows\System32\jmdp\stij.exe[3484] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] kernel32.dll!VirtualProtect 76E52CDD 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!SetWindowPlacement 77497F78 5 Bytes JMP 66033F8E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!MoveWindow 77498D29 5 Bytes JMP 66034289 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!DeferWindowPos 7749A6C8 5 Bytes JMP 6603390A C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!SetWindowPos 774A1BC4 5 Bytes JMP 660343D8 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!GetWindowRect 774A558C 5 Bytes JMP 66034564 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!BeginPaint 774A5D14 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!EndPaint 774A5D42 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[4064] USER32.dll!GetWindowPlacement 774C69DE 5 Bytes JMP 660340DF C:\Program Files\Stardock\MyColors\WBLIND.dll
---- User IAT/EAT - GMER 2.1 ----
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [66057244] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [6605730C] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [660572A1] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [USER32.dll!GetWindowDC] [66033A28] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [USER32.dll!UpdateLayeredWindow] [66057A44] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [USER32.dll!UpdateLayeredWindowIndirect] [6605735E] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [USER32.dll!EndPaint] [660584BD] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [USER32.dll!LoadImageW] [6600AA77] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [USER32.dll!BeginPaint] [660581B9] C:\Program Files\Stardock\MyColors\WBLIND.dll
IAT C:\windows\Explorer.EXE[3180] @ C:\windows\Explorer.EXE [USER32.dll!DrawTextW] [6605A7BB] C:\Program Files\Stardock\MyColors\WBLIND.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Threads - GMER 2.1 ----
Thread System [4:3992] 83C5AF2E
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dbb854f
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BDE4E20B-9DDA-4414-9773-A51264A0F4E5}@LeaseObtainedTime 1406761422
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BDE4E20B-9DDA-4414-9773-A51264A0F4E5}@T1 1406934222
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BDE4E20B-9DDA-4414-9773-A51264A0F4E5}@T2 1407063822
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BDE4E20B-9DDA-4414-9773-A51264A0F4E5}@LeaseTerminatesTime 1407107022
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dbb854f (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-07-2014
Ran by Andrea at 2014-07-31 01:48:00
Running from C:\Users\Andrea\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3462 - AVG Technologies)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.7.644 - AVG Technologies)
Babylon toolbar on IE (HKLM\...\BabylonToolbar) (Version: - ) <==== ATTENTION
BetterAds (HKLM\...\BetterAds) (Version: 1.5 - BetterAds.org)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
BrowserCompanion (HKLM\...\BrowserCompanion) (Version: - ) <==== ATTENTION
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVDVideoSoftTB Toolbar (HKLM\...\DVDVideoSoftTB Toolbar) (Version: 6.8.2.0 - DVDVideoSoftTB)
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.3 (HKLM\...\Eee Docking_is1) (Version: 3.8.3 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0011 - ASUS)
EeeSplendid (Version: 5.1.2.0011 - ASUS) Hidden
ETDWare PS/2-x86 7.0.5.13_WHQL (HKLM\...\Elantech) (Version: 7.0.5.13 - ELAN Microelectronics Corp.)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GinyasBrowserCompanion (HKLM\...\GinyasBrowserCompanion) (Version: - Ginyas) <==== ATTENTION
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
I Want This (HKLM\...\I Want This) (Version: 1.8.146.147 - 215 Apps)
IB Updater Service (HKLM\...\WNLT) (Version: 4.0.8.7 - ) <==== ATTENTION
ICQ Toolbar (HKLM\...\ICQToolbar) (Version: 3.0.0 - ICQ)
Incredibar Toolbar on IE (HKLM\...\incredibar) (Version: - ) <==== ATTENTION
InstantOn (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 1.0.2 - ASUS)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
LogonStudio (HKLM\...\{5C46518A-F797-4973-A257-F3F60F2FC61E}) (Version: 1.51.12 - Stardock)
MAGIX Foto Manager MX (HKLM\...\MAGIX_{30D2BC25-D905-48FE-AA2C-98E11AC3A081}) (Version: 9.0.1.238 - MAGIX AG)
MAGIX Foto Manager MX (Version: 9.0.1.238 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{6662A179-33A4-407D-B57D-736E6BF765B1}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Raccolta foto (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0159 - REALTEK Semiconductor Corp.)
RegClean Pro (HKLM\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Searchqu Toolbar (HKLM\...\Searchqu Toolbar) (Version: 4.1.0.3028 - Bandoo Media Inc) <==== ATTENTION
simplitec simplicheck (HKLM\...\{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}) (Version: 1.2.3.0 - simplitec GmbH)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Softonic toolbar on IE (HKLM\...\Softonic) (Version: - Softonic) <==== ATTENTION
Stardock MyColors (HKLM\...\Stardock MyColors) (Version: 2.7 - Stardock Corporation)
Stardock MyColors (Version: 2.7 - Stardock Corporation) Hidden
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.17 - AsusTek Computer)
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (Version: 2.055 - The New York Times Company) Hidden
Web Assistant 2.0.0.573 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.573 - IncrediBar) <==== ATTENTION
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version: - )
Yontoo 1.10.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.02 - Yontoo LLC) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
27-07-2014 11:46:07 Windows Update
27-07-2014 12:52:12 Removed AVG 2013
27-07-2014 12:55:40 Removed AVG 2013
27-07-2014 14:30:47 Removed Façade
30-07-2014 19:04:07 Windows Update
30-07-2014 20:28:43 Removed Acrobat.com
30-07-2014 20:30:38 Removed Facebook Video Calling 2.0.0.447
30-07-2014 20:31:14 Removed Firebird SQL Server - MAGIX Edition
30-07-2014 20:33:39 Removed FontResizer
30-07-2014 20:37:01 ICQ Sparberater wird entfernt
30-07-2014 20:40:48 Removed Hotkey Service
30-07-2014 20:44:01 Removed LiveUpdate.
30-07-2014 20:46:33 Removed Microsoft Silverlight
30-07-2014 20:47:56 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
30-07-2014 22:25:36 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1731A9D0-2E85-4DA6-AB94-8DEC2B6D451D} - System32\Tasks\GinyasBrowserCompanions FireFox Watcher => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: {1C15F955-3BAF-4F38-9403-5ABAFDB489F6} - System32\Tasks\GinyasBrowserCompanions Update Checker => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: {1D273B6A-F377-4E5F-84B5-73466833A687} - System32\Tasks\GinyasBrowserCompanion Stats Report => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {3AC26CE1-FAAC-4CA4-933F-1A4A7BEE3F57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000Core => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23] (Google Inc.)
Task: {4176131F-21E9-4835-B31E-A3719243C43B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {507AD962-93DB-462D-A8C9-5254E20ECD6C} - System32\Tasks\{45369E78-DC3E-4556-B91B-58151EF25307} => Chrome.exe
Task: {53F1A6DF-F93D-45DE-9788-669A9F527A41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {61BE41AD-E80E-44B2-B32A-7360FAC33257} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {6683A2CF-CEA5-4BE5-922F-93ABCF07030D} - System32\Tasks\GinyasBrowserCompanion Update Checker => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {66CE3246-EA70-4D23-B9F1-472BC84CF734} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2011-11-19] (Systweak Inc) <==== ATTENTION
Task: {7C003877-A4F8-4271-B3E5-10894BD34BA7} - System32\Tasks\{B3F1EFB7-0F6B-4354-95DF-D7EAB1940561} => Chrome.exe
Task: {86E697F7-B804-4FF1-90B9-691B066FB397} - System32\Tasks\GinyasBrowserCompanions Chrome Watcher => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: {896A91D8-D121-45B9-A385-8F82B3649378} - System32\Tasks\GinyasBrowserCompanions Stats Report => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: {A2FE6341-29F8-479F-95F1-A8219CE39871} - System32\Tasks\{5D00A04D-C9F6-40BA-96AE-7DC3DCC5C8C1} => Chrome.exe
Task: {AA780D2E-065A-49E4-8CB0-103E2355ED6E} - System32\Tasks\GinyasBrowserCompanion Runner => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {AB2122C3-0053-4D6C-BC82-9936493BD5AE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-27] (Adobe Systems Incorporated)
Task: {C49CCEB8-BF31-47F8-A6D8-2E5E99F86201} - System32\Tasks\GinyasBrowserCompanion Chrome Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
Task: {D0E6D060-655F-40DA-9089-2A8116626CAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000UA => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23] (Google Inc.)
Task: {E814AE2A-C75D-4650-AD86-DD27D75C4119} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2011-11-19] (Systweak Inc) <==== ATTENTION
Task: {FBE700C9-255D-434F-8190-080705610AC1} - System32\Tasks\GinyasBrowserCompanion FireFox Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-02-18] (Blabbers Communications Ltd) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanion Runner.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanion Stats Report.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanion Update Checker.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanions Chrome Watcher.job => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanions FireFox Watcher.job => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanions Stats Report.job => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: C:\windows\Tasks\GinyasBrowserCompanions Update Checker.job => C:\ProgramData\GinyasBrowserCompanions\tbhcns.exe <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000Core.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000UA.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2009-06-09 10:56 - 2009-06-09 10:56 - 00099632 _____ () C:\Program Files\Stardock\MyColors\WBVista.exe
2009-06-09 10:55 - 2009-06-09 10:55 - 00057904 _____ () C:\windows\system32\wbload.dll
2012-09-10 13:10 - 2013-10-15 10:43 - 01432368 _____ () C:\windows\system32\dmwu.exe
2012-08-04 13:16 - 2012-08-23 15:40 - 00188760 _____ () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
2014-07-26 14:23 - 2014-07-26 14:23 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2014-07-26 14:23 - 2014-07-26 14:23 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2013-10-15 11:05 - 2013-10-15 11:05 - 00410416 _____ () C:\Windows\System32\jmdp\stij.exe
2013-10-15 11:03 - 2013-10-15 11:03 - 01057792 _____ () C:\Windows\System32\jmdp\lmrn.dll
2009-06-09 10:55 - 2009-06-09 10:55 - 00057904 _____ () C:\Windows\System32\wbload.dll
2013-01-03 17:30 - 2014-07-26 14:23 - 02571288 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2012-07-02 11:16 - 2012-07-02 11:16 - 00695448 _____ () C:\Users\Andrea\AppData\Roaming\BrowserCompanion\tbhcn.exe
2014-07-27 18:11 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-27 18:11 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-27 18:11 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-30 21:00 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-30 21:00 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-07-27 18:11 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stardock MyColors.lnk => C:\windows\pss\Stardock MyColors.lnk.CommonStartup
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Guard.Mail.ru.gui => "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui
MSCONFIG\startupreg: PCSpeedUp => C:\Program Files\PC Beschleunigen\PCSpeedUp.lnk
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 01:04:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0xc94
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3
Error: (07/31/2014 00:00:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0x990
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (07/30/2014 11:24:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: bd8
Startzeit: 01cfac3b7c1614bf
Endzeit: 0
Anwendungspfad: C:\windows\Explorer.EXE
Berichts-ID: c1104603-182f-11e4-99db-5404a629b83b
Error: (07/30/2014 11:16:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0xcd4
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3
Error: (07/30/2014 10:39:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel: 0x4626b2f4
Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4ee6373f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6bdfcf4e
ID des fehlerhaften Prozesses: 0x141c
Startzeit der fehlerhaften Anwendung: 0xICQ7.exe0
Pfad der fehlerhaften Anwendung: ICQ7.exe1
Pfad des fehlerhaften Moduls: ICQ7.exe2
Berichtskennung: ICQ7.exe3
Error: (07/30/2014 10:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: avgmfapx.exe, Version: 13.0.0.3480, Zeitstempel: 0x537d2383
Name des fehlerhaften Moduls: avgmfapx.exe, Version: 13.0.0.3480, Zeitstempel: 0x537d2383
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00017ec0
ID des fehlerhaften Prozesses: 0x1384
Startzeit der fehlerhaften Anwendung: 0xavgmfapx.exe0
Pfad der fehlerhaften Anwendung: avgmfapx.exe1
Pfad des fehlerhaften Moduls: avgmfapx.exe2
Berichtskennung: avgmfapx.exe3
Error: (07/30/2014 08:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel: 0x5121f458
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0x8b4
Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0
Pfad der fehlerhaften Anwendung: tbhcn.exe1
Pfad des fehlerhaften Moduls: tbhcn.exe2
Berichtskennung: tbhcn.exe3
Error: (07/30/2014 08:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/30/2014 08:29:16 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (07/30/2014 08:27:54 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (07/31/2014 01:03:53 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/31/2014 01:03:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Asus Launcher Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/31/2014 01:01:52 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error: (07/31/2014 01:01:16 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/31/2014 01:01:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Asus Launcher Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/30/2014 11:16:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/30/2014 11:15:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Asus Launcher Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/30/2014 11:15:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.07.2014 um 23:10:10 unerwartet heruntergefahren.
Error: (07/30/2014 10:04:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (07/30/2014 08:34:03 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (07/31/2014 01:04:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: tbhcn.exe1.0.0.95121f458ntdll.dll6.1.7601.18247521ea91cc000000500052d37c9401cfac4a96bffa88C:\ProgramData\GinyasBrowserCompanion\tbhcn.exeC:\windows\SYSTEM32\ntdll.dlld79bc0e1-183d-11e4-a99c-5404a629b83b
Error: (07/31/2014 00:00:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Gmer-19357.exe2.1.19357.052e7ea83Gmer-19357.exe2.1.19357.052e7ea83c00000050001229899001cfac41435e35d1C:\Users\Andrea\Downloads\Gmer-19357.exeC:\Users\Andrea\Downloads\Gmer-19357.exef5e9d28f-1834-11e4-99db-5404a629b83b
Error: (07/30/2014 11:24:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567bd801cfac3b7c1614bf0C:\windows\Explorer.EXEc1104603-182f-11e4-99db-5404a629b83b
Error: (07/30/2014 11:16:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tbhcn.exe1.0.0.95121f458ntdll.dll6.1.7601.18247521ea91cc000000500052d37cd401cfac3b7df7fb2dC:\ProgramData\GinyasBrowserCompanion\tbhcn.exeC:\windows\SYSTEM32\ntdll.dllbdf03c01-182e-11e4-99db-5404a629b83b
Error: (07/30/2014 10:39:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ICQ7.exe14.0.0.1624626b2f4MoveIt.dll_unloaded0.0.0.04ee6373fc00000056bdfcf4e141c01cfac362426aa31C:\Users\Andrea\AppData\Local\Temp\{82AF3D29-AC7C-4B2B-8B16-DFEF02C11BDA}\ICQ7.exeMoveIt.dll8ecb9d7c-1829-11e4-bda9-5404a629b83b
Error: (07/30/2014 10:25:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe13.0.0.3480537d2383avgmfapx.exe13.0.0.3480537d2383c000000500017ec0138401cfac34559c6b53C:\Program Files\AVG\AVG2013\avgmfapx.exeC:\Program Files\AVG\AVG2013\avgmfapx.exe95a10865-1827-11e4-bda9-5404a629b83b
Error: (07/30/2014 08:35:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tbhcn.exe1.0.0.95121f458ntdll.dll6.1.7601.18247521ea91cc000000500052d378b401cfac2515fb6ad8C:\ProgramData\GinyasBrowserCompanion\tbhcn.exeC:\windows\SYSTEM32\ntdll.dll584c9899-1818-11e4-bda9-5404a629b83b
Error: (07/30/2014 08:29:37 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dllC:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll0
Error: (07/30/2014 08:29:16 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dllC:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll0
Error: (07/30/2014 08:27:54 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dllC:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll0
==================== Memory info ===========================
Percentage of memory in use: 68%
Total physical RAM: 1014.18 MB
Available physical RAM: 315.08 MB
Total Pagefile: 2049.53 MB
Available Pagefile: 1055.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.19 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:69.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: DAC69C79)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
==================== End Of Log ============================
|
|
31.07.2014, 01:01
| #9 |
| | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Und noch FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2014
Ran by Andrea (administrator) on ANDREA-PC on 31-07-2014 01:45:58
Running from C:\Users\Andrea\Downloads
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Stardock Corporation) C:\Program Files\Stardock\MyColors\VistaSrv.exe
() C:\Program Files\Stardock\MyColors\WBVista.exe
() C:\Windows\System32\dmwu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Blabbers Communications Ltd) C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe
() C:\Windows\System32\jmdp\stij.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
() C:\Program Files\AVG Secure Search\vprot.exe
() C:\Users\Andrea\AppData\Roaming\BrowserCompanion\tbhcn.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-3601385101-2140175397-1978509390-1000\...\MountPoints2: {9bba8ab2-87ee-11e2-8299-5404a629b83b} - E:\Startme.exe
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2013-04-01] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll => C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll [1185208 2012-08-06] (Bandoo Media, inc)
Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
ShortcutTarget: tbhcn.lnk -> C:\Users\Andrea\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=10&cc=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7FFBF5DA-D170-40D3-91A7-55FD28DB7790}&mid=937d7987183b47d19f81854de0cd51c8-a1eab306f4f7adae3faf3915e98e941f41c4ab04&lang=de&ds=AVG&pr=pr&d=2013-01-03 16:30:22&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=109867&babsrc=SP_ss&mntrId=b2e820680000000000005404a629b83b
SearchScopes: HKCU - {23BE01D0-C186-4456-A856-F33472C1EF2D} URL = hxxp://search.softonic.com/MON00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=201
SearchScopes: HKCU - {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
SearchScopes: HKCU - {48E9923A-16C4-410A-9D2B-97CA7A6E9743} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={7FFBF5DA-D170-40D3-91A7-55FD28DB7790}&mid=937d7987183b47d19f81854de0cd51c8-a1eab306f4f7adae3faf3915e98e941f41c4ab04&lang=de&ds=AVG&pr=pr&d=2013-01-03 16:30:22&v=14.0.2.14&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=341&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyK0cewlx&i=26
BHO: Ginyas Browser Companion -> {00cbb66b-1d3b-46d3-9577-323a336acb50} -> C:\Program Files\BrowserCompanion\jsloader.dll ( )
BHO: I Want This -> {11111111-1111-1111-1111-110011221158} -> C:\Program Files\I Want This\I Want This.dll (215 Apps)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension32.dll ()
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Incredibar.com Helper Object -> {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -> C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO: BetterAds -> {BA56787C-729F-4715-8F11-EB2A16908B91} -> C:\Program Files\BetterAds\ScriptHost.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Softonic Helper Object -> {E87806B5-E908-45FD-AF5E-957D83E58E68} -> C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
BHO: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-08-04]
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
Chrome:
=======
CHR HomePage: hxxp://search.babylon.com/?AF=109867&babsrc=HP_ss&mntrId=b2e820680000000000005404a629b83b
CHR DefaultSearchKeyword: t-online-shop.de
CHR DefaultNewTabURL:
CHR Extension: (Browser Companion Helper) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf [2013-07-30]
CHR Extension: (BetterAds) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki [2013-07-30]
CHR Extension: (New tab for Chrome™) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2013-07-30]
CHR Extension: (I Want This) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk [2013-07-11]
CHR Extension: (AVG Security Toolbar) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-07-30]
CHR Extension: (Google Wallet) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files\BrowserCompanion\blabbers-ch.crx [2012-07-02]
CHR HKLM\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Andrea\AppData\Local\MediaBA\betterads.crx [2012-08-21]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-08-04]
CHR HKLM\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files\Perion\NewTab\newTab.crx [2012-08-04]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-08-04]
CHR HKLM\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Andrea\AppData\Local\I Want This\Chrome\I Want This.crx [2012-02-21]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.2.0.38\avg.crx [2013-12-09]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Andrea\AppData\Local\Temp\YontooLayers.crx [2013-12-09]
CHR StartMenuInternet: Google Chrome - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IBUpdaterService; C:\windows\system32\dmwu.exe [1432368 2013-10-15] ()
R2 vToolbarUpdater18.1.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-07-26] (AVG Secure Search)
R2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2012-08-23] () [File not signed]
R2 WindowBlinds; C:\Program Files\Stardock\MyColors\VistaSrv.exe [230704 2009-06-09] (Stardock Corporation)
S2 AsusService; C:\windows\system32\AsusService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42784 2014-07-26] (AVG Technologies)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-27] (Malwarebytes Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]
U3 uwdiqpob; \??\C:\Users\Andrea\AppData\Local\Temp\uwdiqpob.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2030-01-02 09:28 - 2010-11-20 14:40 - 00383786 __RSH () C:\bootmgr
2014-07-31 01:45 - 2014-07-31 01:46 - 00020602 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-07-31 01:40 - 2014-07-31 01:40 - 00030373 _____ () C:\Users\Andrea\Desktop\gmer log.log
2014-07-31 00:44 - 2014-07-31 00:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-31 00:19 - 2014-07-31 00:19 - 00380416 _____ () C:\Users\Andrea\Downloads\Gmer-19357.exe
2014-07-30 23:18 - 2014-07-30 23:18 - 00104960 _____ (GMER) C:\uwdiqpob.sys
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg2013
2014-07-30 22:13 - 2014-07-30 22:13 - 00566960 _____ () C:\Users\Andrea\Downloads\setup.exe
2014-07-30 20:21 - 2014-07-31 01:46 - 00000000 ____D () C:\FRST
2014-07-30 20:19 - 2014-07-30 20:20 - 01084928 _____ (Farbar) C:\Users\Andrea\Downloads\FRST.exe
2014-07-27 18:34 - 2014-07-27 18:34 - 00095968 _____ () C:\Users\Andrea\Desktop\Malewarebytes log 1. scan.7z
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-27 17:45 - 2014-07-27 17:45 - 01110476 _____ () C:\Users\Andrea\Downloads\7z920.exe
2014-07-27 15:11 - 2014-03-31 09:35 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-07-27 14:52 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-27 14:52 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-07-27 14:43 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-27 14:43 - 2014-01-01 01:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-07-27 14:42 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-07-27 14:42 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-07-27 14:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-07-27 14:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-07-27 14:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2014-07-27 14:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-27 14:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-07-27 14:42 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-07-27 14:41 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-27 14:41 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-27 14:41 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-07-27 14:41 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-07-27 14:41 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-07-27 14:41 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-07-27 14:41 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-07-27 14:41 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-07-27 14:41 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-07-27 14:41 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-07-27 14:41 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-07-27 14:41 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-07-27 14:39 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-27 14:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-27 13:58 - 2014-07-27 13:58 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 13:57 - 2014-07-27 13:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-27 13:57 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-27 13:57 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-27 13:57 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-27 13:54 - 2014-07-27 13:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 13:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-27 13:13 - 2014-07-27 13:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-07-27 13:13 - 2014-07-27 13:13 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-07-27 13:13 - 2014-07-27 13:13 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-07-27 13:13 - 2014-07-27 13:13 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-27 13:12 - 2014-07-27 13:12 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-27 13:08 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-07-27 13:08 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-07-27 13:07 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-07-27 13:07 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-07-27 13:07 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-07-26 15:13 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-26 15:13 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-07-26 15:13 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-07-26 15:13 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-07-26 15:13 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-07-26 15:13 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-07-26 15:13 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-07-26 15:13 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-07-26 15:13 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-07-26 15:13 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-07-26 15:13 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-07-26 15:13 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-07-26 15:13 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-07-26 15:13 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-07-26 15:13 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-07-26 15:13 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-07-26 15:06 - 2014-07-26 15:06 - 00000000 _____ () C:\windows\system32\shoCBC7.tmp
2014-07-26 15:01 - 2014-07-26 15:01 - 00000000 ____D () C:\windows\pss
2014-07-26 14:28 - 2014-07-26 14:28 - 06010880 _____ () C:\Program Files\GUTC64B.tmp
2014-07-26 14:28 - 2014-07-26 14:28 - 00000000 ____D () C:\Program Files\GUMC63B.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2030-01-02 09:28 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG
2030-01-02 09:28 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template
2014-07-31 01:46 - 2014-07-31 01:45 - 00020602 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-07-31 01:46 - 2014-07-30 20:21 - 00000000 ____D () C:\FRST
2014-07-31 01:40 - 2014-07-31 01:40 - 00030373 _____ () C:\Users\Andrea\Desktop\gmer log.log
2014-07-31 01:40 - 2013-01-26 16:40 - 00001052 _____ () C:\windows\Tasks\GinyasBrowserCompanions Stats Report.job
2014-07-31 01:38 - 2013-02-18 19:38 - 00000992 _____ () C:\windows\Tasks\GinyasBrowserCompanion Runner.job
2014-07-31 01:37 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-07-31 01:34 - 2012-08-17 22:29 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BrowserCompanion
2014-07-31 01:24 - 2013-02-18 19:38 - 00000924 _____ () C:\windows\Tasks\GinyasBrowserCompanion Update Checker.job
2014-07-31 01:20 - 2013-02-18 19:37 - 00001040 _____ () C:\windows\Tasks\GinyasBrowserCompanion Stats Report.job
2014-07-31 01:12 - 2011-12-15 00:12 - 01624075 _____ () C:\windows\WindowsUpdate.log
2014-07-31 01:11 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 01:11 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 01:05 - 2012-04-15 14:17 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 01:05 - 2012-02-23 21:11 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000UA.job
2014-07-31 01:04 - 2013-02-18 19:37 - 00000992 _____ () C:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
2014-07-31 01:04 - 2013-02-18 19:37 - 00000992 _____ () C:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
2014-07-31 01:04 - 2013-02-03 13:59 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 01:04 - 2013-01-26 16:40 - 00000936 _____ () C:\windows\Tasks\GinyasBrowserCompanions Update Checker.job
2014-07-31 01:04 - 2013-01-26 16:39 - 00001004 _____ () C:\windows\Tasks\GinyasBrowserCompanions FireFox Watcher.job
2014-07-31 01:04 - 2013-01-26 16:39 - 00001004 _____ () C:\windows\Tasks\GinyasBrowserCompanions Chrome Watcher.job
2014-07-31 01:03 - 2013-12-10 18:14 - 00001649 _____ () C:\windows\setupact.log
2014-07-31 01:03 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-31 01:03 - 2009-07-14 06:33 - 00289664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-31 01:01 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-07-31 01:00 - 2013-12-10 18:13 - 00024444 _____ () C:\windows\PFRO.log
2014-07-31 00:51 - 2009-07-27 12:11 - 01674742 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-31 00:44 - 2014-07-31 00:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-31 00:32 - 2013-08-24 00:26 - 00000000 ____D () C:\windows\system32\MRT
2014-07-31 00:19 - 2014-07-31 00:19 - 00380416 _____ () C:\Users\Andrea\Downloads\Gmer-19357.exe
2014-07-31 00:02 - 2013-02-03 13:59 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 23:26 - 2012-02-01 19:38 - 00001414 _____ () C:\Users\Andrea\Desktop\Registry kostenlos entrümpeln!.lnk
2014-07-30 23:26 - 2012-01-26 00:26 - 00000274 _____ () C:\windows\Tasks\RegClean Pro_UPDATES.job
2014-07-30 23:21 - 2012-03-30 18:21 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Facebook
2014-07-30 23:18 - 2014-07-30 23:18 - 00104960 _____ (GMER) C:\uwdiqpob.sys
2014-07-30 23:15 - 2011-04-02 04:40 - 00000000 ____D () C:\Program Files\Intel
2014-07-30 22:50 - 2013-07-11 16:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-30 22:45 - 2011-04-02 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-30 22:41 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus
2014-07-30 22:41 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-30 22:36 - 2011-04-02 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Park
2014-07-30 22:32 - 2012-04-25 20:31 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-07-30 22:29 - 2011-04-02 04:51 - 00000000 ____D () C:\Program Files\Adobe
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Avg2013
2014-07-30 22:24 - 2011-12-14 09:46 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-30 22:13 - 2014-07-30 22:13 - 00566960 _____ () C:\Users\Andrea\Downloads\setup.exe
2014-07-30 20:20 - 2014-07-30 20:19 - 01084928 _____ (Farbar) C:\Users\Andrea\Downloads\FRST.exe
2014-07-27 18:34 - 2014-07-27 18:34 - 00095968 _____ () C:\Users\Andrea\Desktop\Malewarebytes log 1. scan.7z
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-27 17:45 - 2014-07-27 17:45 - 01110476 _____ () C:\Users\Andrea\Downloads\7z920.exe
2014-07-27 17:43 - 2013-01-03 17:30 - 00000000 ____D () C:\Users\Andrea\AppData\Local\AVG Secure Search
2014-07-27 16:34 - 2013-01-06 21:18 - 00000000 ____D () C:\Facade
2014-07-27 15:05 - 2012-02-23 21:11 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000Core.job
2014-07-27 15:02 - 2012-01-26 00:26 - 00000266 _____ () C:\windows\Tasks\RegClean Pro_DEFAULT.job
2014-07-27 14:55 - 2013-01-03 17:19 - 00000000 ____D () C:\ProgramData\AVG2013
2014-07-27 14:55 - 2012-08-31 10:21 - 00000000 ___HD () C:\$AVG
2014-07-27 14:06 - 2012-04-15 14:17 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-27 14:06 - 2011-12-14 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-27 13:58 - 2014-07-27 13:58 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 13:57 - 2014-07-27 13:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-27 13:55 - 2014-07-27 13:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 13:29 - 2013-12-15 15:09 - 00018872 _____ () C:\windows\IE11_main.log
2014-07-27 13:13 - 2014-07-27 13:13 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-27 13:13 - 2014-07-27 13:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-07-27 13:13 - 2014-07-27 13:13 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-07-27 13:13 - 2014-07-27 13:13 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-07-27 13:13 - 2014-07-27 13:13 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-27 13:12 - 2014-07-27 13:12 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-26 15:16 - 2013-02-03 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-26 15:06 - 2014-07-26 15:06 - 00000000 _____ () C:\windows\system32\shoCBC7.tmp
2014-07-26 15:01 - 2014-07-26 15:01 - 00000000 ____D () C:\windows\pss
2014-07-26 14:38 - 2011-12-14 09:17 - 00000000 ____D () C:\Users\Andrea
2014-07-26 14:34 - 2012-01-26 00:33 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Google
2014-07-26 14:32 - 2011-12-27 23:16 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
2014-07-26 14:28 - 2014-07-26 14:28 - 06010880 _____ () C:\Program Files\GUTC64B.tmp
2014-07-26 14:28 - 2014-07-26 14:28 - 00000000 ____D () C:\Program Files\GUMC63B.tmp
2014-07-26 14:28 - 2011-12-25 00:13 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Skype
2014-07-26 14:23 - 2013-01-03 17:30 - 00042784 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
2014-07-26 14:23 - 2013-01-03 17:30 - 00000000 ____D () C:\Program Files\AVG Secure Search
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-10-20 19:33
==================== End Of Log ============================
|
|
31.07.2014, 08:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2014, 19:08
| #11 |
| | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... adw cleaner: Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 31/07/2014 um 15:04:40
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzername : Andrea - ANDREA-PC
# Gestartet von : C:\Users\Andrea\Downloads\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : IBUpdaterService
Dienst Gelöscht : vToolbarUpdater18.1.7
Dienst Gelöscht : Web Assistant Updater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\GinyasBrowserCompanion
Ordner Gelöscht : C:\ProgramData\GinyasBrowserCompanions
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\BetterAds
Ordner Gelöscht : C:\Program Files\BrowserCompanion
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\GinyasBrowserCompanions
Ordner Gelöscht : C:\Program Files\I Want This
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\incredibar.com
Ordner Gelöscht : C:\Program Files\Perion
Ordner Gelöscht : C:\Program Files\Searchqu Toolbar
Ordner Gelöscht : C:\Program Files\Softonic
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\windows\system32\ARFC
Ordner Gelöscht : C:\windows\system32\jmdp
Ordner Gelöscht : C:\windows\system32\WNLT
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\I Want This
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\MediaBA
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Andrea\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Andrea\AppData\Roaming\Babylon
[!] Ordner Gelöscht : C:\Users\Andrea\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Andrea\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Andrea\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Andrea\Music\Documents\PCSpeedUp
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cacclhdpfoingihegojhoipnihfnoaki
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Ordner Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\windows\system32\dmwu.exe
Datei Gelöscht : C:\windows\system32\ImhxxpComm.dll
Datei Gelöscht : C:\windows\system32\roboot.exe
Datei Gelöscht : C:\Users\Andrea\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tasks ] *****
Task Gelöscht : GinyasBrowserCompanion Chrome Watcher
Task Gelöscht : GinyasBrowserCompanion FireFox Watcher
Task Gelöscht : GinyasBrowserCompanion Runner
Task Gelöscht : GinyasBrowserCompanion Stats Report
Task Gelöscht : GinyasBrowserCompanion Update Checker
Task Gelöscht : GinyasBrowserCompanions Chrome Watcher
Task Gelöscht : GinyasBrowserCompanions FireFox Watcher
Task Gelöscht : GinyasBrowserCompanions Stats Report
Task Gelöscht : GinyasBrowserCompanions Update Checker
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cacclhdpfoingihegojhoipnihfnoaki
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BetterAds.ScriptHostObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BetterAds.ScriptHostObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\dmwu_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.FBApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0002258.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_f-e-a-r-2-project-origin_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_f-e-a-r-2-project-origin_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_forget-me-not-annie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_forget-me-not-annie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-booth-fur-windows-7_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-booth-fur-windows-7_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scp-087-b_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_scp-087-b_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9173F089-1A84-4023-B972-55A6EE7103B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA56787C-729F-4715-8F11-EB2A16908B91}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022222258}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033223358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13A9E13B-139B-48D1-B698-9C3DFF726345}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA56787C-729F-4715-8F11-EB2A16908B91}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA56787C-729F-4715-8F11-EB2A16908B91}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA56787C-729F-4715-8F11-EB2A16908B91}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7176D1CD-2B68-4ADB-9EB5-7DA79194ECA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{599394D1-8363-46A7-87EA-DE3818B9257D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\I Want This
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\simplitec
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\Software\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\ybwtr2ec.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=341&systemid=406&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={7FFBF5DA-D170-40D3-91A7-55FD28DB7790}&mid=937d7987183b47d19f81854de0cd51c8-a1eab306f4f7adae3faf3915e98e941f41c4ab04&lang=de&ds=AVG&pr=pr&d=2013-01-03 16:30:22&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
Gelöscht [Homepage] : hxxp://search.babylon.com/?AF=109867&babsrc=HP_ss&mntrId=b2e820680000000000005404a629b83b
Gelöscht [Extension] : bodddioamolcibagionmmobehnbhiakf
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : cacclhdpfoingihegojhoipnihfnoaki
Gelöscht [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
Gelöscht [Extension] : mpfapcdfbbledbojijcbcclmlieaoogk
Gelöscht [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
*************************
AdwCleaner[R0].txt - [47875 octets] - [31/07/2014 14:50:28]
AdwCleaner[R1].txt - [47574 octets] - [31/07/2014 14:59:33]
AdwCleaner[S0].txt - [46078 octets] - [31/07/2014 15:04:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [46139 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Andrea on 31.07.2014 at 19:23:50,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601385101-2140175397-1978509390-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044224458}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440044224458}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23BE01D0-C186-4456-A856-F33472C1EF2D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{48E9923A-16C4-410A-9D2B-97CA7A6E9743}
~~~ Files
Successfully deleted: [File] "C:\Users\Andrea\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] C:\windows\system32\sho16EB.tmp
Successfully deleted: [File] C:\windows\system32\sho48F3.tmp
Successfully deleted: [File] C:\windows\system32\sho4927.tmp
Successfully deleted: [File] C:\windows\system32\sho842D.tmp
Successfully deleted: [File] C:\windows\system32\sho9BA5.tmp
Successfully deleted: [File] C:\windows\system32\shoAB52.tmp
Successfully deleted: [File] C:\windows\system32\shoB23F.tmp
Successfully deleted: [File] C:\windows\system32\shoB28D.tmp
Successfully deleted: [File] C:\windows\system32\shoBD98.tmp
Successfully deleted: [File] C:\windows\system32\shoCBC7.tmp
Successfully deleted: [File] C:\windows\system32\shoD01B.tmp
Successfully deleted: [File] C:\windows\system32\shoF1FE.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\simplitec"
Successfully deleted: [Folder] "C:\Users\Andrea\AppData\Roaming\simplitec"
Successfully deleted: [Folder] "C:\Program Files\simplitec"
~~~ FireFox
Successfully deleted: [File] C:\user.js
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.07.2014 at 19:32:06,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2014
Ran by Andrea (administrator) on ANDREA-PC on 31-07-2014 19:59:50
Running from C:\Users\Andrea\Desktop
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Stardock Corporation) C:\Program Files\Stardock\MyColors\VistaSrv.exe
() C:\Program Files\Stardock\MyColors\WBVista.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Boingo Wireless, Inc.) C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKU\S-1-5-21-3601385101-2140175397-1978509390-1000\...\MountPoints2: {9bba8ab2-87ee-11e2-8299-5404a629b83b} - E:\Startme.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\ybwtr2ec.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 - C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-31]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: t-online-shop.de
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-31]
CHR StartMenuInternet: Google Chrome - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-31] (AVAST Software)
R2 WindowBlinds; C:\Program Files\Stardock\MyColors\VistaSrv.exe [230704 2009-06-09] (Stardock Corporation)
S2 AsusService; C:\windows\system32\AsusService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24184 2014-07-31] ()
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-07-31] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81768 2014-07-31] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2014-07-31] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [779536 2014-07-31] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [414520 2014-07-31] (AVAST Software)
R2 aswStm; C:\windows\system32\drivers\aswStm.sys [71944 2014-07-31] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [192352 2014-07-31] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42784 2014-07-26] (AVG Technologies)
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-27] (Malwarebytes Corporation)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\drivers\btwrchid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2030-01-02 09:28 - 2010-11-20 14:40 - 00383786 __RSH () C:\bootmgr
2014-07-31 19:59 - 2014-07-31 20:02 - 00011847 _____ () C:\Users\Andrea\Desktop\FRST.txt
2014-07-31 19:42 - 2014-07-31 19:42 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\AVAST Software
2014-07-31 19:41 - 2014-07-31 19:41 - 00002123 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-31 19:41 - 2014-07-31 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-31 19:40 - 2014-07-31 19:40 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00276432 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-31 19:40 - 2014-07-31 19:40 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-31 19:40 - 2014-07-31 19:40 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-31 19:39 - 2014-07-31 19:39 - 03453210 _____ () C:\Users\Andrea\Downloads\avg_remover4116.zip
2014-07-31 19:38 - 2014-07-31 19:38 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-31 19:34 - 2014-07-31 19:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-31 19:32 - 2014-07-31 19:32 - 00002484 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-07-31 19:23 - 2014-07-31 19:23 - 00000000 ____D () C:\windows\ERUNT
2014-07-31 19:20 - 2014-07-31 19:21 - 01016261 _____ (Thisisu) C:\Users\Andrea\Downloads\JRT.exe
2014-07-31 15:09 - 2014-07-31 15:12 - 91906368 _____ (AVAST Software) C:\Users\Andrea\Downloads\avast_free_antivirus_setup_9.0.2021 (1).exe
2014-07-31 15:09 - 2014-07-31 15:10 - 32047680 _____ () C:\Users\Andrea\Downloads\Firefox_Setup_de31.0 (1).exe
2014-07-31 15:01 - 2014-07-31 15:04 - 91906368 _____ (AVAST Software) C:\Users\Andrea\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-07-31 14:56 - 2014-07-31 14:56 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-31 14:56 - 2014-07-31 14:56 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-31 14:56 - 2014-07-31 14:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-31 14:53 - 2014-07-31 14:54 - 32047680 _____ () C:\Users\Andrea\Downloads\Firefox_Setup_de31.0.exe
2014-07-31 14:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\system32\sqlite3.dll
2014-07-31 14:49 - 2014-07-31 15:05 - 00000000 ____D () C:\AdwCleaner
2014-07-31 14:48 - 2014-07-31 14:48 - 01361309 _____ () C:\Users\Andrea\Downloads\adwcleaner_3.302.exe
2014-07-31 01:48 - 2014-07-31 01:49 - 00042218 _____ () C:\Users\Andrea\Downloads\Addition.txt
2014-07-31 01:45 - 2014-07-31 01:49 - 00052522 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-07-31 01:40 - 2014-07-31 01:40 - 00030373 _____ () C:\Users\Andrea\Desktop\gmer log.log
2014-07-31 00:44 - 2014-07-31 00:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-31 00:19 - 2014-07-31 00:19 - 00380416 _____ () C:\Users\Andrea\Downloads\Gmer-19357.exe
2014-07-30 23:18 - 2014-07-30 23:18 - 00104960 _____ (GMER) C:\uwdiqpob.sys
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-07-30 22:13 - 2014-07-30 22:13 - 00566960 _____ () C:\Users\Andrea\Downloads\setup.exe
2014-07-30 20:21 - 2014-07-31 20:00 - 00000000 ____D () C:\FRST
2014-07-30 20:19 - 2014-07-30 20:20 - 01084928 _____ (Farbar) C:\Users\Andrea\Desktop\FRST.exe
2014-07-27 18:34 - 2014-07-27 18:34 - 00095968 _____ () C:\Users\Andrea\Desktop\Malewarebytes log 1. scan.7z
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-27 17:45 - 2014-07-27 17:45 - 01110476 _____ () C:\Users\Andrea\Downloads\7z920.exe
2014-07-27 15:11 - 2014-03-31 09:35 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-07-27 14:52 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-27 14:52 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-07-27 14:43 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-27 14:43 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-27 14:43 - 2014-01-01 01:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-07-27 14:42 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-07-27 14:42 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-07-27 14:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-07-27 14:42 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-07-27 14:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2014-07-27 14:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-27 14:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-07-27 14:42 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-07-27 14:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-07-27 14:41 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-27 14:41 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-27 14:41 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-07-27 14:41 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-07-27 14:41 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-07-27 14:41 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-07-27 14:41 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-07-27 14:41 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-07-27 14:41 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-07-27 14:41 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-07-27 14:41 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-07-27 14:41 - 2013-11-26 13:11 - 00240576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-07-27 14:39 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-27 14:38 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-27 13:58 - 2014-07-27 13:58 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 13:57 - 2014-07-27 13:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-27 13:57 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-27 13:57 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-27 13:57 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-07-27 13:54 - 2014-07-27 13:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 13:50 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-27 13:13 - 2014-07-27 13:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-07-27 13:13 - 2014-07-27 13:13 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-07-27 13:13 - 2014-07-27 13:13 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-07-27 13:13 - 2014-07-27 13:13 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-27 13:12 - 2014-07-27 13:12 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-27 13:08 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-07-27 13:08 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-07-27 13:07 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-07-27 13:07 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-07-27 13:07 - 2013-11-27 03:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-07-27 13:07 - 2013-11-27 03:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-07-26 15:13 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-26 15:13 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-07-26 15:13 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-07-26 15:13 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-07-26 15:13 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-07-26 15:13 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-07-26 15:13 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-07-26 15:13 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-07-26 15:13 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-07-26 15:13 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-07-26 15:13 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-07-26 15:13 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-07-26 15:13 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-07-26 15:13 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-07-26 15:13 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-07-26 15:13 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-07-26 15:01 - 2014-07-26 15:01 - 00000000 ____D () C:\windows\pss
2014-07-26 14:28 - 2014-07-26 14:28 - 06010880 _____ () C:\Program Files\GUTC64B.tmp
2014-07-26 14:28 - 2014-07-26 14:28 - 00000000 ____D () C:\Program Files\GUMC63B.tmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2030-01-02 09:28 - 2009-07-14 06:57 - 00029696 ___SH () C:\windows\system32\config\BCD-Template.LOG
2030-01-02 09:28 - 2009-07-14 06:52 - 00032768 _____ () C:\windows\system32\config\BCD-Template
2014-07-31 20:02 - 2014-07-31 19:59 - 00011847 _____ () C:\Users\Andrea\Desktop\FRST.txt
2014-07-31 20:02 - 2013-02-03 13:59 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 20:00 - 2014-07-30 20:21 - 00000000 ____D () C:\FRST
2014-07-31 19:57 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 19:57 - 2009-07-14 06:34 - 00009696 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 19:56 - 2011-12-15 00:12 - 01698591 _____ () C:\windows\WindowsUpdate.log
2014-07-31 19:51 - 2013-02-03 13:59 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 19:49 - 2013-12-10 18:14 - 00002041 _____ () C:\windows\setupact.log
2014-07-31 19:49 - 2013-12-10 18:13 - 00025510 _____ () C:\windows\PFRO.log
2014-07-31 19:49 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-31 19:42 - 2014-07-31 19:42 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\AVAST Software
2014-07-31 19:41 - 2014-07-31 19:41 - 00002123 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-31 19:41 - 2014-07-31 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-31 19:40 - 2014-07-31 19:40 - 00779536 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00414520 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00276432 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-31 19:40 - 2014-07-31 19:40 - 00192352 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00081768 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00071944 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00049944 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-31 19:40 - 2014-07-31 19:40 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-31 19:40 - 2014-07-31 19:40 - 00024184 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-31 19:39 - 2014-07-31 19:39 - 03453210 _____ () C:\Users\Andrea\Downloads\avg_remover4116.zip
2014-07-31 19:38 - 2014-07-31 19:38 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-31 19:38 - 2014-07-31 19:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-31 19:32 - 2014-07-31 19:32 - 00002484 _____ () C:\Users\Andrea\Desktop\JRT.txt
2014-07-31 19:23 - 2014-07-31 19:23 - 00000000 ____D () C:\windows\ERUNT
2014-07-31 19:21 - 2014-07-31 19:20 - 01016261 _____ (Thisisu) C:\Users\Andrea\Downloads\JRT.exe
2014-07-31 15:12 - 2014-07-31 15:09 - 91906368 _____ (AVAST Software) C:\Users\Andrea\Downloads\avast_free_antivirus_setup_9.0.2021 (1).exe
2014-07-31 15:10 - 2014-07-31 15:09 - 32047680 _____ () C:\Users\Andrea\Downloads\Firefox_Setup_de31.0 (1).exe
2014-07-31 15:05 - 2014-07-31 14:49 - 00000000 ____D () C:\AdwCleaner
2014-07-31 15:05 - 2012-04-15 14:17 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 15:05 - 2012-02-23 21:11 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000UA.job
2014-07-31 15:05 - 2012-02-23 21:11 - 00001072 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000Core.job
2014-07-31 15:04 - 2014-07-31 15:01 - 91906368 _____ (AVAST Software) C:\Users\Andrea\Downloads\avast_free_antivirus_setup_9.0.2021.exe
2014-07-31 15:04 - 2011-12-29 05:06 - 00000000 ____D () C:\ProgramData\ICQ
2014-07-31 14:57 - 2011-12-14 09:55 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Mozilla
2014-07-31 14:56 - 2014-07-31 14:56 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-31 14:56 - 2014-07-31 14:56 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-31 14:56 - 2014-07-31 14:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-31 14:55 - 2013-07-11 16:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-31 14:54 - 2014-07-31 14:53 - 32047680 _____ () C:\Users\Andrea\Downloads\Firefox_Setup_de31.0.exe
2014-07-31 14:48 - 2014-07-31 14:48 - 01361309 _____ () C:\Users\Andrea\Downloads\adwcleaner_3.302.exe
2014-07-31 14:43 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-07-31 14:34 - 2011-12-25 00:13 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Skype
2014-07-31 01:49 - 2014-07-31 01:48 - 00042218 _____ () C:\Users\Andrea\Downloads\Addition.txt
2014-07-31 01:49 - 2014-07-31 01:45 - 00052522 _____ () C:\Users\Andrea\Downloads\FRST.txt
2014-07-31 01:40 - 2014-07-31 01:40 - 00030373 _____ () C:\Users\Andrea\Desktop\gmer log.log
2014-07-31 01:37 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-07-31 01:03 - 2009-07-14 06:33 - 00289664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-31 01:01 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-07-31 00:51 - 2009-07-27 12:11 - 01674742 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-31 00:44 - 2014-07-31 00:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-07-31 00:32 - 2013-08-24 00:26 - 00000000 ____D () C:\windows\system32\MRT
2014-07-31 00:19 - 2014-07-31 00:19 - 00380416 _____ () C:\Users\Andrea\Downloads\Gmer-19357.exe
2014-07-30 23:21 - 2012-03-30 18:21 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Facebook
2014-07-30 23:18 - 2014-07-30 23:18 - 00104960 _____ (GMER) C:\uwdiqpob.sys
2014-07-30 23:15 - 2011-04-02 04:40 - 00000000 ____D () C:\Program Files\Intel
2014-07-30 22:45 - 2011-04-02 04:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-07-30 22:41 - 2011-04-02 04:48 - 00000000 ____D () C:\Program Files\Asus
2014-07-30 22:41 - 2011-04-02 04:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-30 22:36 - 2011-04-02 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Park
2014-07-30 22:32 - 2012-04-25 20:31 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-07-30 22:29 - 2011-04-02 04:51 - 00000000 ____D () C:\Program Files\Adobe
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieUserList
2014-07-30 22:24 - 2014-07-30 22:24 - 00000000 __SHD () C:\Users\Andrea\AppData\Local\EmieSiteList
2014-07-30 22:13 - 2014-07-30 22:13 - 00566960 _____ () C:\Users\Andrea\Downloads\setup.exe
2014-07-30 20:20 - 2014-07-30 20:19 - 01084928 _____ (Farbar) C:\Users\Andrea\Desktop\FRST.exe
2014-07-27 18:34 - 2014-07-27 18:34 - 00095968 _____ () C:\Users\Andrea\Desktop\Malewarebytes log 1. scan.7z
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-27 17:46 - 2014-07-27 17:46 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-27 17:45 - 2014-07-27 17:45 - 01110476 _____ () C:\Users\Andrea\Downloads\7z920.exe
2014-07-27 16:34 - 2013-01-06 21:18 - 00000000 ____D () C:\Facade
2014-07-27 14:06 - 2012-04-15 14:17 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-27 14:06 - 2011-12-14 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-27 13:58 - 2014-07-27 13:58 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-27 13:57 - 2014-07-27 13:57 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-27 13:57 - 2014-07-27 13:57 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-27 13:55 - 2014-07-27 13:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-27 13:29 - 2013-12-15 15:09 - 00018872 _____ () C:\windows\IE11_main.log
2014-07-27 13:13 - 2014-07-27 13:13 - 02179072 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-27 13:13 - 2014-07-27 13:13 - 01791488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01139200 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 01068032 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00704512 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-07-27 13:13 - 2014-07-27 13:13 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-07-27 13:13 - 2014-07-27 13:13 - 00240824 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00239616 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00233472 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00182272 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-07-27 13:13 - 2014-07-27 13:13 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-07-27 13:13 - 2014-07-27 13:13 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-27 13:13 - 2014-07-27 13:13 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 17276416 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 11742208 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 04254720 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-27 13:12 - 2014-07-27 13:12 - 00610304 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00592896 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00442368 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00074240 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-07-27 13:12 - 2014-07-27 13:12 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-07-27 13:12 - 2014-07-27 13:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-26 15:16 - 2013-02-03 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-26 15:01 - 2014-07-26 15:01 - 00000000 ____D () C:\windows\pss
2014-07-26 14:38 - 2011-12-14 09:17 - 00000000 ____D () C:\Users\Andrea
2014-07-26 14:34 - 2012-01-26 00:33 - 00000000 ____D () C:\Users\Andrea\AppData\Local\Google
2014-07-26 14:32 - 2011-12-27 23:16 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\DVDVideoSoft
2014-07-26 14:28 - 2014-07-26 14:28 - 06010880 _____ () C:\Program Files\GUTC64B.tmp
2014-07-26 14:28 - 2014-07-26 14:28 - 00000000 ____D () C:\Program Files\GUMC63B.tmp
2014-07-26 14:23 - 2013-01-03 17:30 - 00042784 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx86.sys
Some content of TEMP:
====================
C:\Users\Andrea\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-10-20 19:33
==================== End Of Log ============================
--- --- --- |
|
31.07.2014, 20:07
| #12 |
| | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Hier die letzte Logdatei und vielen Dank für die bisherige Hilfe! addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-07-2014
Ran by Andrea at 2014-07-31 20:03:29
Running from C:\Users\Andrea\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
ASUSUpdate for Eee PC (HKLM\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 1.06.02 - ASUSTeK Computer Inc.)
AsusVibe2.0 (HKLM\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
BetterAds (HKLM\...\BetterAds) (Version: 1.5 - BetterAds.org)
Boingo Wi-Fi (HKLM\...\{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}) (Version: 1.7.0048 - Boingo Wireless, Inc.)
CapsHook (HKLM\...\{4B5092B6-F231-4D18-83BC-2618B729CA45}) (Version: 1.0.0.7 - AsusTek Computer)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Chicken Invaders 2 (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
E-Cam (HKLM\...\{185AFA7A-F63E-450B-94AA-011CAC18090E}) (Version: 2.0.3.0 - AzureWave)
Eee Docking 3.8.3 (HKLM\...\Eee Docking_is1) (Version: 3.8.3 - ASUSTek Computer Inc.)
EeeSplendid (HKLM\...\{6333FC29-BFE5-4024-AC78-958A1A7555D1}) (Version: 5.1.2.0011 - ASUS)
EeeSplendid (Version: 5.1.2.0011 - ASUS) Hidden
ETDWare PS/2-x86 7.0.5.13_WHQL (HKLM\...\Elantech) (Version: 7.0.5.13 - ELAN Microelectronics Corp.)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
InstantOn (HKLM\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 1.0.2 - ASUS)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.14.10.2117 - Intel Corporation)
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LocaleMe (HKLM\...\{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}) (Version: 1.3 - ASUS)
LogonStudio (HKLM\...\{5C46518A-F797-4973-A257-F3F60F2FC61E}) (Version: 1.51.12 - Stardock)
MAGIX Foto Manager MX (HKLM\...\MAGIX_{30D2BC25-D905-48FE-AA2C-98E11AC3A081}) (Version: 9.0.1.238 - MAGIX AG)
MAGIX Foto Manager MX (Version: 9.0.1.238 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{6662A179-33A4-407D-B57D-736E6BF765B1}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Raccolta foto (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.1.0 - Ralink)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0159 - REALTEK Semiconductor Corp.)
simplitec simplicheck (HKLM\...\{B73AFF76-53AD-464D-93D5-5A4E6CAAB893}) (Version: 1.2.3.0 - simplitec GmbH)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stardock MyColors (HKLM\...\Stardock MyColors) (Version: 2.7 - Stardock Corporation)
Stardock MyColors (Version: 2.7 - Stardock Corporation) Hidden
Super Hybrid Engine (HKLM\...\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}) (Version: 2.17 - AsusTek Computer)
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (Version: 2.055 - The New York Times Company) Hidden
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) (HKLM\...\B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE) (Version: 07/17/2009 6.2.0.9403 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) (HKLM\...\B5C82F3814F82FB37F1513B3185399BD88892B08) (Version: 07/29/2009 6.1.7100.0 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Xvid MPEG-4 Video Codec (HKLM\...\Xvid_is1) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice 4\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll No File
CustomCLSID: HKU\S-1-5-21-3601385101-2140175397-1978509390-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
27-07-2014 11:46:07 Windows Update
27-07-2014 12:52:12 Removed AVG 2013
27-07-2014 12:55:40 Removed AVG 2013
27-07-2014 14:30:47 Removed Façade
30-07-2014 19:04:07 Windows Update
30-07-2014 20:28:43 Removed Acrobat.com
30-07-2014 20:30:38 Removed Facebook Video Calling 2.0.0.447
30-07-2014 20:31:14 Removed Firebird SQL Server - MAGIX Edition
30-07-2014 20:33:39 Removed FontResizer
30-07-2014 20:37:01 ICQ Sparberater wird entfernt
30-07-2014 20:40:48 Removed Hotkey Service
30-07-2014 20:44:01 Removed LiveUpdate.
30-07-2014 20:46:33 Removed Microsoft Silverlight
30-07-2014 20:47:56 Removed Microsoft SQL Server 2005 Compact Edition [ENU]
30-07-2014 22:25:36 Windows Update
31-07-2014 17:36:48 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {279B68EC-7C77-4746-B43C-53E129272508} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-31] (AVAST Software)
Task: {3AC26CE1-FAAC-4CA4-933F-1A4A7BEE3F57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000Core => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23] (Google Inc.)
Task: {4176131F-21E9-4835-B31E-A3719243C43B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {507AD962-93DB-462D-A8C9-5254E20ECD6C} - System32\Tasks\{45369E78-DC3E-4556-B91B-58151EF25307} => Chrome.exe
Task: {53F1A6DF-F93D-45DE-9788-669A9F527A41} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {61BE41AD-E80E-44B2-B32A-7360FAC33257} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {7C003877-A4F8-4271-B3E5-10894BD34BA7} - System32\Tasks\{B3F1EFB7-0F6B-4354-95DF-D7EAB1940561} => Chrome.exe
Task: {A2FE6341-29F8-479F-95F1-A8219CE39871} - System32\Tasks\{5D00A04D-C9F6-40BA-96AE-7DC3DCC5C8C1} => Chrome.exe
Task: {AB2122C3-0053-4D6C-BC82-9936493BD5AE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-27] (Adobe Systems Incorporated)
Task: {D0E6D060-655F-40DA-9089-2A8116626CAE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000UA => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000Core.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3601385101-2140175397-1978509390-1000UA.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-06-09 10:56 - 2009-06-09 10:56 - 00099632 _____ () C:\Program Files\Stardock\MyColors\WBVista.exe
2009-06-09 10:55 - 2009-06-09 10:55 - 00057904 _____ () C:\windows\system32\wbload.dll
2014-07-31 19:39 - 2014-07-31 19:39 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-31 19:48 - 2014-07-31 19:48 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073100\algo.dll
2009-06-09 10:55 - 2009-06-09 10:55 - 00057904 _____ () C:\Windows\System32\wbload.dll
2014-07-31 19:39 - 2014-07-31 19:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-27 18:11 - 2014-07-15 11:24 - 08537928 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-27 18:11 - 2014-07-15 11:24 - 00353096 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-27 18:11 - 2014-07-15 11:24 - 01732936 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-30 21:00 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-30 21:00 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-07-27 18:11 - 2014-07-15 11:24 - 14664008 _____ () C:\Users\Andrea\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk => C:\windows\pss\AsusVibeLauncher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stardock MyColors.lnk => C:\windows\pss\Stardock MyColors.lnk.CommonStartup
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: Eee Docking => C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Andrea\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Guard.Mail.ru.gui => "C:\Program Files\Guard-ICQ\GuardICQ.exe" /gui
MSCONFIG\startupreg: PCSpeedUp => C:\Program Files\PC Beschleunigen\PCSpeedUp.lnk
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 07:54:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 36.0.1985.125 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 69c
Startzeit: 01cface856c39b29
Endzeit: 60
Anwendungspfad: C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID: b49faa08-18db-11e4-ac94-5404a629b83b
Error: (07/31/2014 07:36:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary nhefoqbz.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (07/31/2014 07:36:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {9217c1ea-c3bc-4449-ae7c-272b4e430bdc}
System errors:
=============
Error: (07/31/2014 07:49:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/31/2014 07:49:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Asus Launcher Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/31/2014 07:45:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (07/31/2014 07:45:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Asus Launcher Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (07/31/2014 07:54:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe36.0.1985.12569c01cface856c39b2960C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exeb49faa08-18db-11e4-ac94-5404a629b83b
Error: (07/31/2014 07:36:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary nhefoqbz.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (07/31/2014 07:36:47 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {9217c1ea-c3bc-4449-ae7c-272b4e430bdc}
==================== Memory info ===========================
Percentage of memory in use: 78%
Total physical RAM: 1014.18 MB
Available physical RAM: 218.41 MB
Total Pagefile: 2038.18 MB
Available Pagefile: 936.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:100 GB) (Free:68.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:183.07 GB) (Free:182.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: DAC69C79)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=15 GB) - (Type=1B)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=16 MB) - (Type=EF)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 31.07.2014 Scan Time: 20:41:42 Logfile: mwbam 2 scan log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.07.31.07 Rootkit Database: v2014.07.17.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Andrea Scan Type: Threat Scan Result: Completed Objects Scanned: 264615 Time Elapsed: 21 min, 41 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 4 Adware.GamePlayLab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158}, , [25eebbeb39425bdbfa530c68768c8b75], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, , [7e950c9a314ab68015676b7b29d9619f], PUP.GamesPlayLab, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mpfapcdfbbledbojijcbcclmlieaoogk, , [f91a881e8af1fc3a942fb84dfd0651af], PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [9f74c1e5483371c53dd7ef276d973ec2], Registry Values: 4 PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, , [8b88d9cdc8b322142fbcf06ead559070], PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, , [8b88d9cdc8b322142fbcf06ead559070] PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\Web Assistant\Firefox, , [1af98323abd0c076176eed2dfd077888] PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, , [9f74c1e5483371c53dd7ef276d973ec2] Registry Data: 0 (No malicious items detected) Folders: 1 PUP.Optional.CrossRider.A, C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0, , [50c3cfd78eed61d5a7888e2730d2837d], Files: 8 PUP.Optional.OpenCandy, C:\Users\Andrea\Desktop\PhotoScape_V3.6.3.exe, , [cd46297daccf3afc262cc41c788c49b7], PUP.Optional.Outbrowse, C:\Users\Andrea\Downloads\setup.exe, , [6ea53373651635018baf2779b24ff907], PUP.FakeFlash.Domaiq, C:\Users\Andrea\Downloads\FlashPlayer_V.143524008c.exe, , [3bd8693dfa81dc5a8ceed31d1de354ac], PUP.Optional.Incredibar.A, C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, , [22f154522b50a195453610d66d95619f], PUP.Optional.CrossRider.A, C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0.localstorage, , [c251f2b4d2a975c1e9797177d82a46ba], PUP.Optional.Searchqu.A, C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, , [5cb7a9fdcbb03ff7bcbbd23de22206fa], PUP.Optional.CrossRider.A, C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0\3, , [50c3cfd78eed61d5a7888e2730d2837d], PUP.Optional.CrossRider.A, C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0\4, , [50c3cfd78eed61d5a7888e2730d2837d], Physical Sectors: 0 (No malicious items detected) (end) |
|
31.07.2014, 22:46
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Reste. Funde mit MBAM entfernt?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2014, 23:06
| #14 |
| | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Nein nur gescannt und nichts in quarantäne verschoben oder entfernt. |
|
31.07.2014, 23:32
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Komplette Adware und Toolbarverseuchung mit ca. 2000 Funden beim ersten Check... Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
