McFragga | 14.10.2014 13:33 | Problem ist nur soweit behoben, dass das Problem mit den unterstrichenen Wörtern gelöst ist, die Werbung ist immer noch mit den Tabs da, aber nich mehr so stark.
Hier ein neuer Scan:
FRST.txt:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by McFragga (administrator) on FRAGGA-TOP on 14-10-2014 14:20:24
Running from C:\Users\McFragga\Downloads
Loaded Profile: McFragga (Available profiles: McFragga & Präsentation)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\stacsv64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(IWON) C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbarsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(MessengerPlus®) C:\Program Files\Yuna Software\Messenger Plus!\Messenger Plus! Ptc\MsgGuard.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
() C:\Program Files (x86)\Search\WebSearch.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\wzoomifyd.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomify.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(ICQ) C:\Users\McFragga\AppData\Roaming\ICQM\icq.exe
(Google) C:\Users\McFragga\AppData\Roaming\Google\Google Talk\googletalk.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Users\McFragga\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyl64.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyl32.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyd32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyl64.exe
(Zoomify Agent) C:\ProgramData\zoomify2\1.1.0.25\zoomifyd32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [309248 2009-06-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [PlusService] => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [811520 2014-02-23] (Yuna Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM-x32\...\Run: [MessengerPlusForSkypeService] => C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [132096 2014-08-06] (Yuna Software)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-08-12] (Sophos Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [fsm] => [X]
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [ICQ] => C:\Users\McFragga\AppData\Roaming\ICQM\icq.exe [27598184 2013-05-11] (ICQ)
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-05] ()
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [googletalk] => C:\Users\McFragga\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [ManyCam] => "C:/Program Files (x86)/ManyCam/ManyCam.exe" --silent
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [Amazon Music] => C:\Users\McFragga\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB4688] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingD6875] => cmd.exe /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB8749] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingD4912] => cmd.exe /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB182] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingD9342] => cmd.exe /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB7454] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingD3285] => cmd.exe /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB1874] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingD8937] => cmd.exe /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB3705] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingD9179] => cmd.exe /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB6450] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingD4325] => cmd.exe /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\RunOnce: [SpybotDeletingB2813] => command.com /c del "C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL"
HKU\S-1-5-21-4088157530-2470593686-3206213926-1000\...\Policies\Explorer: [NoInstrumentation] 1
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-08-12] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-08-12] (Sophos Limited)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM-x32 - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
URLSearchHook: HKLM-x32 - (No Name) - {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyD0F0FyDtCzy0E0BtDtC0DtN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtD0CyC0FtByDtGzztAzztAtGtCtAzytAtG0ByEtDtAtGyByD0B0FyDtCyE0B0CtBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0EyD0DyC0C0BtGyDyB0AzytGyE0AtCzytGzytAzzzytGyDzzyCtD0BzyyBzzyB0DtBtA2Q&cr=708917268&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyD0F0FyDtCzy0E0BtDtC0DtN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtD0CyC0FtByDtGzztAzztAtGtCtAzytAtG0ByEtDtAtGyByD0B0FyDtCyE0B0CtBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0EyD0DyC0C0BtGyDyB0AzytGyE0AtCzytGzytAzzzytGyDzzyCtD0BzyyBzzyB0DtBtA2Q&cr=708917268&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {aa91a22e-2e6d-4c79-a578-d50109b651aa} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm217YYde&ptb=46379E51-C98F-49A5-A0A4-0180ECF8CC05&psa=&ind=2011021618&ptnrS=ZVxdm217YYde&si=xDE&st=sb&n=77ddc132&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyD0F0FyDtCzy0E0BtDtC0DtN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtD0CyC0FtByDtGzztAzztAtGtCtAzytAtG0ByEtDtAtGyByD0B0FyDtCyE0B0CtBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0EyD0DyC0C0BtGyDyB0AzytGyE0AtCzytGzytAzzzytGyDzzyCtD0BzyyBzzyB0DtBtA2Q&cr=708917268&ir=
SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_ggfc_14_42_ie&cd=2XzuyEtN2Y1L1QzuzytDyE0C0EyD0F0FyDtCzy0E0BtDtC0DtN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0FtD0CyC0FtByDtGzztAzztAtGtCtAzytAtG0ByEtDtAtGyByD0B0FyDtCyE0B0CtBtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0EyD0DyC0C0BtGyDyB0AzytGyE0AtCzytGzytAzzzytGyDzzyCtD0BzyyBzzyB0DtBtA2Q&cr=708917268&ir=
SearchScopes: HKCU - {aa91a22e-2e6d-4c79-a578-d50109b651aa} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm217YYde&ptb=46379E51-C98F-49A5-A0A4-0180ECF8CC05&psa=&ind=2011021618&ptnrS=ZVxdm217YYde&si=xDE&st=sb&n=77ddc132&searchfor={searchTerms}
SearchScopes: HKCU - {B6D6AC4C-0CEE-4A2C-BAE1-E1E20BB33231} URL =
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Toolbar BHO -> {d6995d07-cd9b-4cc0-a22a-9e14684d6d64} -> C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbar.dll (IWON)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Search Assistant BHO -> {f0f3f55e-edfc-4ed4-affb-bcaf081ddeba} -> C:\Program Files (x86)\IWONGIE\bar\1.bin\vrSrcAs.dll (IWON)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
Toolbar: HKLM-x32 - No Name - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
Toolbar: HKLM-x32 - IWON - {43a3055a-6ff3-4aa5-90e6-18a10297cb53} - C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbar.dll (IWON)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: HKLM-x32 {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 10 C:\Windows\system32\d3dy61rko.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{458B23B6-5E12-4AD2-8CC2-7027F9D37F5A}: [NameServer] 139.6.1.2,139.6.1.66
Tcpip\..\Interfaces\{6743AA9F-FAEA-4219-8182-FEF7A00B184D}: [NameServer] 139.6.1.2,139.6.1.66
Tcpip\..\Interfaces\{DC957AEE-BF7B-41E4-BE48-72E484240555}: [NameServer] 139.6.1.2,139.6.1.66
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=0.9.8a -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA -> C:\Users\McFragga\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\McFragga\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\McFragga\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\McFragga\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\McFragga\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\McFragga\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\McFragga\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\McFragga\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\McFragga\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Toolbar fuer eBay - C:\Program Files (x86)\Mozilla Firefox\extensions\ebay.xpi [2008-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files (x86)\PremierOpinion
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\McFragga\Program Files (x86)\DNA
FF Extension: DNA - C:\Users\McFragga\Program Files (x86)\DNA [2010-08-26]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Plus-HD-1.5) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\amcnaamhfnpmekghmhckingkdiingmjm [2013-06-18]
CHR Extension: (Google Docs) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-18]
CHR Extension: (Google Drive) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (Google-Suche) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-18]
CHR Extension: (Monster Trucks 360) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahlnbcfknpidmnoildgnpkmcocdhap [2014-03-23]
CHR Extension: (Monster Trucks) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjjlpfkbombmfgjkagbdnjjhfpocpjpe [2014-03-20]
CHR Extension: (Google Wallet) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\McFragga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-18]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\McFragga\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-05]
CHR HKLM-x32\...\Chrome\Extension: [bgpdpaleocmcbkehebpiihkpddggpoif] - C:\Users\McFragga\AppData\Local\Temp\bgpdpaleocmcbkehebpiihkpddggpoif.crx [2012-12-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 DailytoolsUpdateService; C:\Windows\SysWOW64\update1.dll [352256 2014-07-31] (Dailytools GmbH) [File not signed]
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [50688 2009-11-15] () [File not signed]
S2 gupdate1ca7aae5ec8cafa; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-12-12] (Google Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-01] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [948224 2009-11-15] () [File not signed]
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [690688 2009-11-15] () [File not signed]
R2 IWONGIEService; C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbarsvc.exe [28766 2011-02-17] (IWON) [File not signed]
R2 MessengerPlus; C:\Program Files\Yuna Software\Messenger Plus!\Messenger Plus! Ptc\MsgGuard.exe [7275376 2014-04-01] (MessengerPlus®)
R2 MsgPlusService_1; C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [132096 2014-08-06] (Yuna Software) [File not signed]
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-08-12] (Sophos Limited)
S2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-08-12] (Sophos Limited)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Search; C:\Program Files (x86)\Search\WebSearch.exe [435696 2014-08-07] ()
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2012-09-24] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-08-12] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2012-09-24] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-08-12] (Sophos Limited)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e19b3ab5cd326817\STacSV64.exe [240128 2009-07-15] (IDT, Inc.)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-08-12] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-08-12] (Sophos Limited)
R2 wzoomifyd; C:\ProgramData\zoomify2\1.1.0.25\wzoomifyd.exe [161792 2014-10-03] (Zoomify Agent) [File not signed]
R2 zoomify; C:\ProgramData\zoomify2\1.1.0.25\zoomify.exe [458752 2014-10-03] (Zoomify Agent) [File not signed]
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [305920 2011-10-24] (AVEO)
S3 KUSBusByTCP; C:\Windows\SysWOW64\Drivers\KUSBusByTCP.sys [121880 2007-07-20] (Windows (R) Codename Longhorn DDK provider)
S3 KUSBusByTCPMasterBus; C:\Windows\SysWOW64\Drivers\KUSBusByTCPMasterBus.sys [66584 2007-07-20] (Windows (R) Codename Longhorn DDK provider)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [48800 2009-05-07] (O2Micro )
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [267296 2008-05-28] (Creative Technology Ltd.)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-08-12] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-08-12] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-08-12] (Sophos Limited)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-14 13:43 - 2014-10-14 13:43 - 00000304 _____ () C:\Windows\system32\TemporarFileConfiguration
2014-10-14 13:28 - 2014-10-14 13:28 - 00038301 _____ () C:\ComboFix.txt
2014-10-14 13:04 - 2014-10-14 13:28 - 00000000 ____D () C:\Qoobox
2014-10-14 13:04 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-14 13:04 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-14 13:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-14 13:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-14 13:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-14 13:04 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-14 13:04 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-14 13:04 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-14 13:03 - 2014-10-14 13:24 - 00000000 ____D () C:\Windows\erdnt
2014-10-14 12:55 - 2014-10-14 12:55 - 05582915 ____R (Swearware) C:\Users\McFragga\Downloads\ComboFix.exe
2014-10-14 12:35 - 2014-10-14 12:35 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\McFragga\Downloads\revosetup95 (1).exe
2014-10-14 11:26 - 2014-10-14 11:27 - 00054330 _____ () C:\Users\McFragga\Downloads\Addition(2).txt
2014-10-14 10:31 - 2014-10-14 12:32 - 00000096 _____ () C:\Users\McFragga\AppData\Roaming\WB.CFG
2014-10-14 10:14 - 2014-10-14 10:14 - 00055636 _____ () C:\Users\McFragga\Desktop\FRST.txt
2014-10-14 09:40 - 2014-10-14 09:46 - 00054856 _____ () C:\Users\McFragga\Downloads\Addition(1).txt
2014-10-14 09:38 - 2014-10-14 14:20 - 00033451 _____ () C:\Users\McFragga\Downloads\FRST.txt
2014-10-14 09:38 - 2014-10-14 14:20 - 00000000 ____D () C:\FRST
2014-10-14 09:33 - 2014-10-14 09:33 - 02110464 _____ (Farbar) C:\Users\McFragga\Downloads\FRST64.exe
2014-10-14 09:32 - 2014-10-14 09:32 - 00003318 _____ () C:\Windows\System32\Tasks\ASP
2014-10-14 09:31 - 2014-10-14 12:43 - 00000000 ____D () C:\Users\McFragga\AppData\Roaming\DigitalSites
2014-10-14 09:31 - 2014-10-14 10:01 - 00000000 ____D () C:\Users\McFragga\AppData\Roaming\Systweak
2014-10-14 09:31 - 2014-10-14 09:32 - 00000280 _____ () C:\Users\McFragga\Desktop\Cut the Rope.url
2014-10-14 09:31 - 2014-10-14 09:31 - 00000000 ____D () C:\Users\McFragga\AppData\Roaming\1H1Q
2014-10-14 09:31 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-14 09:29 - 2014-10-14 09:29 - 00712224 _____ ( ) C:\Users\McFragga\Downloads\FileExtractorSetup.exe
2014-10-14 09:15 - 2014-10-14 12:36 - 00001288 _____ () C:\Users\McFragga\Desktop\Revo Uninstaller.lnk
2014-10-14 09:15 - 2014-10-14 12:36 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-10-14 09:10 - 2014-10-14 09:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\McFragga\Downloads\revosetup95.exe
2014-10-14 09:00 - 2014-10-14 09:00 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{EC522005-A896-4EDF-93A7-53B962ED6124}
2014-10-13 23:29 - 2014-10-13 23:29 - 00000196 _____ () C:\Windows\Tasks\Tempo Runner wzoomifyd.job
2014-10-13 23:21 - 2014-10-13 23:21 - 00001315 _____ () C:\Users\Präsentation\Desktop\ELT2 - Verknüpfung.lnk
2014-10-13 23:19 - 2014-10-13 23:19 - 00114224 _____ () C:\Users\Präsentation\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-13 23:19 - 2014-10-13 23:19 - 00001427 _____ () C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-13 23:19 - 2014-10-13 23:19 - 00000000 ____D () C:\Users\Präsentation\AppData\Roaming\Adobe
2014-10-13 23:19 - 2014-10-13 23:19 - 00000000 ____D () C:\Users\Präsentation\AppData\Local\VirtualStore
2014-10-13 23:18 - 2014-10-13 23:19 - 00000000 ____D () C:\Users\Präsentation\AppData\Local\Google
2014-10-13 23:18 - 2014-10-13 23:19 - 00000000 ____D () C:\Users\Präsentation
2014-10-13 23:18 - 2014-10-13 23:18 - 00000020 ___SH () C:\Users\Präsentation\ntuser.ini
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Vorlagen
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Startmenü
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Netzwerkumgebung
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Lokale Einstellungen
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Eigene Dateien
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Druckumgebung
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Documents\Eigene Musik
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Documents\Eigene Bilder
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\AppData\Local\Verlauf
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\AppData\Local\Anwendungsdaten
2014-10-13 23:18 - 2014-10-13 23:18 - 00000000 _SHDL () C:\Users\Präsentation\Anwendungsdaten
2014-10-13 23:18 - 2013-06-23 23:54 - 00000000 ____D () C:\Users\Präsentation\AppData\LocalGoogle
2014-10-13 23:18 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-13 23:18 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Präsentation\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-13 17:32 - 2014-10-13 17:32 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{EAF59199-3540-4714-849E-F4342185AFB7}
2014-10-11 14:06 - 2014-10-11 14:07 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{3930A54F-13A0-4518-97E9-7D4B6EAFCE01}
2014-10-10 17:10 - 2014-10-14 13:41 - 00004186 _____ () C:\Windows\PFRO.log
2014-10-10 17:10 - 2014-10-14 13:41 - 00000336 _____ () C:\Windows\setupact.log
2014-10-10 17:10 - 2014-10-10 17:10 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-10 09:59 - 2014-10-10 09:59 - 00134930 _____ () C:\Users\McFragga\Documents\cc_20141010_095852.reg
2014-10-10 08:38 - 2014-10-10 08:38 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{F12AA903-CB40-4904-9BE4-879E7093E6A1}
2014-10-09 17:36 - 2014-10-09 17:36 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{B1BD25DA-E02B-44C8-8823-AC575FA580B0}
2014-10-08 17:46 - 2014-10-08 17:47 - 00000005 _____ () C:\Windows\SysWOW64\lMMLDeleteUserData42107612FX.tmp
2014-10-08 17:19 - 2014-10-08 17:19 - 56484761 _____ () C:\Users\McFragga\Downloads\texmakerwin32_43install.exe
2014-10-08 15:59 - 2014-10-08 15:59 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{2F3DF262-D160-4BAE-A103-58BE9FC54F6A}
2014-10-07 18:27 - 2014-10-07 18:27 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-10-07 15:59 - 2014-10-07 15:59 - 00164204 _____ () C:\Users\McFragga\Downloads\tam384.wav
2014-10-07 15:43 - 2014-10-07 15:43 - 00000000 ____D () C:\zoomify
2014-10-07 15:43 - 2014-10-07 15:43 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{88D98007-F8B1-40C0-8910-6E78263CBDF8}
2014-10-07 15:40 - 2014-10-07 15:40 - 00000000 ____D () C:\dgTemp
2014-10-03 10:33 - 2014-10-03 10:33 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{3F898691-9ABF-4A21-945F-DB3158D55295}
2014-10-02 09:14 - 2014-10-02 09:15 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{D19B4271-76FF-4012-80B3-641F4FF0EDEC}
2014-10-01 17:58 - 2014-10-01 17:58 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{8ABA6490-DB07-496D-9EAF-4C9E2E24D8C6}
2014-10-01 17:51 - 2014-10-01 17:51 - 00278568 _____ () C:\Windows\system32\.crusader
2014-10-01 07:59 - 2014-10-01 07:59 - 00001911 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-01 07:59 - 2014-10-01 07:59 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-01 07:43 - 2014-10-03 10:47 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-01 07:43 - 2014-10-01 07:43 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-10-01 07:42 - 2014-10-07 15:40 - 00000000 ____D () C:\ProgramData\zoomify2
2014-10-01 07:03 - 2014-10-01 07:03 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{76141177-F8F9-4478-AE02-28A4C65DA378}
2014-09-30 12:41 - 2014-09-30 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Box
2014-09-30 12:41 - 2014-09-30 12:41 - 00000000 ____D () C:\Program Files (x86)\FRITZ!BoxPrint
2014-09-30 12:41 - 2014-09-30 12:41 - 00000000 ____D () C:\Program Files (x86)\FRITZ!Box
2014-09-30 12:41 - 2006-05-29 02:00 - 00016384 ____R (AVM Berlin GmbH) C:\Windows\SysWOW64\avmprmon.dll
2014-09-30 12:41 - 2006-01-20 13:43 - 00055808 ____R (AVM GmbH) C:\Windows\SysWOW64\avmadd32.dll
2014-09-30 11:49 - 2014-09-30 12:18 - 00371447 _____ () C:\Users\McFragga\Downloads\Sicherung Fritzbox - Kopie.export
2014-09-30 11:37 - 2014-09-30 11:37 - 00181508 _____ () C:\Users\McFragga\Downloads\FRITZ.Box 7490 113.06.05_30.09.14_1136.export
2014-09-30 11:25 - 2014-09-30 11:25 - 00180979 _____ () C:\Users\McFragga\Downloads\FRITZ.Box 7490 113.06.05_01.01.70_0134.export
2014-09-30 11:16 - 2014-09-30 11:56 - 00180979 _____ () C:\Users\McFragga\Downloads\FRITZ.Box 7490 113.06.05_01.01.70_0125.export
2014-09-29 22:11 - 2014-09-29 22:11 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{3BA57547-9E9F-4D8D-AE05-52AF9349F5E2}
2014-09-27 12:03 - 2014-09-27 12:03 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{73E1A97A-4F05-4462-8BC9-F4274322B57F}
2014-09-27 00:47 - 2014-09-27 00:47 - 00002547 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-27 00:47 - 2014-09-27 00:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-26 16:56 - 2014-09-26 16:56 - 00371434 _____ () C:\Users\McFragga\Downloads\Sicherung Fritzbox.export
2014-09-26 15:25 - 2014-09-26 15:25 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{5F4CF919-CDE6-44CD-80E0-B702CE24ED1A}
2014-09-25 17:32 - 2014-09-25 17:33 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{5D66D4CF-D290-4C6F-A903-6341FA44A775}
2014-09-24 21:43 - 2014-09-24 21:45 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{4CF99315-6629-4845-8DAD-C64FBB209833}
2014-09-24 08:21 - 2014-09-24 08:21 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{4A67E08F-7051-4C3F-9BFB-4A06ABEC52D7}
2014-09-23 06:53 - 2014-09-23 06:53 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{801683DC-75A5-475A-B1F6-637010436F3E}
2014-09-22 09:56 - 2014-09-22 09:56 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{95B75D87-AB9C-4CD8-89A9-0163B97A71A0}
2014-09-21 13:32 - 2014-09-21 13:33 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{CD3EA7D6-5936-4F9F-A5B6-CF9C9FFB557C}
2014-09-19 09:07 - 2014-09-19 09:07 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{62D623A0-3581-41CA-A1DB-5BEA8D8E94C7}
2014-09-17 21:53 - 2014-09-17 21:53 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{0CCECC02-AA89-4D29-A0A0-3CF3AC10AEB4}
2014-09-17 08:41 - 2014-09-17 08:41 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{116CF9DC-23DE-41D6-9711-9BC5FFC5B719}
2014-09-16 01:53 - 2014-09-16 01:53 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{394FAEB2-2918-47AB-A275-61642956B2E9}
2014-09-15 11:37 - 2014-09-15 11:37 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{83D53776-02E4-4D18-AF42-D80921D9ECD2}
2014-09-14 20:56 - 2014-09-14 20:56 - 00000000 ____D () C:\Users\McFragga\AppData\Local\{3BAF8D49-5D42-489B-A851-42C5C2F6F157}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-14 14:08 - 2012-08-07 14:56 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000UA.job
2014-10-14 14:05 - 2009-12-12 00:07 - 00000000 ____D () C:\Users\McFragga\AppData\Roaming\Skype
2014-10-14 13:56 - 2014-01-11 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-14 13:50 - 2009-07-14 06:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 13:50 - 2009-07-14 06:45 - 00014032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 13:43 - 2013-05-14 06:04 - 00001176 _____ () C:\Windows\Tasks\Plus-HD-1.5-updater.job
2014-10-14 13:43 - 2013-05-14 06:03 - 00001770 _____ () C:\Windows\Tasks\Plus-HD-1.5-chromeinstaller.job
2014-10-14 13:43 - 2013-05-14 06:03 - 00001754 _____ () C:\Windows\Tasks\Plus-HD-1.5-firefoxinstaller.job
2014-10-14 13:43 - 2013-05-14 06:03 - 00001188 _____ () C:\Windows\Tasks\Plus-HD-1.5-codedownloader.job
2014-10-14 13:43 - 2013-05-03 17:49 - 00000000 ___RD () C:\Users\McFragga\Google Drive
2014-10-14 13:43 - 2009-12-12 00:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-14 13:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 13:35 - 2009-12-12 00:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-14 13:33 - 2009-07-14 07:10 - 01099048 _____ () C:\Windows\WindowsUpdate.log
2014-10-14 13:24 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-14 13:17 - 2012-08-07 14:11 - 00000000 ____D () C:\ProgramData\Temp
2014-10-14 12:08 - 2012-08-07 14:56 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000Core.job
2014-10-14 11:42 - 2011-09-21 23:32 - 00001150 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000UA.job
2014-10-13 23:23 - 2010-01-08 13:12 - 00000400 _____ () C:\Windows\ODBC.INI
2014-10-13 23:01 - 2012-03-31 13:34 - 00000000 ____D () C:\ProgramData\Messenger Plus! for Skype
2014-10-13 17:42 - 2011-09-21 23:32 - 00001128 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000Core.job
2014-10-11 14:39 - 2009-12-14 20:21 - 00000000 ____D () C:\Users\McFragga\Studium
2014-10-10 09:52 - 2011-02-17 09:38 - 00000000 ____D () C:\Users\McFragga\AppData\Roaming\Winamp
2014-10-10 09:52 - 2009-12-10 07:40 - 00000000 ____D () C:\Users\McFragga\Tracing
2014-10-10 09:51 - 2014-09-04 11:25 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-10-10 09:26 - 2011-03-21 08:49 - 00000000 ____D () C:\Windows\Minidump
2014-10-08 17:58 - 2011-10-25 21:39 - 00000000 ____D () C:\Program Files (x86)\Motorola
2014-10-08 17:50 - 2011-10-25 21:52 - 00000000 ____D () C:\Users\McFragga\AppData\Local\Motorola
2014-10-08 17:48 - 2011-10-25 21:51 - 00000000 ____D () C:\ProgramData\Nero
2014-10-08 15:57 - 2012-03-23 23:17 - 00000000 ____D () C:\Temp
2014-10-01 09:35 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-10-01 07:39 - 2011-10-05 16:05 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-10-01 06:59 - 2011-10-05 17:12 - 00254080 _____ () C:\aaw7boot.log
2014-09-30 08:28 - 2014-09-08 08:38 - 00003626 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-09-29 22:09 - 2011-10-08 16:07 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat
2014-09-29 22:09 - 2011-10-08 16:07 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat
2014-09-27 00:47 - 2009-12-12 00:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-27 00:46 - 2009-12-12 00:07 - 00000000 ____D () C:\ProgramData\Skype
2014-09-25 17:29 - 2010-04-23 09:15 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-09-25 10:44 - 2009-12-12 00:08 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 08:56 - 2014-01-11 20:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 08:56 - 2013-06-18 23:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 08:56 - 2013-06-18 23:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-17 22:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 11:47 - 2011-10-25 23:27 - 00000000 ____D () C:\Users\McFragga\AppData\Roaming\MyPhoneExplorer
2014-09-15 09:06 - 2009-12-09 16:12 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-07 20:12
==================== End Of Log ============================ --- --- ---
Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by McFragga at 2014-10-14 14:21:17
Running from C:\Users\McFragga\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
50 FREE MP3s +1 Free Audiobook! (HKLM-x32\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
Android Sync Manager WiFi (HKLM-x32\...\{33543A08-4293-0200-0000-000000000000}) (Version: 11.10.574 - Mobile Action)
Anki (HKLM-x32\...\Anki) (Version: - )
Application Suite (HKLM-x32\...\{087D3CBF-1ABB-47A8-8C3B-5E76A5D99E88}) (Version: - )
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber Lame-MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Sicherungs- und Wiederherstellungs-Manager (HKLM\...\{CA6B1505-2C45-4211-8F9D-4198C409E1D4}) (Version: 1.0.0 - Dell, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.102.104 - ALPS ELECTRIC CO., LTD.)
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.4 (16502) - BitTorrent Inc.)
DVDVideoSoft Toolbar (HKLM-x32\...\DVDVideoSoft Toolbar) (Version: - )
ElsterFormular (HKLM-x32\...\ElsterFormular 13.2.0.8623k) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular 12.2.1.6570k) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
Emergency 4 (HKLM-x32\...\{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}) (Version: 1.03.001 - )
eMule (HKLM-x32\...\eMule) (Version: - )
Eudora (HKLM-x32\...\{A2219E87-FC62-4A98-B183-F7E02561DDBE}) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free Audio CD Burner version 1.4.7 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Studio version 4.4 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube Download version 3.1.40.1031 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.40.1031 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
FUS-3100 Control Center (HKLM-x32\...\{D2613716-E7D5-4072-94CD-A014A0A38F0D}) (Version: 2.221 - LevelOne)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKCU\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.04) (Version: 9.04 - Artifex Software Inc.)
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
ICQ 8.0 (build 6019) (HKCU\...\ICQ) (Version: 8.0.6019.0 - Mail.Ru)
ICQ7.6 (HKLM-x32\...\{7644E42D-B096-457F-8B5B-901238FC81AE}) (Version: 7.6 - ICQ)
ILK-ISO_5167 (HKLM-x32\...\{967C547C-208A-4020-9AA5-9277772D5C3D}) (Version: 1.0 - ILK Dresden)
IWON (HKLM-x32\...\IWONGIEbar Uninstall) (Version: - IWON)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Laptop Integrated Webcam Driver (1.01.01.0529) (HKLM\...\Creative OEM013) (Version: - )
LiaisonyLUST v1.7 [Motion Experiment] DEMO (HKLM-x32\...\7492D24A-C1D8-4548-A19D-153E9EBEA087) (Version: - Liaisony, Michael Szonn [www.szonn.com])
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.70.1044 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Maniac Mansion Deluxe (HKLM-x32\...\Maniac Mansion Deluxe) (Version: - )
ManyCam 4.0.44 (HKLM-x32\...\ManyCam) (Version: 4.0.44 - Visicom Media Inc.)
Messenger Plus! (HKLM-x32\...\Messenger Plus!) (Version: 6.00.0.780 - Yuna Software)
Messenger Plus! for Skype (HKLM-x32\...\Messenger Plus! for Skype) (Version: 3.0.0.195 - Yuna Software)
MFP Server Control Center (HKLM-x32\...\{A7A635CC-4F44-49A2-8066-7C3137DA70C4}) (Version: 2.28 - LevelOne)
mh-3rd Generation (HKLM-x32\...\{589D1525-A26D-4A43-B057-32DE00C239CA}) (Version: 1.00.000 - mh-software)
mh-3rd Generation Basis-Installation (HKLM-x32\...\{A44825D4-CE7A-11D3-83FE-0050DA3DB632}) (Version: 1.00.000 - mh-software)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Miniclip Toolbar (HKLM-x32\...\Miniclip Toolbar) (Version: 6.11.2.6 - Miniclip)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.811 - Electronic Arts)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
office Convert Pdf to PowerPoint for ppt Free 4.9 (HKLM-x32\...\office Convert Pdf to PowerPoint for ppt Free_is1) (Version: - Officeconvert Software, Inc.)
OpenOffice.org 3.1 (HKLM-x32\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9420 - OpenOffice.org)
OpenTTD 1.3.1 (HKLM-x32\...\OpenTTD) (Version: 1.3.1 - OpenTTD)
Opera 12.02 (HKLM-x32\...\Opera 12.02.1578) (Version: 12.02.1578 - Opera Software ASA)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
pdfsam (HKCU\...\pdfsam) (Version: 2.2.1 - )
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Simpsons Display Pictures (HKLM-x32\...\Simpsons Display Pictures) (Version: - Sherv.NET)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Software Informer 1.0 BETA (HKLM-x32\...\Software Informer_is1) (Version: - Informer Technologies, Inc.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version: - Cryptic Studios)
Star Trek: Armada (HKLM-x32\...\Activision_StarTrekArmadaUninstallKey) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
USB2.0 PC Camera (HKLM-x32\...\{417D86A0-89FE-4308-B172-45B74DCE6F8F}) (Version: 2.2.0.0 - aveotek)
VLC media player 0.9.8a (HKLM-x32\...\VLC media player) (Version: 0.9.8a - VideoLAN Team)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Word Excel PowerPoint to Pdf Converter 3000 7.3 (HKLM-x32\...\Word Excel PowerPoint to Pdf Converter 3000_is1) (Version: - Head Document Tool Software, Inc.)
World of Tanks v.0.6.7 (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1) (Version: - Wargaming.net)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4088157530-2470593686-3206213926-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\McFragga\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4088157530-2470593686-3206213926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\McFragga\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
08-10-2014 14:10:51 Prüfpunkt von HitmanPro
08-10-2014 15:45:24 Removed MOTOROLA MEDIA LINK.
08-10-2014 16:11:24 Prüfpunkt von HitmanPro
09-10-2014 15:55:18 Prüfpunkt von HitmanPro
10-10-2014 15:22:55 Prüfpunkt von HitmanPro
10-10-2014 15:27:59 Windows Update
11-10-2014 12:18:18 Prüfpunkt von HitmanPro
13-10-2014 15:36:58 Prüfpunkt von HitmanPro
14-10-2014 07:11:39 Prüfpunkt von HitmanPro
14-10-2014 07:59:03 Revo Uninstaller's restore point - RegClean-Pro
14-10-2014 08:07:56 Revo Uninstaller's restore point - Plus-HD-1.5
14-10-2014 09:51:32 Windows Update
14-10-2014 10:38:17 Revo Uninstaller's restore point - Extended Update
14-10-2014 10:43:25 Revo Uninstaller's restore point - File Extractor
14-10-2014 10:45:09 Revo Uninstaller's restore point - File Extractor Packages
14-10-2014 10:48:47 Revo Uninstaller's restore point - Messenger Plus! Community Smartbar
14-10-2014 10:50:55 Revo Uninstaller's restore point - Winamp Toolbar
14-10-2014 11:51:40 Prüfpunkt von HitmanPro
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-10-14 13:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {159D8A2D-AE65-487C-A942-84ED637254EB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-12] (Google Inc.)
Task: {17DB5DA7-E988-44AE-AB2C-98D70A5A8633} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {2422E5EE-B8E2-4B62-900B-084EC6CE2DE8} - System32\Tasks\Plus-HD-1.5-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-firefoxinstaller.exe [2013-05-14] (Plus HD)
Task: {3585A647-2C8F-4432-8EE9-7C501CDC6AD5} - System32\Tasks\Plus-HD-1.5-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-chromeinstaller.exe [2013-05-14] (Plus HD)
Task: {50EB08C1-2BE4-401A-A39A-EEB71475708F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000UA => C:\Users\McFragga\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {562C9D00-CB77-4E30-81DF-0F87923B1745} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {5942EF52-EFC3-4D1E-AECD-4901C15AAADA} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {5955EA35-8C15-41CD-8582-AAFB1DAF429B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {63A57FDB-9D27-48EA-A8D5-4680529A863F} - System32\Tasks\Plus-HD-1.5-codedownloader => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-codedownloader.exe [2013-05-14] (Plus HD)
Task: {733E1F44-A9E0-4061-BA13-42F16D849190} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000Core => C:\Users\McFragga\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07] (Google Inc.)
Task: {8839E719-B13E-4010-B7A5-7131B6E2DC36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-12] (Google Inc.)
Task: {883D703D-9725-4389-A507-E0914173EC66} - \Advanced System Protector No Task File <==== ATTENTION
Task: {8A2A2F3E-899F-4A99-ADF8-3D56E710C7A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000UA => C:\Users\McFragga\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07] (Google Inc.)
Task: {A2847807-FAE3-439E-89D8-39496EF97309} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {A29CAD6C-1915-431F-9967-3128CA1DAA02} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {AA69AB02-BDBE-4735-8011-5D6E1B2A5FB2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000Core => C:\Users\McFragga\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {AAB4BF25-34FF-4FBB-B15D-5F261BC1922D} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {C7FEB900-B033-45B2-8E36-0985BE6797DC} - System32\Tasks\{9680CA09-5094-46F9-BDCC-22EAD944BC40} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27] (Skype Technologies S.A.)
Task: {CC567FF9-96E8-48A3-A156-85EE97018B9D} - System32\Tasks\Plus-HD-1.5-updater => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-updater.exe [2013-05-14] (Plus HD)
Task: {E54E7B24-90CE-44B9-9E35-418C27878ADB} - \RegClean Pro No Task File <==== ATTENTION
Task: {EAA691B8-7C8B-40DE-8535-3E8B6539164F} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000Core.job => C:\Users\McFragga\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000UA.job => C:\Users\McFragga\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000Core.job => C:\Users\McFragga\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4088157530-2470593686-3206213926-1000UA.job => C:\Users\McFragga\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.5-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.5-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.5-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.5-updater.job => C:\Program Files (x86)\Plus-HD-1.5\Plus-HD-1.5-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Tempo Runner wzoomifyd.job => C:\PROGRA~3\zoomify2\1.1.0.25\wzoomifyd.exe
==================== Loaded Modules (whitelisted) =============
2012-02-08 23:56 - 2005-03-12 03:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2009-11-15 20:31 - 2009-11-15 20:31 - 00050688 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2009-11-15 20:24 - 2009-11-15 20:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2009-11-15 20:23 - 2009-11-15 20:23 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2009-11-15 20:23 - 2009-11-15 20:23 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00034816 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2009-11-15 20:25 - 2009-11-15 20:25 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2009-11-15 20:28 - 2009-11-15 20:28 - 00948224 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2009-11-15 20:24 - 2009-11-15 20:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00034304 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2009-11-15 20:24 - 2009-11-15 20:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2009-11-15 20:26 - 2009-11-15 20:26 - 00690688 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2014-08-07 11:35 - 2014-08-07 11:35 - 00435696 _____ () C:\Program Files (x86)\Search\WebSearch.exe
2011-12-10 00:01 - 2011-12-10 00:01 - 00041472 _____ () C:\Program Files (x86)\MyPhoneExplorer\DLL\mpe_gadget_connector_net.dll
2014-08-28 17:17 - 2014-07-22 22:46 - 03356480 _____ () C:\Users\McFragga\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2012-09-24 17:47 - 2012-09-24 17:47 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2012-09-24 17:48 - 2012-09-24 17:48 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2012-09-24 17:48 - 2012-09-24 17:48 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2012-09-24 17:47 - 2012-09-24 17:47 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2013-05-11 17:09 - 2013-05-11 17:09 - 00851456 _____ () C:\Users\McFragga\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2012-03-31 13:34 - 2012-03-18 12:07 - 02347520 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
2012-03-31 13:34 - 2012-03-18 12:10 - 08499712 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
2014-01-29 22:47 - 2012-07-24 00:13 - 00357888 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtXml4.dll
2012-03-31 14:07 - 2012-01-15 17:50 - 00370688 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\libsndfile.dll
2012-03-31 14:07 - 2012-01-15 17:50 - 00390656 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\lame_enc.dll
2012-03-31 14:07 - 2012-03-18 12:07 - 00863744 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtNetwork4.dll
2012-03-31 14:07 - 2012-03-18 12:07 - 00026624 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qgif4.dll
2012-03-31 14:07 - 2012-03-18 12:07 - 00200704 _____ () C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qjpeg4.dll
2014-10-14 13:43 - 2014-10-14 13:43 - 00098816 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32api.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00110080 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\pywintypes27.dll
2014-10-14 13:43 - 2014-10-14 13:43 - 00364544 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\pythoncom27.dll
2014-10-14 13:43 - 2014-10-14 13:43 - 00045568 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\_socket.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 01160704 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\_ssl.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00320512 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32com.shell.shell.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00713216 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\_hashlib.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 01175040 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._core_.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00805888 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._gdi_.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00811008 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._windows_.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 01062400 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._controls_.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00735232 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._misc_.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00128512 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\_elementtree.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00127488 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\pyexpat.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00557056 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\pysqlite2._sqlite.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00007168 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\hashobjs_ext.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00087552 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\_ctypes.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00119808 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32file.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00108544 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32security.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00018432 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32event.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00038912 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32inet.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00070656 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._html2.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00167936 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32gui.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00011264 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32crypt.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00027136 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\_multiprocessing.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00686080 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\unicodedata.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00122368 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._wizard.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00010240 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\select.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00024064 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32pipe.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00025600 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32pdh.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00525640 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\windows._lib_cacheinvalidation.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00035840 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32process.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00017408 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32profile.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00022528 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\win32ts.pyd
2014-10-14 13:43 - 2014-10-14 13:43 - 00078336 _____ () C:\Users\McFragga\AppData\Local\Temp\_MEI42362\wx._animate.pyd
2014-09-25 10:43 - 2014-09-23 06:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-25 10:43 - 2014-09-23 06:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-25 10:43 - 2014-09-23 06:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-25 10:43 - 2014-09-23 06:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-25 10:43 - 2014-09-23 06:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Access Manager.lnk => C:\Windows\pss\Access Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Browser companion helper => C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3
MSCONFIG\startupreg: Control Center => C:\Program Files (x86)\LevelOne\MFP Server Control Center\Control Center.exe -mini
MSCONFIG\startupreg: Facebook Update => "C:\Users\McFragga\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Quick Search Box => "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
MSCONFIG\startupreg: Google Update => "C:\Users\McFragga\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IWONGIE Browser Plugin Loader => C:\PROGRA~2\IWONGIE\bar\1.bin\vrbrmon.exe
MSCONFIG\startupreg: Linkury Chrome Smartbar => C:\Program Files (x86)\Linkury\Linkury.exe startup
MSCONFIG\startupreg: Logitech Vid HD => "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
MSCONFIG\startupreg: PC Suite Tray => "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: PlusService => C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-4088157530-2470593686-3206213926-500 - Administrator - Disabled)
Bibi (S-1-5-21-4088157530-2470593686-3206213926-1001 - Limited - Enabled)
Gast (S-1-5-21-4088157530-2470593686-3206213926-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4088157530-2470593686-3206213926-1003 - Limited - Enabled)
McFragga (S-1-5-21-4088157530-2470593686-3206213926-1000 - Administrator - Enabled) => C:\Users\McFragga
Präsentation (S-1-5-21-4088157530-2470593686-3206213926-1030 - Limited - Enabled) => C:\Users\Präsentation
SophosSAUFRAGGA-TOP0 (S-1-5-21-4088157530-2470593686-3206213926-1005 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Master Bus of Kernel USB Software Bus by TCP
Description: Master Bus of Kernel USB Software Bus by TCP
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: LevelOne Corporation
Service: KUSBusByTCPMasterBus
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Shrew Soft Virtual Adapter #3
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #2
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #5
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Shrew Soft Virtual Adapter #4
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/14/2014 01:42:11 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT-AUTORITÄT)
Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: fhk-av-update.%%3
Error: (10/14/2014 01:39:03 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Service failed to shut down.
Error: (10/14/2014 01:39:03 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Receiving shutdown message.
Error: (10/14/2014 01:35:05 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT-AUTORITÄT)
Description: DNS Lookup schlug bei Auflösung folgender Adressen fehl: fhk-av-update.%%3
Error: (10/14/2014 01:33:24 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Service failed to shut down.
Error: (10/14/2014 01:33:24 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Receiving shutdown message.
Error: (10/14/2014 01:25:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LVPrcSrv.exe, Version: 12.10.1110.0, Zeitstempel: 0x4acc50c4
Name des fehlerhaften Moduls: LVPrcSrv.exe, Version: 12.10.1110.0, Zeitstempel: 0x4acc50c4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000007af2
ID des fehlerhaften Prozesses: 0x448
Startzeit der fehlerhaften Anwendung: 0xLVPrcSrv.exe0
Pfad der fehlerhaften Anwendung: LVPrcSrv.exe1
Pfad des fehlerhaften Moduls: LVPrcSrv.exe2
Berichtskennung: LVPrcSrv.exe3
Error: (10/14/2014 01:06:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: googledrivesync.exe, Version: 1.17.7290.4094, Zeitstempel: 0x509418e4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002dfe4
ID des fehlerhaften Prozesses: 0x15c8
Startzeit der fehlerhaften Anwendung: 0xgoogledrivesync.exe0
Pfad der fehlerhaften Anwendung: googledrivesync.exe1
Pfad des fehlerhaften Moduls: googledrivesync.exe2
Berichtskennung: googledrivesync.exe3
Error: (10/14/2014 01:03:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm icq.exe, Version 8.0.6019.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1250
Startzeit: 01cfe77c4eb3a671
Endzeit: 489
Anwendungspfad: C:\Users\McFragga\AppData\Roaming\ICQM\icq.exe
Berichts-ID: b868a58f-5391-11e4-bf0b-904ce5ff519e
Error: (10/14/2014 08:58:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: zoomify.exe, Version: 1.1.0.25, Zeitstempel: 0x542e45df
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00700072
ID des fehlerhaften Prozesses: 0xaec
Startzeit der fehlerhaften Anwendung: 0xzoomify.exe0
Pfad der fehlerhaften Anwendung: zoomify.exe1
Pfad des fehlerhaften Moduls: zoomify.exe2
Berichtskennung: zoomify.exe3
System errors:
=============
Error: (10/14/2014 01:39:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (10/14/2014 01:25:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/14/2014 01:23:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/14/2014 01:22:16 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/14/2014 01:16:44 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/14/2014 01:04:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DailytoolsUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/14/2014 10:54:54 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (10/14/2014 10:54:49 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (10/14/2014 10:54:44 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (10/14/2014 08:58:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "zoomify" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (10/14/2014 01:42:11 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT-AUTORITÄT)
Description: fhk-av-update
Error: (10/14/2014 01:39:03 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Service failed to shut down.
Error: (10/14/2014 01:39:03 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Receiving shutdown message.
Error: (10/14/2014 01:35:05 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT-AUTORITÄT)
Description: fhk-av-update
Error: (10/14/2014 01:33:24 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Service failed to shut down.
Error: (10/14/2014 01:33:24 PM) (Source: MsgPlusService_1) (EventID: 0) (User: )
Description: MsgPlusService_1Receiving shutdown message.
Error: (10/14/2014 01:25:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LVPrcSrv.exe12.10.1110.04acc50c4LVPrcSrv.exe12.10.1110.04acc50c4c00000050000000000007af244801cfe77c436c4144C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.execf249d8b-5394-11e4-bf0b-904ce5ff519e
Error: (10/14/2014 01:06:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: googledrivesync.exe1.17.7290.4094509418e4ntdll.dll6.1.7601.18247521ea8e7c00000050002dfe415c801cfe77c75b2621cC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Windows\SysWOW64\ntdll.dll2a23df3d-5392-11e4-bf0b-904ce5ff519e
Error: (10/14/2014 01:03:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: icq.exe8.0.6019.0125001cfe77c4eb3a671489C:\Users\McFragga\AppData\Roaming\ICQM\icq.exeb868a58f-5391-11e4-bf0b-904ce5ff519e
Error: (10/14/2014 08:58:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: zoomify.exe1.1.0.25542e45dfunknown0.0.0.000000000c000000500700072aec01cfe77c46828a1fC:\PROGRA~3\zoomify2\1.1.0.25\zoomify.exeunknown8b82d158-536f-11e4-bf0b-904ce5ff519e
CodeIntegrity Errors:
===================================
Date: 2014-10-14 13:22:16.837
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-14 13:22:16.587
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 3066.96 MB
Available physical RAM: 1104.98 MB
Total Pagefile: 3420.14 MB
Available Pagefile: 1033.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:150.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7C83D076)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Danke nochmal |