Danke für die schnelle Antwort.
Hier die gewünschten Logs: Code:
# AdwCleaner v4.201 - Bericht erstellt 11/04/2015 um 14:38:21
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Ralf - RALF-PC
# Gestarted von : C:\Users\Ralf\Desktop\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : RGMUpdater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\VideoConverter
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\wiseconvert
Ordner Gelöscht : C:\Program Files (x86)\ProductUI
Ordner Gelöscht : C:\Users\Nici u. Tina u. Uli\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Ralf\AppData\Local\apn
Ordner Gelöscht : C:\Users\Ralf\AppData\Local\PriceMeterLiveUpdate
Ordner Gelöscht : C:\Users\Ralf\AppData\Local\Video Converter
Ordner Gelöscht : C:\Users\Ralf\AppData\Local\RGMService
Ordner Gelöscht : C:\Users\Ralf\AppData\LocalLow\Check Point Software Technologies LTD
Ordner Gelöscht : C:\Users\Ralf\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Ralf\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Ralf\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Ralf\Documents\Video Converter
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei Gelöscht : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
Datei Gelöscht : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\invalidprefs.js
Datei Gelöscht : C:\Users\Nici u. Tina u. Uli\AppData\Roaming\Mozilla\Firefox\Profiles\uxflsrki.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\searchplugins\Web Search.xml
***** [ Geplante Tasks ] *****
Task Gelöscht : BitGuard
Task Gelöscht : PriceMeterLiveUpdateUpdateTaskMachineCore
Task Gelöscht : PriceMeterLiveUpdateUpdateTaskMachineUA
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Ralf\Desktop\Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Ralf\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PriceMeterW]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Schlüssel Gelöscht : HKCU\Software\5c088dee23bbf42
Schlüssel Gelöscht : HKLM\SOFTWARE\5c088dee23bbf42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PriceMeterLiveUpdate
Schlüssel Gelöscht : HKCU\Software\RGMService
Schlüssel Gelöscht : HKCU\Software\Squeaky
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\PriceMeterLiveUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKU\.DEFAULT\Software\PriceMeterLiveUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Video Converter
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v37.0.1 (x86 de)
[uxflsrki.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJPy9s05aJXJaX6K4cKAdJ3R67KITpHo1J[...]
[uxflsrki.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[uxflsrki.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[uxflsrki.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[uxflsrki.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
[uxflsrki.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[uxflsrki.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJJ0oMlYt5yZ3wHrQm5GwQ8RsIrY1KMzkF_w_zLn[...]
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJJ0oMlYt5yZ3wHrQm5GwQ8RsIrY1KMzkF_w_zLn[...]
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJPy9s05aJXJaX6K4cKAdJ3R67KITpHo1J[...]
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.admin", false);
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.aflt", "babsst");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.dfltLng", "de");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.excTlbr", false);
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.id", "76f7f7c30000000000006c626db99242");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlDay", "15916");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlRef", "sst");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.newTab", false);
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prdct", "delta");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.rvrt", "false");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.smplGrp", "none");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrId", "base");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.016:50:57");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babExt", "");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4959");
[qms60p0b.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
*************************
AdwCleaner[R0].txt - [20364 Bytes] - [11/04/2015 14:37:33]
AdwCleaner[S0].txt - [19593 Bytes] - [11/04/2015 14:38:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19653 Bytes] ########## Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 11.04.2015
Suchlauf-Zeit: 14:49:48
Logdatei: malwarebytes.txt
Administrator: Ja
Version: 2.01.4.1018
Malware Datenbank: v2015.04.11.03
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ralf
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 427522
Verstrichene Zeit: 35 Min, 8 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 10
PUP.Optional.Delta.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [cb848be02e5cee48d59fd999cd36cb35],
PUP.Optional.Delta.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, In Quarantäne, [cb848be02e5cee48d59fd999cd36cb35],
PUP.Optional.Delta.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [123d5d0e26642e087ff4d59dd033df21],
PUP.Optional.Delta.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, In Quarantäne, [123d5d0e26642e087ff4d59dd033df21],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [97b8e388bcceae880d6865e232d3ef11],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [92bd45266a209d99d2a2a7a0a85d6997],
Adware.SmartBar, HKLM\SOFTWARE\WOW6432NODE\Smartbar, In Quarantäne, [024dea814446db5b2e10d5cc9c68ed13],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [6ce395d6e2a85dd90f209e40a45f7e82],
PUP.Optional.Linkury.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1000\SOFTWARE\SMARTBAR, In Quarantäne, [bb94ea814545181e3cdb598ba75c4bb5],
PUP.Optional.MyFreeCodec.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1001\SOFTWARE\Myfree Codec, In Quarantäne, [e06fd19aa4e6fd3944fe88cc52b3639d],
Registrierungswerte: 1
PUP.Optional.Linkury.A, HKU\S-1-5-21-2673137618-2872092124-354475989-1000\SOFTWARE\SMARTBAR|publisher, YahooOC, In Quarantäne, [bb94ea814545181e3cdb598ba75c4bb5]
Registrierungsdaten: 8
PUP.Optional.HelperBar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljI5gUo9rYnOxETyvX1yjjeZgXiE4-NQeueAGaOotKo54xUiRO1I7EIyVidQW4-V3_Cfb1eKbaZYH8xAPfxq4xX_-Tg1nSymQ,,, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljI5gUo9rYnOxETyvX1yjjeZgXiE4-NQeueAGaOotKo54xUiRO1I7EIyVidQW4-V3_Cfb1eKbaZYH8xAPfxq4xX_-Tg1nSymQ,,),Ersetzt,[94bbea81d9b1c76f23b44fa7f312fa06]
PUP.Optional.HelperBar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}),Ersetzt,[a7a85c0f2466b97d13c45b9b57ae8080]
PUP.Optional.HelperBar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}),Ersetzt,[92bd6cff088279bd40979462d72ed030]
PUP.Optional.HelperBar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}),Ersetzt,[0e4139321377350112c71cda42c3fe02]
PUP.Optional.HelperBar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}),Ersetzt,[97b87eeda3e7171f8f4af8fe5baab64a]
PUP.Optional.HelperBar.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljEOT4jks-Y-KkhOvs8OBp8S6yhRtE0HEFt8VOneC61VhcBM_2Rb71tD-vE4fKNIrBslP7YUl8UQRsKo8a65WThN-oOG3d9vA,,&q={searchTerms}),Ersetzt,[d679f972f69474c2d402ea0c06ffb24e]
PUP.Optional.SonicSearch.T, HKU\S-1-5-21-2673137618-2872092124-354475989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJDNR-Tw-B8-7JifrmnyQAJ0eKIytO1mjg--CefuUD0svrirgNP0snJ0Z9dxGrzRn-fZv-KIp_wpg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJDNR-Tw-B8-7JifrmnyQAJ0eKIytO1mjg--CefuUD0svrirgNP0snJ0Z9dxGrzRn-fZv-KIp_wpg,,&q={searchTerms}),Ersetzt,[79d698d3deacad89f72bd62052b3c23e]
PUP.Optional.SonicSearch.T, HKU\S-1-5-21-2673137618-2872092124-354475989-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJDNR-Tw-B8-7JifrmnyQAJ0eKIytO1mjg--CefuUD0svrirgNP0snJ0Z9dxGrzRn-fZv-KIp_wpg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJDNR-Tw-B8-7JifrmnyQAJ0eKIytO1mjg--CefuUD0svrirgNP0snJ0Z9dxGrzRn-fZv-KIp_wpg,,&q={searchTerms}),Ersetzt,[29262e3d107a142229f938be9c69f709]
Ordner: 0
(Keine schädliche Elemente gefunden)
Dateien: 4
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, In Quarantäne, [5ef1ff6cfd8d80b60ee36c50659c43bd],
PUP.Optional.SnapDo.A, C:\Users\Nici u. Tina u. Uli\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ({"sync":{"suppress_start":true}, "default_apps_install_state":3, "apps":{"shortcuts_have_been_created":true}, "invalidator":{"client_id":"/diEbZ3hvlyCOUuPwRMg/w=="}, "homepage_is_newtabpage":false, "session":{"restore_on_startup_migrated":true, "startup_urls":["hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb72-jYYOH4z_eALG4eqa_Mb1Kaw96KW0dPiueE9pBKXrlqXS9Ttv4L1CF1Hre9qljI5gUo9rYnOxETyvX1yjjeZgXiE4-NQeueAGaOotKo54xUiRO1I7EIyVidQW4-V3_Cfb1eKbaZYH8xAPfxq4xX_-Tg1nSymQ,,"], "restore_on_startup": 4}, "profile":{"icon_version":2, "exit_type":"Normal", "name":"Erster Nutzer", "avatar_index":0, "managed_user_id":"", "reset_prompt_memento":"878eca1b75e448c4128a01e7ff2e4d15", "content_settings":{"clear_on_exit_migrated":true, "pref_version":1}, "exited_cleanly":true}, "countryid_at_install":17477, "download":{"directory_upgrade":true}, "extensions":{"autoupdate":{"next_check":"13033471917856392"}, "settings":{"nmmhkkegccagdldgiimedpiccmgmieda":{"lastpingday":"13033468802823199"}, "aohghmighlieiainnegkcijnfilokake":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "ennkphjdgehloodpbhlhldgbnhmacadg":{"from_bookmark":false, "active_permissions":{"api":["app.currentWindowInternal", "app.runtime", "app.window"], "explicit_host":["chrome://settings-frame/*"]}, "path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\31.0.1650.63\\resources\\settings_app", "running":false, "location":5, "initial_keybindings_set":true, "install_time":"13033471456062392", "creation_flags":1, "page_ordinal":"n", "manifest":{"app":{"background":{"scripts":["settings_app.js"]}}, "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB", "name":"Settings", "icons":{"128":"settings_app_icon_128.png", "48":"settings_app_icon_48.png", "32":"settings_app_icon_32.png", "16":"settings_app_icon_16.png"}, "display_in_launcher":false, "version":"0.2", "permissions":["chrome://settings-frame/"], "description":"Settings", "manifest_version":2}, "was_installed_by_default":false, "from_webstore":false, "app_launcher_ordinal":"t"}, "apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "mgndgikekgjfcpckkfioiadnlibdjbkf":{"from_bookmark":false, "path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\26.0.1410.64\\resources\\chrome_app", "location":5, "was_installed_by_default":false, "install_time":"13010432243905659", "creation_flags":1, "page_ordinal":"n", "manifest":{"name":"Chrome", "display_in_new_tab_page":false, "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB", "app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}}, "icons":{"128":"product_logo_128.png", "16":"product_logo_16.png"}, "display_in_launcher":true, "version":"0.1", "description":"Chrome as an app"}, "from_webstore":false, "app_launcher_ordinal":"t"}, "eemcgdkfndhakfknompkggombfjjjeno":{"from_bookmark":false, "active_permissions":{"api":["bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs"], "explicit_host":["chrome://favicon/*", "chrome://resources/*"]}, "location":5, "was_installed_by_default":false, "install_time":"13009119069128495", "creation_flags":1, "manifest":{"description":"Bookmark Manager", "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB", "content_security_policy":"object-src 'none'; script-src chrome://resources 'self'", "chrome_url_overrides":{"bookmarks":"main.html"}, "name":"Bookmark Manager", "version":"0.1", "permissions":["bookmarks", "bookmarkManagerPrivate", "systemPrivate", "tabs", "chrome://favicon/", "chrome://resources/"], "incognito":"split", "manifest_version":2}, "from_webstore":false, "path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\resources\\bookmark_manager"}, "gfdkimpbcpahaombhbimeihdjnejgicl":{"from_bookmark":false, "active_permissions":{"api":["app.currentWindowInternal", "app.runtime", "app.window", "feedbackPrivate"], "explicit_host":["chrome://resources/*"]}, "location":5, "initial_keybindings_set":true, "install_time":"13033471456062392", "creation_flags":1, "manifest":{"name":"Feedback", "display_in_new_tab_page":false, "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB", "app":{"background":{"scripts":["js/event_handler.js"]}, "content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"}, "icons":{"64":"images/icon64.png", "32":"images/icon32.png"}, "display_in_launcher":false, "version":"1.0", "permissions":["feedbackPrivate", "chrome://resources/"], "description":"User feedback extension", "manifest_version":2}, "was_installed_by_default":false, "from_webstore":false, "path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\31.0.1650.63\\resources\\feedback"}, "ahfgeienlihckogmohjhadlkjgocpleb":{"from_bookmark":false, "active_permissions":{"api":["management", "webstorePrivate"]}, "path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\31.0.1650.63\\resources\\web_store", "location":5, "was_installed_by_default":false, "install_time":"13033471456062392", "creation_flags":1, "page_ordinal":"n", "manifest":{"name":"Store", "app":{"urls":["https://chrome.google.com/webstore"], "launch":{"web_url":"https://chrome.google.com/webstore"}}, "version":"0.2", "description":"Chrome Web Store", "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB", "permissions":["webstorePrivate", "management"], "icons":{"128":"webstore_icon_128.png", "16":"webstore_icon_16.png"}}, "from_webstore":false, "app_launcher_ordinal":"n"}, "blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true, "exclude_from_sideload_wipeout":true}, "mfehgcgbbipciphmccgaenjidiccnmng":{"from_bookmark":false, "active_permissions":{"api":["cloudPrintPrivate"]}, "location":5, "was_installed_by_default":false, "install_time":"13009119069128495", "creation_flags":1, "manifest":{"name":"Cloud Print", "app":{"urls":["https://www.google.com/cloudprint", "https://www.google.com/cloudprint/enable_chrome_connector"], "launch":{"web_url":"https://www.google.com/cloudprint"}}, "display_in_launcher":false, "description":"Cloud Print", "key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB", "permissions":["cloudPrintPrivate"], "version":"0.1"}, "from_webstore":false, "path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\resources\\cloud_print"}}, "last_chrome_version":"31.0.1650.63", "chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]}, "alerts":{"initialized":true}, "sideload_wipeout_done":true}, "google":{"services":{"signin":{"SID":"", "LSID":""}}}, "intl":{"accept_languages":"de-DE,de,en-US,en"}, "sync_promo":{"startup_count":4, "view_count":1}, "distribution":{"make_chrome_default_for_user":true}, "dns_prefetching":{"startup_list":[1, "https://clients2.google.com/", "https://clients2.googleusercontent.com/", "https://www.google.com/"], "host_referral_list":[2, ["https://accounts.google.com/", ["https://accounts.youtube.com/", 1.14650483592211, "https://ssl.gstatic.com/", 1.14650483592211]], ["https://www.google.com/", ["https://fonts.googleapis.com/", 2.08468633927053, "https://ssl.google-analytics.com/", 2.08468633927053, "https://ssl.gstatic.com/", 2.08468633927053, "https://www.google.com/", 4.50791148577302]]]}, "translate_blocked_languages":["de"], "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJPy9s05aJXJaX6K4cKAdJ3R67KITpHo1JdJbp4QgiRKDZwN7qy3DurQLy31_4edzIbSmrA2LF7Lg,,", "plugins":{"removed_old_component_pepper_flash_settings":true, "enabled_nacl":true, "migrated_to_pepper_flash":true, "enabled_internal_pdf3":true}, "default_search_provider":{"id":"2", "alternate_urls":["{google:baseURL}#q={searchTerms}", "{google:baseURL}search#q={searchTerms}", "{google:baseURL}webhp#q={searchTerms}"], "instant_url":"{google:baseURL}webhp?sourceid=chrome-instant&{google:RLZ}{google:instantEnabledParameter}{google:instantExtendedEnabledParameter}ie={inputEncoding}", "keyword":"google.com", "suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}", "name":"Google", "prepopulate_id":"1", "search_url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}", "enabled":true, "encodings":"UTF-8", "icon_url":"hxxp://www.google.com/favicon.ico"}, "browser":{"window_placement":{"work_area_top":0, "work_area_right":1920, "top":10, "left":10, "bottom":1030, "maximized":false, "right":955, "work_area_left":0, "work_area_bottom":1040}, "last_prompted_google_url":"https://www.google.de/", "last_known_google_url":"https://www.google.de/"}}), Ersetzt,[ba955f0c11790a2c43247ac341c506fa]
PUP.Optional.SonicSearch.T, C:\Users\Nici u. Tina u. Uli\AppData\Roaming\Mozilla\Firefox\Profiles\uxflsrki.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJDNR-Tw-B8-7JifrmnyQAJ0eKIytO1mjg--CefuUD0svrirgNP0snJ0Z9dxGrzRn-fZv-KIp_wpg,,&q=");), Ersetzt,[9bb42a415931d56184421b2360a642be]
PUP.Optional.SonicSearch.T, C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJDNR-Tw-B8-7JifrmnyQAJ0eKIytO1mjg--CefuUD0svrirgNP0snJ0Z9dxGrzRn-fZv-KIp_wpg,,&q=");), Ersetzt,[f758115af09a52e48d3981bdbc4a916f]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ralf (administrator) on RALF-PC on 11-04-2015 15:50:01
Running from C:\Users\Ralf\Desktop
Loaded Profiles: Ralf & Nici u. Tina u. Uli (Available profiles: Ralf & Nici u. Tina u. Uli)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
() C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11774568 2011-01-13] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-12-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-03-31] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UCam_Menu] => C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-12-30] (Bitleader)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2011-11-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-03-03] (Google Inc.)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe [2410760 2014-08-25] ()
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\MountPoints2: {30699d64-2a9d-11e4-97f4-6c626db99242} - J:\Startme.exe
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\MountPoints2: {bd0f6348-d2c4-11e3-a18c-6c626db99242} - J:\Startme.exe
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2673137618-2872092124-354475989-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-03-03] (Google Inc.)
HKU\S-1-5-21-2673137618-2872092124-354475989-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2673137618-2872092124-354475989-1001\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
AppInit_DLLs: C:\Users\Ralf\AppData\Local\RGMService\ptwwolab\mydfzl.dll => C:\Users\Ralf\AppData\Local\RGMService\ptwwolab\mydfzl.dll File Not Found
AppInit_DLLs-x32: C:\Users\Ralf\AppData\Local\RGMService\ptwwolab\ltzsbp.dll => "C:\Users\Ralf\AppData\Local\RGMService\ptwwolab\ltzsbp.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk
ShortcutTarget: NETGEAR WG111v3 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
HKU\S-1-5-21-2673137618-2872092124-354475989-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
HKU\S-1-5-21-2673137618-2872092124-354475989-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDND&bmod=MDND
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2673137618-2872092124-354475989-1000 -> URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP02218960-35E3-4E81-850A-B5B6AC97F184&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2673137618-2872092124-354475989-1000 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2673137618-2872092124-354475989-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-02] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-02] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2673137618-2872092124-354475989-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-2673137618-2872092124-354475989-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default
FF Keyword.URL: hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRbkHo3StMBGUg0mY5TZ5rf5BicnKk4qxirSZUmiflu9n7cH8dwadwRExTEcfigI_3KJdIMMhN1OU5pYtjVVh8J9HeqJDNR-Tw-B8-7JifrmnyQAJ0eKIytO1mjg--CefuUD0svrirgNP0snJ0Z9dxGrzRn-fZv-KIp_wpg,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-21] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-02-02] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-22] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2673137618-2872092124-354475989-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-03-07] ()
FF SearchPlugin: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\searchplugins\google-images.xml [2015-01-16]
FF SearchPlugin: C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\searchplugins\google-maps.xml [2015-01-16]
FF Extension: Avira Browser Safety - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\Extensions\abs@avira.com [2015-03-31]
FF HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\qms60p0b.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Ralf\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.5.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Chrome.QUZO7KASVC7SPRMSS4SYXQEQHU - C:\Users\Ralf\AppData\Local\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-03-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-03-31] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 JSWPSLWF; C:\Windows\SysWOW64\DRIVERS\jswpslwfx.sys [26624 2008-10-01] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [43328 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [41280 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 15:46 - 2015-04-11 15:46 - 00019978 _____ () C:\Users\Ralf\Desktop\malwarebytes.txt
2015-04-11 15:46 - 2015-04-11 15:46 - 00000820 _____ () C:\Users\Ralf\Desktop\lol.txt
2015-04-11 14:47 - 2015-04-11 15:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 14:46 - 2015-04-11 14:46 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 14:46 - 2015-04-11 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-11 14:46 - 2015-04-11 14:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 14:46 - 2015-04-11 14:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 14:46 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 14:46 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 14:46 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-11 14:45 - 2015-04-11 14:45 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Ralf\Desktop\malwarebytes Anti-Malware.exe
2015-04-11 14:41 - 2015-04-11 14:41 - 00019842 _____ () C:\Users\Ralf\Desktop\AdwCleaner[S0].txt
2015-04-11 14:37 - 2015-04-11 14:38 - 00000000 ____D () C:\AdwCleaner
2015-04-11 14:35 - 2015-04-11 14:35 - 02217984 _____ () C:\Users\Ralf\Desktop\AdwCleaner_4.201.exe
2015-04-11 14:30 - 2015-04-11 14:30 - 00000000 ____D () C:\Users\Ralf\Desktop\RevoUninstallerPortable
2015-04-11 14:29 - 2015-04-11 14:29 - 02785665 _____ (PortableApps.com) C:\Users\Ralf\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-04-11 11:40 - 2015-04-11 11:42 - 00009274 _____ () C:\Users\Ralf\Desktop\Ereignisse.txt
2015-04-11 11:29 - 2015-04-11 15:50 - 00021086 _____ () C:\Users\Ralf\Desktop\FRST.txt
2015-04-11 11:19 - 2015-04-11 11:19 - 00000405 _____ () C:\DomainBlackList.xml
2015-04-11 11:09 - 2015-04-11 11:09 - 00471440 _____ () C:\Windows\Minidump\041115-17175-01.dmp
2015-04-11 10:58 - 2015-04-11 10:58 - 00031883 _____ () C:\Users\Ralf\Desktop\gmer.log
2015-04-11 10:40 - 2015-04-11 10:40 - 00491224 _____ () C:\Windows\Minidump\041115-21403-01.dmp
2015-04-10 22:43 - 2015-04-11 11:09 - 630475035 _____ () C:\Windows\MEMORY.DMP
2015-04-10 22:43 - 2015-04-10 22:43 - 00471496 _____ () C:\Windows\Minidump\041015-16302-01.dmp
2015-04-10 20:02 - 2015-04-11 15:32 - 00001292 _____ () C:\Windows\PFRO.log
2015-04-10 20:02 - 2015-04-11 15:32 - 00000560 _____ () C:\Windows\setupact.log
2015-04-10 20:02 - 2015-04-10 20:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-08 15:53 - 2015-04-08 15:53 - 00380416 _____ () C:\Users\Ralf\Desktop\Gmer-19357.exe
2015-04-08 15:43 - 2015-04-08 15:44 - 00000470 _____ () C:\Users\Ralf\Downloads\defogger_disable.log
2015-04-08 15:43 - 2015-04-08 15:43 - 00000000 _____ () C:\Users\Ralf\defogger_reenable
2015-04-08 15:42 - 2015-04-08 15:42 - 00050477 _____ () C:\Users\Ralf\Downloads\Defogger(1).exe
2015-04-06 13:51 - 2015-04-06 13:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 15:50 - 2015-04-05 15:50 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 15:50 - 2015-04-05 15:50 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 15:48 - 2015-04-11 15:50 - 00000000 ____D () C:\FRST
2015-04-05 15:47 - 2015-04-05 15:47 - 02095616 _____ (Farbar) C:\Users\Ralf\Desktop\FRST64.exe
2015-04-05 15:45 - 2015-04-05 15:45 - 00050477 _____ () C:\Users\Ralf\Downloads\Defogger.exe
2015-03-30 13:47 - 2015-03-30 13:48 - 00000000 ____D () C:\Users\Ralf\mods
2015-03-29 00:03 - 2015-03-29 00:03 - 00001166 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-03-29 00:03 - 2015-03-29 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-03-29 00:03 - 2015-03-29 00:03 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2015-03-28 23:42 - 2015-03-28 23:42 - 01203488 _____ () C:\Users\Ralf\Downloads\TeamSpeak 3 32 Bit - CHIP-Installer.exe
2015-03-27 19:45 - 2014-05-24 15:02 - 00000000 ____D () C:\Users\Ralf\Downloads\The Sims - NacktMod
2015-03-27 19:26 - 2015-03-27 19:28 - 90505062 _____ () C:\Users\Ralf\Downloads\The Sims - NacktMod.rar
2015-03-27 15:27 - 2015-03-27 19:00 - 00000000 ____D () C:\ProgramData\Packer2e49bfab-269f-4c43-806c-3ec5ed84242e
2015-03-25 16:06 - 2015-03-25 16:06 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Geckofx
2015-03-25 14:58 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 14:58 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 14:58 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 14:58 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 14:58 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 14:58 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 14:58 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 14:58 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 17:50 - 2015-03-22 18:31 - 00000000 ____D () C:\Users\Ralf\AppData\Local\CyberGhost
2015-03-22 17:48 - 2015-03-22 18:31 - 00000000 ____D () C:\Program Files\CyberGhost 5
2015-03-22 17:48 - 2015-03-22 17:50 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-03-22 17:48 - 2015-03-22 17:48 - 00001732 _____ () C:\Users\Ralf\Desktop\CyberGhost 5.lnk
2015-03-22 17:48 - 2015-03-22 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-03-22 17:46 - 2015-03-22 17:46 - 01203488 _____ () C:\Users\Ralf\Downloads\CyberGhost VPN - CHIP-Installer.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 15:46 - 2015-02-22 12:41 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 15:41 - 2011-07-02 11:51 - 01090701 _____ () C:\Windows\WindowsUpdate.log
2015-04-11 15:41 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 15:41 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 15:37 - 2013-07-14 14:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 15:34 - 2012-12-30 18:01 - 00000373 _____ () C:\Windows\lgfwup.ini
2015-04-11 15:34 - 2012-12-30 18:01 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2015-04-11 15:33 - 2015-02-22 12:41 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 15:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 15:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2015-04-11 14:38 - 2014-12-09 15:04 - 00001184 _____ () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-04-11 14:38 - 2014-12-09 15:02 - 00001176 _____ () C:\Users\Ralf\Desktop\Chrome.lnk
2015-04-11 14:38 - 2014-08-15 16:27 - 00001083 _____ () C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-04-11 11:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-11 11:09 - 2013-10-26 17:41 - 00000000 ____D () C:\Windows\Minidump
2015-04-10 20:04 - 2014-07-19 14:51 - 100412644 _____ () C:\Windows\SysWOW64\console.log
2015-04-10 19:58 - 2012-07-24 20:39 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\TS3Client
2015-04-10 19:52 - 2014-10-27 09:56 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-10 19:52 - 2013-02-24 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-10 19:52 - 2012-10-04 18:21 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-08 15:43 - 2011-07-02 11:55 - 00000000 ____D () C:\Users\Ralf
2015-04-07 22:36 - 2012-08-01 16:18 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Skype
2015-04-07 20:19 - 2013-07-14 12:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 10:33 - 2010-05-12 10:18 - 00713448 _____ () C:\Windows\system32\perfh007.dat
2015-04-01 10:33 - 2010-05-12 10:18 - 00155384 _____ () C:\Windows\system32\perfc007.dat
2015-04-01 10:33 - 2009-07-14 07:13 - 01658380 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 23:58 - 2012-07-24 20:38 - 00000000 ____D () C:\Users\Ralf\AppData\Local\TeamSpeak 3 Client
2015-03-27 15:20 - 2014-12-12 17:41 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-27 15:20 - 2014-05-07 17:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-23 15:17 - 2012-10-04 18:26 - 00000000 ____D () C:\Users\Ralf\AppData\Roaming\Avira
2015-03-23 15:11 - 2012-10-04 18:21 - 00000000 ____D () C:\ProgramData\Avira
2015-03-23 15:05 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 17:52 - 2013-12-13 14:02 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-21 10:42 - 2014-09-20 17:36 - 00000000 ____D () C:\Users\Ralf\AppData\Local\Adobe
2015-03-21 10:41 - 2013-07-14 14:23 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-21 10:41 - 2013-07-14 14:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-21 10:41 - 2011-09-09 16:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-14 16:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 18:43 - 2009-07-14 06:45 - 00420840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
==================== Files in the root of some directories =======
2013-06-26 15:13 - 2013-06-26 15:13 - 0000288 _____ () C:\Users\Ralf\AppData\Roaming\.backup.dm
2015-02-15 18:56 - 2015-02-15 18:56 - 0003584 _____ () C:\Users\Ralf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-03 19:38 - 2012-10-03 19:38 - 0006786 _____ () C:\Users\Ralf\AppData\Local\recently-used.xbel
2014-10-19 09:11 - 2014-10-19 09:12 - 0000000 _____ () C:\Users\Ralf\AppData\Local\{8731E859-BCAE-48AD-B9F1-3346F4FA4430}
2014-09-25 19:24 - 2014-09-25 19:24 - 0000000 _____ () C:\Users\Ralf\AppData\Local\{927B78E5-938B-475C-A087-1F7490F79708}
Some content of TEMP:
====================
C:\Users\Nici u. Tina u. Uli\AppData\Local\Temp\AskSLib.dll
C:\Users\Nici u. Tina u. Uli\AppData\Local\Temp\avgnt.exe
C:\Users\Nici u. Tina u. Uli\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Ralf\AppData\Local\Temp\avgnt.exe
C:\Users\Ralf\AppData\Local\Temp\Quarantine.exe
C:\Users\Ralf\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-07 12:39
==================== End Of Log ============================ --- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Ralf at 2015-04-11 15:50:18
Running from C:\Users\Ralf\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Action Replay Code Manager (HKLM-x32\...\Action Replay Code Manager_is1) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Age of Mythology - The Titans Expansion (HKLM-x32\...\Age of Mythology Expansion Pack 1.0) (Version: - )
Age of Mythology (HKLM-x32\...\Age of Mythology 1.0) (Version: - )
ANNO 1503 (HKLM-x32\...\{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}) (Version: 1.04.00 - )
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM-x32\...\{356DC986-755B-471C-83C7-49BD0CB1614F}) (Version: 11.0.55900.0 - Audials AG)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar plus Web Protection Updater (HKU\S-1-5-21-2673137618-2872092124-354475989-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.1.29403 - Ask.com) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Chromium Browser (HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\Chromium) (Version: 41.0.2231.0 - Chrome)
Cliqz (HKLM-x32\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.53 - Cliqz.com)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free Video Player 2.1 (HKLM-x32\...\FreeVideoPlayer) (Version: 2.1 - FreeVideoPlayer Software Inc)
Free YouTube Download version 3.2.51.1215 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.51.1215 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 4.2 (HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\GeoGebra 4.2) (Version: - International GeoGebra Institute)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.6009 - CyberLink Corp.)
LG Burning Tool (x32 Version: 6.2.6009 - CyberLink Corp.) Hidden
LG CyberLink BD Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.4606 - CyberLink Corp.)
LG CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820 - CyberLink Corp.)
LG CyberLink Media Suite (x32 Version: 8.0.2820 - CyberLink Corp.) Hidden
LG CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1622_37397b - CyberLink Corp.)
LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b - CyberLink Corp.) Hidden
LG CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
LG CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
LG CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3424.52 - CyberLink Corp.)
LG CyberLink PowerDVD (x32 Version: 10.0.3424.52 - CyberLink Corp.) Hidden
LG CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820a - CyberLink Corp.)
LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a - CyberLink Corp.) Hidden
LG CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3718 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3718 - CyberLink Corp.) Hidden
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 German Language Pack (HKLM-x32\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\MPEG4E) (Version: - )
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MyFreeCodec (HKU\S-1-5-21-2673137618-2872092124-354475989-1000\...\MyFreeCodec) (Version: - )
NETGEAR WG111v3 wireless USB 2.0 adapter (HKLM-x32\...\InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}) (Version: 1.00.0000 - NETGEAR)
NETGEAR WG111v3 wireless USB 2.0 adapter (x32 Version: 1.00.0000 - NETGEAR) Hidden
NVIDIA Graphics Driver 263.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 263.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.15.109 - Electronic Arts, Inc.)
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6285 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RGMUpdater Monetization Control (HKLM-x32\...\RGMUpdater Monetization Control2e49bfab-269f-4c43-806c-3ec5ed84242e) (Version: 2.2.0322.1140 - )
SA31xx Device Manager & Media Converter (HKLM-x32\...\{E572B060-C98B-4984-A48E-E4FA56265903}) (Version: 0.3 - Philips)
SA31xx Device Manager & Media Converter (x32 Version: 0.3 - Philips) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - )
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version: - )
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version: - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
watchmi (HKLM-x32\...\{AA4D1C5E-116A-4FF4-AA91-28F526868203}) (Version: 2.5.0 - Axel Springer Digital TV Guide GmbH)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
WN111v2 (x32 Version: 3.0.0.5 - NETGEAR) Hidden
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-04-2015 10:59:49 Windows Update
11-04-2015 14:32:28 Revo Uninstaller's restore point - Ask Toolbar Updater
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {00DD864F-B44F-4A9F-AB39-A137CDE57019} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {044BA9AF-19E4-47C2-8D42-2391334D3D48} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {19FD396B-21A8-46CF-89F2-9A7BE4CBB2E8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {373B061E-22A9-423C-8B41-F9FEAE06AFC2} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {37BEF8F3-BC60-4EC7-A968-F4A0D7F8479B} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5711C064-C393-4843-AF4D-3AEA9C0B3433} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {58E29590-90CA-47BC-8DB7-D2A5675F29F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-21] (Adobe Systems Incorporated)
Task: {84437ED9-79C8-46F2-AEDB-8F78EC250210} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: {B78BFF39-EE56-4678-8257-0FCE5483291D} - System32\Tasks\{DA278E11-6C14-4727-9BA1-34DB0316DF59} => pcalua.exe -a "C:\Users\Ralf\Downloads\AVM_FRITZ!WLAN_Repeater_300E_Assistent (1).exe" -d C:\Users\Ralf\Downloads
Task: {BA6BA047-B029-4194-AD30-98B36EED63AF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C476B228-3B62-416D-BCCB-05CAC1B4C5A1} - System32\Tasks\{6C2F2F6A-1165-4B99-B94C-1043DC8D293D} => I:\wn111v2_setup_3.1.exe
Task: {E700A43C-428B-4DE8-B587-860ABBA226E6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E7D3BD4B-8096-4770-980A-11FF3F4D3642} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F1326A3D-B22C-41BA-824F-E0A12F8ABCA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-30 17:54 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00062464 _____ () C:\Program Files (x86)\watchmi\TvdService.exe
2011-07-02 11:54 - 2011-07-02 11:54 - 00061952 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
2011-07-02 11:54 - 2011-07-02 11:54 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\FingerPrint\1.0.0.0__a62e68e935d72fa6\FingerPrint.dll
2011-07-02 11:54 - 2011-07-02 11:54 - 00078848 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Reporting\2.5.0.5__f722db7bec59a14b\Tvd.Reporting.dll
2011-07-02 11:54 - 2011-07-02 11:54 - 00148480 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Aprico\2.5.0.5__f722db7bec59a14b\Tvd.Aprico.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 02410760 _____ () C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
2014-09-25 20:44 - 2014-09-25 20:44 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2006-05-29 20:29 - 2006-05-29 20:29 - 01708032 _____ () C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
2014-05-03 15:26 - 2014-06-23 09:07 - 00113376 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 01070080 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2010-12-06 12:52 - 2010-12-06 12:52 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2014-05-03 15:26 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-05-03 15:26 - 2014-12-04 15:18 - 00241152 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2014-05-03 15:26 - 2013-05-20 12:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 00046080 _____ () C:\Program Files (x86)\Audials\Audials 11\boost_thread-vc90-mt-1_39.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 00045056 _____ () C:\Program Files (x86)\Audials\Audials 11\boost_date_time-vc90-mt-1_39.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 00545032 _____ () C:\Program Files (x86)\Audials\Audials 11\StreamingClient.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 00012800 _____ () C:\Program Files (x86)\Audials\Audials 11\boost_system-vc90-mt-1_39.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 00068360 _____ () C:\Program Files (x86)\Audials\Audials 11\CrashRpt.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 00409352 _____ () C:\Program Files (x86)\Audials\Audials 11\SQLite3.dll
2014-08-25 18:18 - 2014-08-25 18:18 - 00614912 _____ () C:\Program Files (x86)\Audials\Audials 11\boost_regex-vc90-mt-1_39.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 00295424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Utils\c11490e9f256b2330dff3409813f523c\Utils.ni.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 00590848 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ManagedInterfaces\40353e576872bbca5fe73a8926399b64\ManagedInterfaces.ni.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 02998784 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\AudialsComponents\51255206e1f5063c790b30bf53314a79\AudialsComponents.ni.dll
2014-10-21 21:22 - 2014-10-21 21:22 - 00178688 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\fastJSON\5eb343ddf4da1ba8f3c0551fdbbe4af1\fastJSON.ni.dll
2009-12-15 14:46 - 2009-12-15 14:46 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 14:49 - 2009-12-15 14:49 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-10-21 20:32 - 2014-10-21 20:32 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-02-02 21:53 - 2010-11-06 09:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2673137618-2872092124-354475989-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ralf\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
HKU\S-1-5-21-2673137618-2872092124-354475989-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nici u. Tina u. Uli\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-2673137618-2872092124-354475989-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2673137618-2872092124-354475989-1005 - Limited - Enabled)
Gast (S-1-5-21-2673137618-2872092124-354475989-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2673137618-2872092124-354475989-1003 - Limited - Enabled)
Nici u. Tina u. Uli (S-1-5-21-2673137618-2872092124-354475989-1001 - Limited - Enabled) => C:\Users\Nici u. Tina u. Uli
Ralf (S-1-5-21-2673137618-2872092124-354475989-1000 - Administrator - Enabled) => C:\Users\Ralf
==================== Faulty Device Manager Devices =============
Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/11/2015 09:14:43 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={E768B446-0037-4ABE-A9BF-57EC7D626CFE}: Der Benutzer "Ralf-PC\Ralf" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
Error: (04/11/2015 09:14:39 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={219C08B1-7B58-4A4B-977C-4F54540F4BCA}: Der Benutzer "Ralf-PC\Ralf" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
Error: (04/11/2015 09:14:11 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={F0905305-2F57-4E2A-9E81-48237E5AEF4A}: Der Benutzer "Ralf-PC\Ralf" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
Error: (04/11/2015 09:14:07 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={3F0B7B9E-0AB5-4234-9CBD-EDB394CB24BB}: Der Benutzer "Ralf-PC\Ralf" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.
Error: (04/07/2015 09:23:37 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (04/06/2015 04:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13135
Error: (04/06/2015 04:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13135
Error: (04/06/2015 04:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/06/2015 04:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12137
Error: (04/06/2015 04:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12137
System errors:
=============
Error: (04/11/2015 03:34:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/11/2015 03:33:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/11/2015 02:41:14 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/11/2015 02:40:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/11/2015 02:39:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (04/11/2015 02:38:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/11/2015 02:38:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/11/2015 02:38:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Email-Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/11/2015 02:38:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/11/2015 02:38:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (04/11/2015 09:14:43 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {E768B446-0037-4ABE-A9BF-57EC7D626CFE}Ralf-PC\RalfBreitbandverbindung651
Error: (04/11/2015 09:14:39 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {219C08B1-7B58-4A4B-977C-4F54540F4BCA}Ralf-PC\RalfBreitbandverbindung651
Error: (04/11/2015 09:14:11 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {F0905305-2F57-4E2A-9E81-48237E5AEF4A}Ralf-PC\RalfBreitbandverbindung651
Error: (04/11/2015 09:14:07 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {3F0B7B9E-0AB5-4234-9CBD-EDB394CB24BB}Ralf-PC\RalfBreitbandverbindung651
Error: (04/07/2015 09:23:37 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.NullReferenceException: Object reference not set to an instance of an object.
at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
at System.ServiceProcess.ServiceBase.DeferredSessionChange(Int32 eventType, Int32 sessionId)
Error: (04/06/2015 04:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13135
Error: (04/06/2015 04:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13135
Error: (04/06/2015 04:06:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/06/2015 04:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12137
Error: (04/06/2015 04:06:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12137
CodeIntegrity Errors:
===================================
Date: 2014-11-28 16:43:13.594
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-11-28 16:43:13.335
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-07 14:48:37.500
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-07 14:48:37.440
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-07 14:47:30.866
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-07 14:47:30.796
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-07 14:47:19.130
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-07 14:47:19.052
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 30%
Total physical RAM: 6135.11 MB
Available physical RAM: 4271.16 MB
Total Pagefile: 12268.41 MB
Available Pagefile: 9972.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:900.41 GB) (Free:728.16 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:10.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=900.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================ |