Code:
# AdwCleaner v3.011 - Bericht erstellt am 06/11/2013 um 05:46:17
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Estefan - ESTEFAN-PC
# Gestartet von : C:\Users\Estefan\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\VisualBee
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protected Search
Ordner Gelöscht : C:\Program Files (x86)\Browser Updater
Ordner Gelöscht : C:\Program Files (x86)\myfree codec
Ordner Gelöscht : C:\Program Files (x86)\Protected Search
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Users\Estefan\AppData\Local\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Estefan\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Estefan\AppData\Local\visualbeeexe
Ordner Gelöscht : C:\Users\Estefan\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Estefan\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Estefan\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Estefan\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Estefan\AppData\Roaming\VisualBee
Ordner Gelöscht : C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf
Ordner Gelöscht : C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Datei Gelöscht : C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\searchplugins\visualbee.xml
Datei Gelöscht : C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\user.js
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\ProtectedSearch
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HomeTab_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5b6dddbbc3dec17
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_buchstabensalat_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_buchstabensalat_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\ProtectedSearch
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\visualbee
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\visualbee
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v25.0 (de)
[ Datei : C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Web Search");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1368412025443&tguid=43169-3580-1368412022817-203532&st=chrome&q=");
-\\ Google Chrome v27.0.1453.110
[ Datei : C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [11785 octets] - [06/11/2013 05:44:37]
AdwCleaner[S0].txt - [9529 octets] - [06/11/2013 05:46:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9589 octets] ##########
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Estefan (administrator) on ESTEFAN-PC on 06-11-2013 05:57:20
Running from C:\Users\Estefan\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
(Pegatron Corporation) C:\Program Files (x86)\PHotkey\POSD.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11817576 2011-04-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2209896 2011-04-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [694152 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
MountPoints2: F - F:\StartVMCLite.exe
MountPoints2: {354391cc-8628-11e1-8778-806e6f6e6963} - F:\autorun.exe
MountPoints2: {cc00ec38-c8f6-11e1-94c4-bc7737ccfd16} - F:\StartVMCLite.exe
MountPoints2: {cc00ec42-c8f6-11e1-94c4-bc7737ccfd16} - F:\StartVMCLite.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [239720 2011-06-12] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [200808 2011-06-12] (NVIDIA Corporation)
IMEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\chrome.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IMEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=2.9&ts=1368419219667&tguid=43169-3580-1368419219667-D41D8CD98F00B204E9800998ECF8427E&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {81687D27-F2DC-446E-B7F4-B101BAD965C0} URL = hxxp://search.avg.com/route/?d=4e49e958&v=7.7.26.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default
FF DefaultSearchEngine: Wikipedia (de)
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.protopage.com/stefanerdmann
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\Extensions\de_DE@dicts.j3e.de
FF Extension: tineye - C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\Extensions\tineye@ideeinc.com.xpi
FF Extension: No Name - C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: aios - C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: Adblock Plus - C:\Users\Estefan\AppData\Roaming\Mozilla\Firefox\Profiles\ngk7wcoj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [avg@igeared] - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF Extension: AVG Security Toolbar - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF HKLM-x32\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "about:newtab?source=home"]}},"browser":{"check_default_browser":false,"last_known_google_url":"https://www.google.com/","last_prompted_google_url":"https://www.google.com/","window_placement":{"bottom":728,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":738,"work_area_left":0,"work_area_right":1366,"work_area_top":0}},"countryid_at_install":17747,"default_apps_install_state":3,"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"require_eula":true,"show_welcome_page":false,"skip_first_run_ui":true,"system_level":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://a4.mediagra.com/",["hxxp://static.xhamster.com/",2.769335610733740,"hxxp://syndication.exoclick.com/",2.145776599045350]],["hxxp://ad.adorika.com/",["hxxp://ad.adorika.com/",2.27338020,"hxxp://ad.yieldmanager.com/",2.60370040,"hxxp://content.yieldmanager.edgesuite.net/",2.27338020,"hxxp://cookex.amp.yahoo.com/",2.27338020]],["hxxp://adbucks.brandreachsys.com/",["hxxp://ajax.googleapis.com/",2.145776599045350,"hxxp://lg.brandreachsys.com/",2.145776599045350]],["hxxp://ads.traffichaus.com/",["hxxp://cdn.cdntraffic.com/",1.246479792388350,"hxxp://syndication1.traffichaus.com/",1.246479792388350]],["hxxp://cdn1.certified-apps.com/",["hxxp://api.toolbar.widdit.com/",0.562974326483060,"hxxp://cdn1.widdit.com/",0.562974326483060,"hxxp://hometab.widdit.com/",0.7677547663310260,"https://ajax.googleapis.com/",0.562974326483060]],["hxxp://custom.exoclick.com/",["hxxp://syndication.exoclick.com/",1.153521607830680]],["hxxp://media.newhometab.com/",["hxxp://ad.adorika.com/",2.27338020,"hxxp://cas.criteo.com/",2.27338020,"hxxp://cas.eu.criteo.com/",2.27338020,"hxxp://cas.fr.eu.criteo.com/",2.27338020,"hxxp://cdn1.simplyinstaller.com/",2.27338020,"hxxp://media.newhometab.com/",2.27338020,"hxxp://www.google-analytics.com/",2.60370040]],["hxxp://syndication.exoclick.com/",["hxxp://static.exoclick.com/",0.4829238156333840]],["hxxp://syndication.traffichaus.com/",["hxxp://adbucks.brandreachsys.com/",0.6845524269117720,"hxxp://ads.traffichaus.com/",0.8266857311434480,"hxxp://www.google-analytics.com/",0.3566578398596390]],["hxxp://www-ig-opensocial.googleusercontent.com/",["hxxp://csi.gstatic.com/",1.076597812772350,"hxxp://nt0.ggpht.com/",0.3955637293046470,"hxxp://nt1.ggpht.com/",2.145776599045350,"hxxp://www-ig-opensocial.googleusercontent.com/",1.076597812772350]],["hxxp://www.18schoolgirlz.com/",["hxxp://cdn1.niche.videosz.com/",14.3051773269690,"hxxp://cdn2.niche.videosz.com/",14.3051773269690,"hxxp://cdn3.niche.videosz.com/",14.3051773269690,"hxxp://streamate.doublepimp.com/",2.145776599045350,"hxxp://www.18schoolgirlz.com/",6.51068968086410,"hxxp://www.facebook.com/",2.457556104889550,"hxxp://www.google-analytics.com/",2.145776599045350]],["hxxp://www.get-a-fuck-tonight.com/",["hxxp://www.get-a-fuck-tonight.com/",3.081115116577940]],["hxxp://www.google.es/",["hxxp://clients1.google.es/",0.3955637293046470,"hxxp://g0.gstatic.com/",0.9372435222660740,"hxxp://id.google.es/",0.3955637293046470,"hxxp://igoogle-skins.googleusercontent.com/",0.7073432351488430,"hxxp://ssl.gstatic.com/",0.7648183069281510,"hxxp://www-ig-opensocial.googleusercontent.com/",0.9947185940453820,"hxxp://www.google.es/",1.167143809383310,"hxxp://www.gstatic.com/",0.3955637293046470]],["hxxp://www.skype.com/",["hxxp://ajax.aspnetcdn.com/",2.084686339270530,"hxxp://api.skype.com/",2.084686339270530,"hxxp://metrics.skype.com/",2.084686339270530,"hxxp://www.skypeassets.com/",7.536942918901140]],["hxxp://www.watchmygf.com/",["hxxp://cdn1.image.watchmygf.com/",22.72322398476230,"hxxp://www.google-analytics.com/",2.145776599045350,"hxxp://www.watchmygf.com/",2.457556104889550]],["hxxp://xhamster.com/",["hxxp://cnt1.xhamster.com/",0.9347002865441551,"hxxp://et15.xhamster.com/",1.206322592035620,"hxxp://et17.xhamster.com/",1.477944897527080,"hxxp://et19.xhamster.com/",1.206322592035620,"hxxp://et3.xhamster.com/",1.070511439289890,"hxxp://et6.xhamster.com/",1.206322592035620,"hxxp://et7.xhamster.com/",1.070511439289890,"hxxp://et8.xhamster.com/",1.342133744781350,"hxxp://eu-st.xhamster.com/",3.922545646950260,"hxxp://static.xhamster.com/",0.9347002865441551]],["hxxp://xhamsterpremiumpass.com/",["hxxp://e10.xhamsterpremiumpass.com/",0.5429665975643661,"hxxp://e14.xhamsterpremiumpass.com/",0.4071554448186340,"hxxp://e17.xhamsterpremiumpass.com/",0.5429665975643661,"hxxp://e19.xhamsterpremiumpass.com/",0.5429665975643661,"hxxp://e4.xhamsterpremiumpass.com/",0.4071554448186340,"hxxp://static.xhamsterpremiumpass.com/",0.5170734950753980,"hxxp://www.google-analytics.com/",0.5429665975643661]]],"startup_list":[1,"hxxp://api.toolbar.widdit.com/","hxxp://apps.shared.certified-toolbar.com/","hxxp://cdn1.certified-apps.com/","hxxp://cdn1.widdit.com/","hxxp://cdn3.widdit.com/","hxxp://hometab.widdit.com/","https://ajax.googleapis.com/","https://hometab.widdit.com/","https://ssl.widdit.com/","https://static.app.widdit.com/"]},"download":{"directory_upgrade":true},"extensions":{"autoupdate":{"next_check":"13015112647733477"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://djbdlklldbflagkkpaljamjfbpefcbpf/bundler/newtab.html"]},"last_chrome_version":"27.0.1453.110","settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","webstorePrivate"]},"app_launcher_ordinal":"n","creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13015112238315938","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.110\\resources\\web_store","was_installed_by_default":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"app_launcher_ordinal":"t","creation_flags":137,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"install_time":"13005950248459893","location":1,"manifest":{"app":{"launch":{"local_path":"main.html"}},"description":"Create, share, and access your Google Docs from anywhere.","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Docs","offline_enabled":true,"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.6"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0","state":1,"was_installed_by_default":true},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"]},"app_launcher_ordinal":"yn","creation_flags":137,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"]},"install_time":"13005950254943893","location":1,"manifest":{"app":{"launch":{"web_url":"https://drive.google.com/"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","https://docs.google.com/","https://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"de","default_locale":"en_US","description":"Google Drive: Alle Inhalte an einem Ort erstellen, teilen und speichern.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"https://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"6.2"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\6.2_0","state":1,"was_installed_by_default":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"app_launcher_ordinal":"x","creation_flags":153,"exclude_from_sideload_wipeout":true,"from_bookmark":true,"from_webstore":true,"install_time":"13005950254810893","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"de","default_locale":"en","description":"Die beliebteste Online-Video-Community der Welt","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1,"was_installed_by_default":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"w","creation_flags":153,"exclude_from_sideload_wipeout":true,"from_bookmark":true,"from_webstore":true,"install_time":"13005950254763893","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"de","default_locale":"en","description":"Die schnellste Suche im Web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google-Suche","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1,"was_installed_by_default":true},"djbdlklldbflagkkpaljamjfbpefcbpf":{"ack_external":true,"active_permissions":{"api":["bookmarks","browsingData","contextMenus","cookies","geolocation","history","idle","management","notifications","plugin","tabs","topSites","unlimitedStorage","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["<all_urls>","chrome://favicon/*"],"scriptable_host":["hxxp://*/*","https://*/*"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13015112240678012","location":3,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":"images/widdit_icon_small.png","default_title":"HomeTab"},"chrome_url_overrides":{"newtab":"bundler/newtab.html"},"content_scripts":[{"css":["css/widdit.css"],"js":["js/widdit.js"],"matches":["hxxp://*/*","https://*/*"],"run_at":"document_start"},{"js":["js/widdit_end.js"],"matches":["hxxp://*/*","https://*/*"],"run_at":"document_end"}],"content_security_policy":"script-src 'self' https://ajax.googleapis.com https://hometab.widdit.com https://widdit.com https://geo.widdit.com https://fad.widdit.com https://adds.widdit.com https://ads.widdit.com https://landing.widdit.com https://rp.widdit.com https://suggest.widdit.com https://ssl.google-analytics.com https://www.certified-toolbar.com https://cdn1.certified-toolbar.com https://cdn1.certified-apps.com https://www.certified-apps.com https://static.apps.widdit.com https://ssl.widdit.com https://sslcdn.widdit.com 'unsafe-eval'; object-src 'self' ","description":"HomeTab","icons":{"128":"images/widdit_icon_large.png","16":"images/widdit_icon_small.png","48":"images/widdit_icon_med.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzZ75S35ht645WhovfqIUfGysYceqvUP7l+IDdb4eNK5RqF7snTDzu3wiaoh2AVs7Mw9+EKgyH1RnacZlJEkyKpi/XBRsXV8Kr8cOayPGKczjOFrYeTxFMW+DgsZKMHsegQnwV1G1AkbBjd0KA8d+PWE8RSYdAYgaXyQAI4TaHgwIDAQAB","manifest_version":2,"name":"HomeTab","permissions":["contextMenus","management","tabs","<all_urls>","notifications","unlimitedStorage","browsingData","bookmarks","cookies","geolocation","history","idle","webRequest","topSites","webRequestBlocking"],"plugins":[{"path":"npwiddit.dll","public":true}],"update_url":"hxxp://update.toolbar.widdit.com/chrome/?si=43169&ti=3580&ver=3.2","version":"3.2","web_accessible_resources":["js/*.js","*.html","*.htm","*.js","*.png","*.jpg","*.gif"]},"path":"djbdlklldbflagkkpaljamjfbpefcbpf\\3.2_0","state":1,"was_installed_by_default":false},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13008462822374758","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\resources\\bookmark_manager","was_installed_by_default":false},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":["app.currentWindowInternal","app.runtime","app.window"],"explicit_host":["chrome://settings-frame/*"]},"app_launcher_ordinal":"z","creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"install_time":"13015112238318938","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.110\\resources\\settings_app","running":false,"was_installed_by_default":false},"lifbcibllhkdhoafpjfnlhfpfgnpldfl":{"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*","https://*/*"],"scriptable_host":["file:///*","hxxp://*/*","https://*/*"]},"creation_flags":1,"disable_reasons":16,"from_bookmark":false,"from_webstore":false,"install_time":"13005950251869893","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"skype.png","default_title":"Options"},"content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":["hxxp://*/*","file://*/*","https://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZJxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","name":"Skype Click to Call","permissions":["tabs","hxxp://*/*","https://*/*"],"plugins":[{"path":"npSkypeChromePlugin.dll","public":true}],"version":"5.9.0.9216"},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\5.9.0.9216_0","state":0,"was_installed_by_default":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"]},"creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13008462822374758","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint","https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\25.0.1364.172\\resources\\cloud_print","was_installed_by_default":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"app_launcher_ordinal":"z","creation_flags":1,"from_bookmark":false,"from_webstore":false,"install_time":"13015112238317938","location":5,"manifest":{"app":{"launch":{"web_url":"hxxp://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.110\\resources\\chrome_app","was_installed_by_default":false},"ndibdjnfmopecpmkdieinmbadjfpblof":{"active_permissions":{"api":["cookies","management","plugin","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["<all_urls>","chrome://favicon/*","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*"],"scriptable_host":["<all_urls>","hxxp://toolbar.avg.com/*"]},"creation_flags":1,"disable_reasons":16,"from_bookmark":false,"from_webstore":false,"install_time":"13008462825875767","location":3,"manifest":{"background":{"page":"content/background.html"},"browser_action":{"default_icon":"content/icons/logoAVG.png","default_title":"AVG Do Not Track"},"content_scripts":[{"all_frames":false,"js":["content/js/content.js"],"matches":["<all_urls>"],"run_at":"document_end"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","current_locale":"de","default_locale":"en","description":"AVG Security Toolbar","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","manifest_version":2,"name":"AVG Security Toolbar","options_page":"content/options.html","permissions":["<all_urls>","tabs","webNavigation","unlimitedStorage","cookies","management","plugin","webRequest","webRequestBlocking","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"14.2.0.1"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\14.2.0.1_0","state":0,"was_installed_by_default":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"y","creation_flags":137,"exclude_from_sideload_wipeout":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"]},"install_time":"13005950254907893","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"de","default_locale":"en","description":"Schneller E-Mail-Dienst mit Suchfunktion und wenig Spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Google Mail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1,"was_installed_by_default":true}},"sideload_wipeout_bubble_shown":3,"sideload_wipeout_done":true,"toolbar":["djbdlklldbflagkkpaljamjfbpefcbpf"],"toolbarsize":-1},"homepage":"hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Gmail) - C:\Users\Estefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [hggpkhijoeadmdfmlbdepfbngmhaldci] - C:\Program Files (x86)\DealPly\DealPly.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 CDMA Device Service; C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [159232 2011-08-02] ()
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-07] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-27] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148216 2012-08-23] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [36216 2012-08-23] (AVG)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-04-17] (Mobile Connector)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [x]
S3 iwdbus; system32\DRIVERS\iwdbus.sys [x]
S3 RSUSBVSTOR; System32\Drivers\RTSUVSTOR.sys [x]
S3 usb3Hub; system32\DRIVERS\usb3Hub.sys [x]
S3 XHCIPort; system32\DRIVERS\XHCIPort.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-06 05:44 - 2013-11-06 05:46 - 00000000 ____D C:\AdwCleaner
2013-11-06 05:43 - 2013-11-06 05:43 - 01073262 _____ C:\Users\Estefan\Downloads\adwcleaner.exe
2013-11-06 05:40 - 2013-11-06 05:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 20:06 - 2013-11-05 20:08 - 00026189 _____ C:\Users\Estefan\Downloads\Addition.txt
2013-11-05 20:04 - 2013-11-05 20:04 - 00000000 ____D C:\FRST
2013-11-05 20:03 - 2013-11-05 20:03 - 01957098 _____ (Farbar) C:\Users\Estefan\Downloads\FRST64.exe
2013-11-01 16:17 - 2013-11-01 16:17 - 00188900 _____ C:\Users\Estefan\Downloads\CUExtractOperationsQueryNew.dataMovement(9).bs
2013-10-28 11:47 - 2013-10-28 11:47 - 00000000 ____D C:\ProgramData\Oracle
2013-10-28 11:46 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-28 11:46 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-28 11:46 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-28 11:45 - 2013-10-28 11:46 - 00005683 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-28 11:45 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-16 18:19 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-16 18:19 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-16 18:19 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-16 18:19 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-16 18:19 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-16 18:19 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-16 18:19 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-14 18:30 - 2013-10-31 18:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-11 20:41 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 20:41 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 20:41 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 20:41 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 20:41 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 20:41 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 20:41 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 20:41 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 20:41 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 20:41 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 20:41 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 20:41 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-11 20:40 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 20:40 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 20:40 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 20:27 - 2013-10-10 20:28 - 00356832 _____ C:\Windows\Minidump\101013-44943-01.dmp
2013-10-10 06:26 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 06:26 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 06:26 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 06:26 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 06:26 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 06:26 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 06:26 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 06:26 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 06:26 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 06:26 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 06:26 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 06:26 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 06:26 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 06:26 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 06:26 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 06:26 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 06:26 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 06:26 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 06:26 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 06:26 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 06:26 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 06:26 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 06:26 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 06:26 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 06:26 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 06:26 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 06:26 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 06:26 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 06:26 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 06:26 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 06:26 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 06:26 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 06:26 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 06:26 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 06:26 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 06:26 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 06:26 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 06:26 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 06:26 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 06:26 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 06:26 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 06:26 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 06:22 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 06:22 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 06:22 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 06:22 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified Files and Folders =======
2013-11-06 05:55 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 05:55 - 2009-07-14 05:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 05:52 - 2011-06-19 18:00 - 00644522 _____ C:\Windows\system32\perfh007.dat
2013-11-06 05:52 - 2011-06-19 18:00 - 00129968 _____ C:\Windows\system32\perfc007.dat
2013-11-06 05:52 - 2009-07-14 06:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-06 05:47 - 2013-06-23 04:34 - 00012163 _____ C:\Windows\setupact.log
2013-11-06 05:47 - 2012-04-26 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-06 05:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 05:46 - 2013-11-06 05:44 - 00000000 ____D C:\AdwCleaner
2013-11-06 05:46 - 2013-05-13 03:27 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-11-06 05:46 - 2011-08-15 18:00 - 01749851 _____ C:\Windows\WindowsUpdate.log
2013-11-06 05:43 - 2013-11-06 05:43 - 01073262 _____ C:\Users\Estefan\Downloads\adwcleaner.exe
2013-11-06 05:41 - 2013-11-06 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-06 05:40 - 2012-07-07 03:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 05:35 - 2013-08-06 21:32 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{280095F4-0D58-401C-8B71-481D0D0DE1DF}
2013-11-05 20:08 - 2013-11-05 20:06 - 00026189 _____ C:\Users\Estefan\Downloads\Addition.txt
2013-11-05 20:04 - 2013-11-05 20:04 - 00000000 ____D C:\FRST
2013-11-05 20:03 - 2013-11-05 20:03 - 01957098 _____ (Farbar) C:\Users\Estefan\Downloads\FRST64.exe
2013-11-05 19:47 - 2011-08-16 04:24 - 00000000 ____D C:\ProgramData\MFAData
2013-11-03 10:53 - 2011-11-27 21:55 - 00000000 ____D C:\Users\Estefan\Documents\My Received Files
2013-11-03 10:51 - 2011-11-30 14:01 - 01354752 ___SH C:\Users\Estefan\Documents\Thumbs.db
2013-11-02 11:29 - 2013-10-03 12:55 - 00000000 ____D C:\Users\Estefan\AppData\Local\Avg2014
2013-11-01 21:45 - 2011-08-16 05:03 - 00000000 ____D C:\Users\Estefan\AppData\Roaming\SoftGrid Client
2013-11-01 17:00 - 2012-06-12 13:26 - 00013324 _____ C:\Users\Estefan\Documents\Überstunden.xlsx
2013-11-01 16:17 - 2013-11-01 16:17 - 00188900 _____ C:\Users\Estefan\Downloads\CUExtractOperationsQueryNew.dataMovement(9).bs
2013-10-31 18:43 - 2013-10-14 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-30 06:43 - 2013-06-08 15:24 - 00003704 _____ C:\Windows\System32\Tasks\Java Update Scheduler
2013-10-28 11:47 - 2013-10-28 11:47 - 00000000 ____D C:\ProgramData\Oracle
2013-10-28 11:46 - 2013-10-28 11:45 - 00005683 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-28 11:46 - 2011-06-19 16:04 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-26 17:47 - 2012-11-11 20:13 - 00275456 ___SH C:\Users\Estefan\Downloads\Thumbs.db
2013-10-11 20:50 - 2013-03-15 06:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 20:50 - 2013-03-15 06:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 20:50 - 2009-07-14 05:45 - 00368624 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 05:21 - 2013-07-20 06:24 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 05:17 - 2011-06-19 13:08 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 20:28 - 2013-10-10 20:27 - 00356832 _____ C:\Windows\Minidump\101013-44943-01.dmp
2013-10-10 20:27 - 2013-07-19 16:58 - 582015372 _____ C:\Windows\MEMORY.DMP
2013-10-10 20:27 - 2013-04-01 10:22 - 00000000 ____D C:\Windows\Minidump
2013-10-10 19:57 - 2013-10-03 13:10 - 00000985 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-10 19:56 - 2012-04-03 19:27 - 00000000 ___HD C:\$AVG
2013-10-08 20:41 - 2012-07-07 03:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-08 20:41 - 2012-04-03 04:56 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:41 - 2011-06-19 16:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 07:50 - 2013-10-28 11:46 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-28 11:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-28 11:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-08 07:46 - 2013-10-28 11:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
Files to move or delete:
====================
C:\Users\Estefan\x.exe
Some content of TEMP:
====================
C:\Users\Estefan\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-17 11:08
==================== End Of Log ============================ --- --- ---
--- --- --- |