So nach 1-2 Tagen "Pause" hat mein Malewarebytes doch noch mal zugeschlagen. von daher werde ich jetzt deine Anleitung einfach ausführen damit du das restliche vernichten kannst. In so fern das es klappt.(Wäre auch zu schön gewesen, wenn alles weg wäre)
Code:
Alles auswählen Aufklappen ATTFilter
Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Yannick on 11.05.2013 at 10:26:24,48.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results11.05.2013-1022.log 212 bytes
==== Possible Rootkit Infection ======================
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\00000004.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000004.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000008.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000000.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000032.@
C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000064.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{649EEE5D-0087-4F3E-8EBD-550A99AFA562} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserProtect deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "ec2cad0a0000000000006cf0497afa88");
user_pref("extensions.BabylonToolbar.instlDay", "15624");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ec2cad0a0000000000006cf0497afa88&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "");
user_pref("extensions.BabylonToolbar_i.hardId", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.id", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.instlDay", "15535");
user_pref("extensions.BabylonToolbar_i.instlRef", "std");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.721:54:01");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
---- Lines BabylonToolbar modified from prefs.js ----
---- Lines BabylonToolbar removed from user.js ----
user_pref("extensions.BabylonToolbar_i.id", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.hardId", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.BabylonToolbar_i.instlDay", "15535");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "");
user_pref("extensions.BabylonToolbar_i.instlRef", "std");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ec2cad0a0000000000006cf0497afa88&q=");
user_pref("extensions.BabylonToolbar.id", "ec2cad0a0000000000006cf0497afa88");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.instlDay", "15624");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.721:54:01");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.admin", false);
---- Lines delta removed from prefs.js ----
---- Lines delta modified from prefs.js ----
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "aef049c200000000000000ff07b976a4");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15806");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1615:02:22");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);
---- Lines funmoods removed from prefs.js ----
---- Lines funmoods modified from prefs.js ----
---- Lines funmoods removed from user.js ----
user_pref("extensions.funmoods.hmpg", false);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0FtA0Bzy0D0A0DtD0AtN0D0Tzu0CtAtDtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=433880554");
user_pref("extensions.funmoods.dfltSrch", false);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", false);
user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0FtA0Bzy0D0A0DtD0AtN0D0Tzu0CtAtDtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=433880554");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyDzy0FtA0Bzy0D0A0DtD0AtN0D0Tzu0CtAtDtCtN1L2XzutBtFtCtFtDtFtAtDtC&cr=433880554&q=");
user_pref("extensions.funmoods.id", "7A79059F3B9DAD0A");
user_pref("extensions.funmoods.instlDay", "15640");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:5:7");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "orgnl");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", true);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
---- Lines incredibar removed from prefs.js ----
---- Lines incredibar modified from prefs.js ----
---- Lines incredibar removed from user.js ----
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8elkk4d8&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.id", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.incredibar_i.hardId", "ec2cad0a0000000000000001360c73de");
user_pref("extensions.incredibar_i.instlDay", "15328");
user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2718:05:37");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.excTlbr", "false");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.upn2", "6R8elkk4d8");
user_pref("extensions.incredibar_i.upn2n", "92823532532827582");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.did", "10556");
user_pref("extensions.incredibar_i.ppd", "1000");
---- Lines searchya removed from prefs.js ----
---- Lines searchya modified from prefs.js ----
---- Lines searchya removed from user.js ----
user_pref("extensions.searchya_i.hmpg", true);
user_pref("extensions.searchya_i.hmpgUrl", "hxxp://searchya.com/?chnl=ft-100&s=0&cr=1256175982&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzzyBtAzz0CyE0C0A0DtD0AtN0D0TzutBtDtCtBtDtBtCtC");
user_pref("extensions.searchya_i.dfltSrch", true);
user_pref("extensions.searchya_i.srchPrvdr", "SearchYa!");
user_pref("extensions.searchya_i.dnsErr", true);
user_pref("extensions.searchya_i.newTab", true);
user_pref("extensions.searchya_i.newTabUrl", "hxxp://searchya.com/?chnl=ft-100&s=2&cr=1256175982&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyDzzyBtAzz0CyE0C0A0DtD0AtN0D0TzutBtDtCtBtDtBtCtC");
---- Lines CT2269050 removed from prefs.js ----
---- Lines CT2269050 modified from prefs.js ----
---- Lines CT2269050 removed from user.js ----
---- Lines mystart removed from prefs.js ----
---- Lines mystart modified from prefs.js ----
---- Lines mystart removed from user.js ----
---- Lines iminent removed from prefs.js ----
---- Lines iminent modified from prefs.js ----
---- Lines iminent removed from user.js ----
---- Lines search.com removed from prefs.js ----
---- Lines search.com modified from prefs.js ----
---- Lines search.com removed from user.js ----
---- Lines imbooster removed from prefs.js ----
---- Lines imbooster modified from prefs.js ----
---- Lines imbooster removed from user.js ----
---- Lines defaulttab removed from prefs.js ----
---- Lines defaulttab modified from prefs.js ----
---- Lines defaulttab removed from user.js ----
---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from prefs.js ----
---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 modified from prefs.js ----
---- Lines 33e0daa6-3af3-d8b5-6752-10e949c61516 removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__1035_.backup
prefs__1035_.backup
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
==== Deleting Files \ Folders ======================
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\delta.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\addon@defaulttab.com.xpi" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data" deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\END" deleted
"C:\Windows\Launcher.exe" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\browsemngr.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\BrowserProtect.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\babylon.xml" not deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\askcom.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\search-here-1.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\search-here.xml" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\bProtector_extensions.rdf" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\bprotector_extensions.sqlite" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\bprotector_prefs.js" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\addon@defaulttab.com.xpi" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\00000004.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\201d3dde" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L\76603ac3" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000004.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\00000008.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000000.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000032.@" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U\80000064.@" deleted
"C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe" deleted
"C:\Program Files (x86)\Protected Search\InstallHelper.dll" deleted
"C:\Program Files (x86)\Protected Search\ProtectedSearch.exe" deleted
"C:\Program Files (x86)\Protected Search\System.Data.SQLite.dll" deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-20.0.dll" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\L" deleted
"C:\Windows\installer\{71263210-1dfa-d07a-04e2-10b66f201fa6}\U" deleted
"C:\Program Files (x86)\Delta" deleted
"C:\Program Files (x86)\FilesFrog Update Checker" deleted
"C:\Program Files (x86)\DefaultTab" deleted
"C:\Program Files (x86)\GoforFiles" deleted
"C:\Program Files (x86)\Protected Search" deleted
"C:\Users\Yannick\AppData\Roaming\OCS" deleted
"C:\Users\Yannick\AppData\Roaming\DesktopIconForAmazon" deleted
"C:\Users\Yannick\AppData\Roaming\GoforFiles" deleted
"C:\Users\Yannick\AppData\Roaming\B1Toolbar" deleted
"C:\Users\Yannick\AppData\Roaming\DealPly" deleted
"C:\Users\Yannick\AppData\Roaming\DefaultTab" deleted
"C:\Users\Yannick\AppData\Roaming\Delta" deleted
"C:\Users\Yannick\AppData\Roaming\YourFileDownloader" deleted
"C:\Users\Yannick\AppData\Roaming\Media Finder" deleted
"C:\ProgramData\BrowserProtect" not deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder" deleted
"C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly" deleted
"C:\Users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect" deleted
"C:\Users\Yannick\AppData\Local\B1E" deleted
"C:\Users\Yannick\AppData\Local\PackageAware" deleted
"C:\Users\Yannick\AppData\Local\SwvUpdater" deleted
"C:\Users\Yannick\AppData\LocalLow\Delta" deleted
"C:\Users\Yannick\AppData\LocalLow\SimplyTech" deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}" deleted
"C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\jetpack" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\CT2269050" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\ffxtlbr@delta.com" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\CT2269050" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}" deleted
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\ffxtlbr@delta.com" deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components" not deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content" not deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-05-08 15:29:57 E2F956C95D5B6888B948FCDEB1056272 5683 ----a-w- C:\Windows\wininit.ini
====== C:\Users\Yannick\AppData\Local\Temp ====
2013-05-10 14:26:53 E4EC57E8508C5C4040383EBE6D367928 34308 ----a-w- C:\Users\Yannick\AppData\Local\Temp\bassmod.dll
====== C:\Windows\SysWOW64 =====
2013-05-10 17:55:51 72FB00BE9AE93D7F445ACBBAAE43EFB1 1431552 ----a-w- C:\Windows\SysWOW64\rewire.dll
2013-05-10 17:55:28 9033DAF3277F0498BC86C8D4566C25CE 1554944 ----a-w- C:\Windows\SysWOW64\vorbis.acm
2013-04-30 13:56:39 D017BF8D92938EEB9B3A1D1C53FDA152 14323200 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-04-30 13:56:39 CFE0CEE587F9CEA4C29DEEC6D85FC91C 1766912 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-04-30 13:56:39 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-30 13:56:39 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\SysWOW64\msls31.dll
2013-04-30 13:56:39 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\SysWOW64\imgutil.dll
2013-04-30 13:56:39 B5DEC0D4CBBC333CA99FE10B06D4747E 2046464 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-04-30 13:56:39 B5D742C535D37A7DA0649E03B32CAD80 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-04-30 13:56:39 AF0332E09DDBE0172237D1958A7DADB8 79872 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-04-30 13:56:39 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll
2013-04-30 13:56:39 A7CFDA703AF9AD409DAA521487E0CB53 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2013-04-30 13:56:39 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\SysWOW64\webcheck.dll
2013-04-30 13:56:39 9B59687619B27CDA24638CDC3AF079FB 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-04-30 13:56:39 96E0F0BED5D9EBABB899D8CA83C36A7E 523264 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-04-30 13:56:39 90F785F7594E3AF23D4392677042BE9A 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-04-30 13:56:39 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-30 13:56:39 87E71F2A83681F41B796CA685818EF2D 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll
2013-04-30 13:56:39 87B775A458A73BB7381E5B67B5652496 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-04-30 13:56:39 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\SysWOW64\iepeers.dll
2013-04-30 13:56:39 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\SysWOW64\pngfilt.dll
2013-04-30 13:56:39 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\SysWOW64\occache.dll
2013-04-30 13:56:39 6EF6B6EACCA13DD6131624E0DD5C14A3 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-04-30 13:56:39 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-30 13:56:39 69CB1A65B835EE6ADF9E16ED6D443072 1129984 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-04-30 13:56:39 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe
2013-04-30 13:56:39 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\SysWOW64\wextract.exe
2013-04-30 13:56:39 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe
2013-04-30 13:56:39 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\SysWOW64\inseng.dll
2013-04-30 13:56:39 3275F17533CB1599841AAABA3C8D3E8E 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-04-30 13:56:39 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-30 13:56:39 260D83B1B3696DFA30E33E015C30E12C 137216 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-04-30 13:56:39 1B6A7D965462BE6220727721A4CDB247 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-30 13:56:39 0B6118058942961D504AAEA04FECB116 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-04-30 13:56:39 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\SysWOW64\elshyph.dll
2013-04-30 13:56:39 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\SysWOW64\iexpress.exe
2013-04-30 13:56:38 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\SysWOW64\licmgr10.dll
2013-04-30 13:56:38 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\SysWOW64\url.dll
2013-04-30 13:56:38 DEFB55D4FF094673DF31FA89A8A8A2F0 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2013-04-30 13:56:38 C68FBBF01E86CB6CF0B797748FBD6C1A 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2013-04-30 13:56:38 BFDD0C5F3E435596F197F003609989C4 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2013-04-30 13:56:38 9D9AC6CE9A9D951AC40DE91CD6F0A620 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-04-30 13:56:38 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll
2013-04-30 13:56:38 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat
2013-04-30 13:56:38 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\SysWOW64\html.iec
2013-04-30 13:56:38 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\SysWOW64\tdc.ocx
2013-04-30 13:56:38 404FAD93ABFBD86D1AAAB47D5DFA6505 242200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2013-04-30 13:56:38 3FA7F736B877B46EDF1EE6BE6051848D 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2013-04-30 13:56:38 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\SysWOW64\ieuinit.inf
2013-04-30 13:56:38 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-08 14:59:39 23948829C6D049B8ADE0E0FB87305AC3 17272 ----a-w- C:\Windows\Sysnative\sdnclean64.exe
2013-04-30 13:56:39 5051BB40FFB2BA4870C0A059CA03294F 1054720 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2013-04-30 13:56:39 3531FA12A76A32ECECD972196775DF7C 226304 ----a-w- C:\Windows\Sysnative\elshyph.dll
2013-04-30 13:56:38 FC6B4D5450871A4D5CB344AFF6C090EF 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2013-04-30 13:56:38 F651D95B5043EFC20A6108A853553984 92160 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe
2013-04-30 13:56:38 F2F5667BBD2864938C82EB3B6773D9D2 173568 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-04-30 13:56:38 F03E5925B7E99800B8BFE1332556E1E2 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-04-30 13:56:38 F021824E70447D98DB6CCED4456A0891 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-04-30 13:56:38 EC08E38751854C5B8899139B7DD29FF9 197120 ----a-w- C:\Windows\Sysnative\msrating.dll
2013-04-30 13:56:38 E965529C43D25F2BDA77D705098BF777 135680 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll
2013-04-30 13:56:38 E198851141465033273480C5EEAD5DE5 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-04-30 13:56:38 E1055A7FAD39F1F7C44F6152044056EA 905728 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2013-04-30 13:56:38 DE3C3B1B4FA5FBF1F17BCD3B3AE1ED15 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-04-30 13:56:38 D9C10A4A0B3411146E6FC8936B079934 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe
2013-04-30 13:56:38 D8DD5CBB9668EEE98915EA49C72F78FA 441856 ----a-w- C:\Windows\Sysnative\html.iec
2013-04-30 13:56:38 D8076F8A3C34064582035AE6696DC34A 27648 ----a-w- C:\Windows\Sysnative\licmgr10.dll
2013-04-30 13:56:38 D744D5B8145C2303B19A288AF695E9AD 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-04-30 13:56:38 D0F66CFAED5B85543216EF526D380B8B 270848 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2013-04-30 13:56:38 D0D4CE6C6CE87269A34A184356475D17 149504 ----a-w- C:\Windows\Sysnative\occache.dll
2013-04-30 13:56:38 C2F21E3059AFF5E616F3E361D9FA10CD 62976 ----a-w- C:\Windows\Sysnative\pngfilt.dll
2013-04-30 13:56:38 BC0D4AFBE94D8E1F81C8926D805C3366 247296 ----a-w- C:\Windows\Sysnative\webcheck.dll
2013-04-30 13:56:38 ADE73A865A5F136E84F49BB6B1627C6E 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-04-30 13:56:38 A89103864B67CE1ED3BB5D48569D3D94 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-04-30 13:56:38 942E110384668EEFF44751A02EDDF5E4 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll
2013-04-30 13:56:38 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\Sysnative\ieapfltr.dat
2013-04-30 13:56:38 8C1EFE99D4C9462EF2E10E7140B44D4A 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-04-30 13:56:38 85F1FE2D5EDBFD26066F5ABB9504A69C 2647040 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-04-30 13:56:38 82F604599DE379AA539EE2DF48399DC5 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-04-30 13:56:38 82D602EBBBA6D08E4691F32269FD3494 12800 ----a-w- C:\Windows\Sysnative\msfeedssync.exe
2013-04-30 13:56:38 7EC25F7ABF7CE6B0FE93787524EE537B 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2013-04-30 13:56:38 753C0848AE7872A3F59663078A517293 2240512 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-04-30 13:56:38 658E8FEC79A4AB5BFDE032627B5C9667 13824 ----a-w- C:\Windows\Sysnative\mshta.exe
2013-04-30 13:56:38 63CAE56FE4215F98FEB0188748A99378 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll
2013-04-30 13:56:38 5B15164486C66B76699E1CD2CD2F3A2A 51200 ----a-w- C:\Windows\Sysnative\imgutil.dll
2013-04-30 13:56:38 4E426A67C46379B75A5E671B46FC07F6 102912 ----a-w- C:\Windows\Sysnative\inseng.dll
2013-04-30 13:56:38 4CFBEC37E4FAD530E623E1541E1EA958 599552 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-04-30 13:56:38 440104AEB9DAF8AC9842080AE59740FA 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx
2013-04-30 13:56:38 40738329209CBE2C9B48F7E30F7C1414 144896 ----a-w- C:\Windows\Sysnative\wextract.exe
2013-04-30 13:56:38 402D797A7905DC3C6FE11E75CD5252EB 235008 ----a-w- C:\Windows\Sysnative\url.dll
2013-04-30 13:56:38 394ECD933CD66BADF97EA85A183B9E1E 19230208 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-04-30 13:56:38 38BEBBC4CF9FE6566262F0037DF843BF 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2013-04-30 13:56:38 2AAE2B8FED8390879C2369FC63F7001F 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-04-30 13:56:38 29812E9971077BE3F8B9DC225CF9D454 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-04-30 13:56:38 268E23EAEDF3FAF87A7A87F0257C9E87 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-04-30 13:56:38 23556D116D5FB93395B2A648EEB24251 81408 ----a-w- C:\Windows\Sysnative\icardie.dll
2013-04-30 13:56:38 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\Sysnative\ieuinit.inf
2013-04-30 13:56:38 1C3C4D34DCF354620B76B42620B4DFAD 526336 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-04-30 13:56:38 194125E7839D4902F2490A70049E8F78 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-04-30 13:56:38 18A94D6E9D27D169D38DAB91F6A97518 136192 ----a-w- C:\Windows\Sysnative\iepeers.dll
2013-04-30 13:56:38 1456EECCB5CF6B91513200F95D61706E 762368 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2013-04-30 13:56:38 112183DF91C9BAECB498E4A86ECDE598 216064 ----a-w- C:\Windows\Sysnative\msls31.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-08 15:06:16 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-05-08 13:19:37 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys
2013-04-24 12:00:48 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-11 12:40:23 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-10 17:55:36 -------- d-----w- C:\Program Files\Image-Line
2013-05-08 13:33:05 -------- d-----w- C:\Program Files\Common Files\Wondershare
======= C:\Program Files (x86) =====
2013-05-10 17:56:15 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2013-05-10 17:55:51 -------- d-----w- C:\Program Files (x86)\VstPlugins
2013-05-10 17:55:27 -------- d-----w- C:\Program Files (x86)\DSPRobotics
2013-05-10 17:52:59 -------- d-----w- C:\Program Files (x86)\Image-Line
2013-05-09 13:25:48 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-05-08 14:59:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-05-08 13:39:19 -------- d-----w- C:\Program Files (x86)\Free HD Converter
2013-05-08 13:32:46 -------- d-----w- C:\Program Files (x86)\Wondershare
2013-05-07 12:31:00 -------- d-----w- C:\Program Files (x86)\GutscheinFinder
2013-05-07 12:30:54 -------- d-----w- C:\Program Files (x86)\HomeTab
2013-05-07 12:30:43 -------- d-----w- C:\Program Files (x86)\Browser Updater
2013-05-07 12:17:00 -------- d-----w- C:\Program Files (x86)\Covus Freemium
2013-04-28 13:06:19 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2013-04-27 18:37:09 -------- d-----w- C:\Program Files (x86)\Red Kawa
2013-04-11 13:02:43 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.2
======= C: =====
====== C:\Users\Yannick\AppData\Roaming ======
2013-05-10 17:58:30 -------- d-----w- C:\users\Yannick\AppData\Roaming\SongManager
2013-05-10 17:56:15 -------- d-----w- C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2013-05-10 17:55:37 -------- d-----w- C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-05-10 17:55:37 -------- d-----w- C:\users\Yannick\AppData\Roaming\Image-Line
2013-05-10 17:55:27 -------- d-----w- C:\users\Yannick\AppData\Roaming\FlowStone
2013-05-10 14:36:52 -------- d-----w- C:\users\Yannick\AppData\Roaming\Sony Creative Software Inc
2013-05-08 14:40:13 -------- d-----w- C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2013-05-08 13:33:32 -------- d-----w- C:\users\Yannick\AppData\Roaming\Wondershare Video Converter Ultimate
2013-05-08 13:33:16 -------- d-----w- C:\users\Yannick\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2013-05-08 13:33:06 -------- d-----w- C:\users\Yannick\AppData\Local\Wondershare
2013-05-07 12:30:54 -------- d-----w- C:\users\Yannick\AppData\Roaming\SimplyTech
2013-05-07 12:30:54 -------- d-----w- C:\users\Yannick\AppData\Roaming\HomeTab
2013-05-07 12:30:52 -------- d-----w- C:\users\Yannick\AppData\Locallow\HomeTab
2013-05-07 12:14:14 -------- d-----w- C:\users\Yannick\AppData\Local\DownloadGuide
2013-04-28 13:06:26 -------- d-----w- C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2013-04-27 18:37:33 -------- d-----w- C:\users\Yannick\AppData\Local\Geckofx
2013-04-11 16:16:39 -------- d-----w- C:\users\Yannick\AppData\Locallow\Google
====== C:\Users\Yannick ======
2013-05-10 17:55:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-05-09 13:25:48 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-09 13:04:25 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
2013-05-08 14:59:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-05-08 14:59:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2013-05-08 14:40:22 -------- d-----w- C:\Users\Yannick\Local Settings
2013-05-08 14:40:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2013-05-08 13:36:38 -------- d-----w- C:\ProgramData\xml_param
2013-05-08 13:32:49 -------- d-----w- C:\ProgramData\Wondershare Video Converter Ultimate
2013-05-07 12:17:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Covus Freemium
2013-05-07 12:17:00 -------- d-----w- C:\ProgramData\FreeSystemUtilities
2013-04-27 18:37:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
2013-04-11 16:30:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942
2013-04-11 16:16:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2013-04-11 13:02:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
2013-04-11 13:02:34 -------- d-----w- C:\ProgramData\BrowserProtect
====== C: exe-files ==
2013-05-10 17:58:26 7BC34350BC675C40D6A246A4ED764B70 375220 ----a-w- C:\Program Files (x86)\VstPlugins\Image-Line\Deckadance2\Uninstall.exe
2013-05-10 17:56:15 27F9C23AF8DB5E8205607B2988FC0D0C 44702 ----a-w- C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
2013-05-10 17:55:37 2A0E2D81052B016C84CC80D12F7FB818 426976 ----a-w- C:\Program Files (x86)\Image-Line\Downloader\Uninstall.exe
2013-05-10 17:55:28 E3420E1FE7444CABA7D02E126BC6E9CD 718885 ----a-w- C:\Program Files (x86)\Image-Line\FL Studio 11\Uninstall.exe
2013-05-10 17:55:27 967CA03D349C4ECE12B8597EFAC46080 61799 ----a-w- C:\Program Files (x86)\DSPRobotics\FlowStone\uninstall fl version.exe
2013-05-10 17:53:01 D63F6F89B6650B28C6CB74682D596E3F 368815 ----a-w- C:\Program Files (x86)\Image-Line\Shared\Uninstall.exe
2013-05-10 17:32:37 E94E642DC1D35E257032FCBF73CC1082 307359850 ----a-w- C:\Users\Yannick\AppData\Local\Temp\OCS\Downloads\705f49176579a643660bff5ff6ae3956\28d1ba05ae70cdae8139822b64f69df6\fl11.exe
2013-05-10 17:32:17 5B122B28A113E7CB9250E260EB23D173 339968 ----a-w- C:\Users\Yannick\AppData\Local\Temp\OCS\ocs_v7a.exe
2013-05-10 17:32:01 8FAA9B80DB43F5F5A01802D080B00BF0 613216 ----a-w- C:\Users\Yannick\Downloads\fl11.exe
2013-05-10 14:03:17 FC646896BAB849F86A5FC6282D4E3DAD 393040 ----a-w- C:\Users\Yannick\Downloads\SoftonicDownloader_fuer_vegas-pro.exe
2013-05-10 13:18:27 417E02108D0B7CC4EA7790C8609C739C 61345792 ----a-w- C:\Users\Yannick\Documents\MAGIX Downloads\Installationsmanager\Video_deluxe_2013_Premium_DvdMenus1_INT_120821_13-23_1_0_0_0.exe
2013-05-10 13:14:03 78B0F491DA6D87AB2F451500FE5F82CE 140203840 ----a-w- C:\Users\Yannick\Documents\MAGIX Downloads\Installationsmanager\Video_deluxe_2013_Premium_FadeEffects_INT_120821_13-39_1_0_0_0.exe
2013-05-08 14:59:42 CB63BDB77BB86549FC3303C2F11EDC18 168384 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
2013-05-08 14:59:41 E3947C81667D9A6957379C7AC1878700 3044904 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe
2013-05-08 14:59:41 A529CFE32565C0B145578FFB2B32C9A5 1369624 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
2013-05-08 14:59:41 452DB84283EB2F043827AC95D62CE19C 3487240 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
2013-05-08 14:59:40 E5B08C76D70149D83C70524BD6A9BB2A 3208736 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDBootCD.exe
2013-05-08 14:59:40 6DA79FBD5004D058822D7FFB4E6FC668 4939800 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSBIEdit.exe
2013-05-08 14:59:40 3DF5CA3E4BDA7354D908C96536F20BD0 2768416 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPEStart.exe
2013-05-08 14:59:40 2184F839E2CE175323326E24E4926EEC 3984912 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
2013-05-08 14:59:40 215DB59AE80A17F6603F1ED56890A944 222744 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPESetup.exe
2013-05-08 14:59:40 1E5AEF78349B28B346C7F8B96C46143E 4201504 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScript.exe
2013-05-08 14:59:39 E4A0900CF535888DDD85B10040CA3E34 3906584 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
2013-05-08 14:59:39 E4A0900CF535888DDD85B10040CA3E34 3906584 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
2013-05-08 14:59:39 DF90E955A74D16DF44BDD08BA9F815E4 204896 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFileScanHelper.exe
2013-05-08 14:59:39 36A82C214B46787385F3B0CD02ECAA88 3653656 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
2013-05-08 14:59:39 23948829C6D049B8ADE0E0FB87305AC3 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-05-08 14:59:39 206387AB881E93A1A6EB89966C8651F1 1103392 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
2013-05-08 14:59:39 1B2B3215F4B6B735813844AC1769E239 3713032 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
2013-05-08 14:59:39 08EAD3366AB556F9C014EE6A0AD3FB75 3828768 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
2013-05-08 14:59:38 B5A4EBA9487F08BECC843A87422B8052 3825176 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
2013-05-08 14:59:38 79A1D2AAB399849D0307325D24C2595A 3764248 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
2013-05-08 14:59:38 1E95079AFDB035878460D797BE585D3D 3500568 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
2013-05-08 14:59:37 92161F1EE9DF9F7F5E4A0FF553055C46 3211288 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDShred.exe
2013-05-08 14:59:37 3492434F098E2DD918F264CF0042B1E0 3571224 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSysRepair.exe
2013-05-08 14:59:37 046606A36202B6C15D515F3FFD800391 2876984 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPRE.exe
2013-05-08 14:59:36 DA15D9D80D2E27845C2C6A8F8CCE644A 2710040 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
2013-05-08 14:59:36 98F2272A7D1BA8E3155FBEA167BCC613 91648 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\xcacls.exe
2013-05-08 14:59:36 43EA4CE22183E3E76BE235A459F376B0 3495464 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPhoneScan.exe
2013-05-08 14:59:36 3EA8740BD2371CC255EF46D8500C8A43 1265480 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe
2013-05-08 14:59:36 30665EF9A00E926D2FC81398616EBB21 4494368 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
2013-05-08 14:59:36 23132C88F03BAE38A3C62468ABFD63D2 132120 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\blindman.exe
2013-05-08 14:59:36 0B8FB4EFC5518BEF358E684F4C2D397A 3397648 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
2013-05-08 14:40:22 92C732231B7909EDEFF180174C6EF499 230480 ----a-w- C:\Users\Yannick\Local Settings\Application Data\Bundled software uninstaller\biclient.exe
2013-05-08 13:39:51 D2D875CBED2C746D7D06282A9415089B 77477 ----a-w- C:\Program Files (x86)\Free HD Converter\Uninstall.exe
2013-05-08 13:33:47 7F5973607C528C4357C3E65E3DF0B882 18084936 ----a-w- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\Temp\player_full1374.exe
2013-05-08 13:33:05 F14E3661A1383E7F03905054EF1F8AA0 1742624 ----a-w- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
2013-05-08 13:33:05 DC328AA9CD4A1D0507399478E5242BC2 2136576 ----a-w- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\UpLoad.exe
2013-05-08 13:33:05 A4A1B98720FA70874D30DE97F079F516 723294 ----a-w- C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\unins000.exe
2013-05-08 13:19:37 ADA0D1407E2C328FB95686E9D5AB88B5 111328 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-08 13:19:37 5FF8FFD589DA25F43C4FE944A4B2AE0A 775224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-08 13:17:03 8C2C2E5119E844B43085CBC73106754B 597560 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
2013-05-08 13:17:03 22DC787A09D2EC7E3F1138A26C41083C 46960 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
2013-05-07 12:31:00 154C739D234C8A0C1050E1A7745B5DEE 47467 ----a-w- C:\Program Files (x86)\GutscheinFinder\Uninst.exe
2013-05-07 12:30:55 FD7C8C48FE5391462962B16AA1401BF4 4608 ----a-w- C:\Program Files (x86)\HomeTab\ToolbarUninstall.exe
2013-05-07 12:30:54 5C3D3175BF94A9F7BD5978F4E1E6A84E 1180061 ----a-w- C:\Program Files (x86)\HomeTab\unins000.exe
2013-05-07 12:30:43 F9F626ECEB08B648829C73C6B79A6F9F 13824 ----a-w- C:\Program Files (x86)\Browser Updater\TaskSchedulerCreator.exe
2013-05-07 12:30:43 AF48FF0B0F98FAC08ADBFE9E3F0CD726 1183089 ----a-w- C:\Program Files (x86)\Browser Updater\unins000.exe
2013-05-07 12:16:43 EAB530CF752823049115CD4A8E526DBE 432200 ------w- C:\ProgramData\Package Cache\{f8cd9221-848c-45fb-a509-fa75dea3a22f}\free-system-utilities_Setup_product-website.exe
2013-05-07 12:16:13 CE7A9FD0AE36639AD8DEAAA7B997D4DA 526080 ----a-w- C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\gutscheincodes.exe
2013-05-07 12:16:11 8DF7B1551E877F84476FBB3D52D42419 1164896 ----a-w- C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\autocompletepro.exe
2013-05-07 12:16:09 2F46A2E37FB05642A0E859545D6B09F7 854848 ----a-w- C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\iminent.exe
2013-05-07 12:15:43 5142B19EB991CEDEB67EBEEE455C16EA 12854872 ----a-w- C:\Users\Yannick\AppData\Local\DownloadGuide\FreeSystemUtilities.exe
2013-05-07 12:15:24 3A15ECD6D26800B98C6A7153222355C9 5136072 ----a-w- C:\Users\Yannick\AppData\Local\DownloadGuide\Offers\HomeTab.exe
=== C: other files ==
2013-05-10 13:46:49 C5999314C962E9259FD07880149FC038 21989 ----a-w- C:\Users\Yannick\Downloads\MVD 2013 Crack for boerse.bz.zip
2013-05-08 15:06:16 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-08 13:19:37 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-05-08 13:19:37 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2013-05-07 12:30:54 63F8CBFC591892AC457EA159D369A0A3 1002478 ----a-w- C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx
2013-05-04 19:12:10 A1225AE4117444D48FA35C014B03F296 9102591 ----a-w- C:\ProgramData\TrackMania\Cache\96F2034B015CA38FD4447411E45A22A1_ice-servers.info.tm%5crav%5cfuulspeed.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"SDP"="C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto "
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"SDP"="C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ApnUpdater"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Ask.com\\Updater\\Updater.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCSSync]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCSSync"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Ocs_SM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ocs_SM"
"hkey"="HKLM"
"command"="C:\\Users\\Yannick\\AppData\\Roaming\\OCS\\SM\\SearchAnonymizer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDFPrint]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDFPrint"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF24\\pdf24.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SweetIM"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\SweetIM\\Messenger\\SweetIM.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sweetpacks Communicator"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Real\\RealPlayer\\update\\realsched.exe\" -osboot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinampAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\""
==== Startup Folders ======================
2013-01-21 16:45:31 2091 ----a-w- C:\users\Yannick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
2012-12-27 18:15:34 1064 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IEEE 802.11g USB Adapter Utility.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12.04.2013 16:58]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21.12.2012 14:59]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [21.12.2012 14:59]
C:\Windows\tasks\SmartPCFix Task.job --a------ C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe []
==== Firefox Extensions ======================
ProfilePath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
- DealPly Shopping - %ProfilePath%\extensions\amo@dealplyshopping.com
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
- Battlefield Play4Free - %ProfilePath%\extensions\battlefieldplay4free@ea.com
- GutscheinCodes.de GutscheinFinder - %ProfilePath%\extensions\jid0-hjoQNmABq6jg91jHpQyvgJUouUPjetpack
- Better Battlelog BBLog - %ProfilePath%\extensions\jid1-qQSMEVsYTOjgYA@jetpack
- Flagfox - %ProfilePath%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
- HomeTab - %ProfilePath%\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default
F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash
7D35CB60201CED2F01AE06F1816231E2 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.100.18
FEF9ECECFA177AEC0F7564A08394D2C8 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
0ABF093757E9C827E30EC652868E5FAC - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
06E140A567B8DC7900173197FD059EE5 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
558270B968CB82196CB8D045D13B0FF6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
7C0C6F7B9C0CD4162D33276FDEBC86F7 - C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll - EA Battlefield Heroes Updater
2B737A92C7C327E48C735B3060DB85A8 - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll - PDF-XChange Viewer
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
BF6273472DCAD201B029131D4AC6DDE3 - C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll - Battlefield Play4Free Updater
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
didlmjkkjfegblmkekbhgpefajgikncm - C:\Program Files (x86)\GutscheinFinder\gutscheincodes.crx[19.03.2013 18:07]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[24.03.2013 05:22]
dlfienamagdnkekbbbocojppncdambda - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx[]
hahpjplbmicfkmoccokbjejahjjpnena - C:\Users\Yannick\AppData\Local\B1E\B1Tool.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[29.11.2012 21:35]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]
ogccgbmabaphcakpiclgcnmcnimhokcj - C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx[]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[04.03.2013 14:32]
Google Drive - Yannick - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Yannick - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Yannick - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Yannick - Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
GutscheinCodes.de GutscheinFinder - Yannick - Default\Extensions\didlmjkkjfegblmkekbhgpefajgikncm
HomeTab - Yannick - Default\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf
Delta Toolbar - Yannick - Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Improved Search - Yannick - Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena
Safe Money - Yannick - Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Yannick - Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
RealDownloader - Yannick - Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Virtual Keyboard - Yannick - Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
SweetIM for Facebook - Yannick - Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
SmallringFX DarkBlue Theme - Yannick - Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk
SweetPacks Chrome Extension - Yannick - Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
BrowserProtect - Yannick - Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Gmail - Yannick - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Yannick - Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
==== Chrome Fix ======================
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hahpjplbmicfkmoccokbjejahjjpnena deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
C:\Users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page Before"="hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={983FCE92-5A59-11E2-B581-6CF0497AFA88}"
"Search Page"="hxxp://search.b1.org/?bsrc=4hixr&chid=c167991"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://newtab.certified-toolbar.com/nie?si=43169&tid=3580&st=newtab&ts=1367929852375&tguid=43169-3580-1367929845032-236673"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="hxxp://newtab.certified-toolbar.com/nie?si=43169&tid=3580&st=newtab&ts=1367929852375&tguid=43169-3580-1367929845032-236673"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Before"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Delta Search Url="hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=AEF000FF07B976A4"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_USERS\S-1-5-21-1753359733-455865676-2801917362-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hahpjplbmicfkmoccokbjejahjjpnena deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Yannick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Yannick\AppData\Local\Mozilla\Firefox\Profiles\5tuanbyy.default\Cache emptied successfully
C:\users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\personas\cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Yannick\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Yannick\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" not found
"C:\Users\Yannick\AppData\Roaming\Mozilla\Firefox\Profiles\5tuanbyy.default\searchplugins\babylon.xml" deleted
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-19.0.dll" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-20.0.dll" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-3.6.xpt" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\BrowserProtect.js" not found
"C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul" not found
"C:\ProgramData\BrowserProtect" not found
11.05.2013, 09:18
Hybrid-Darstellung
