Windows 7: Laptop extrem langsam

Speedy2014 · 18.05.2014, 15:41

Hallo,

ich habe meinen Lenovo Laptop seit 3 1/2 Jahren. Er ist seit einigen Monaten extrem langsam. Neu formatieren wäre okay für mich, aber ich habe keine Windows-CD hier. Kann man den Laptop auch ohne formatieren wieder schnell machen? Die Daten sind gesichert, also dürfte alles gelöscht werden. Gmer.txt ist leider leer.

Vielen Dank für die Hilfe

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Romi (administrator) on ROMI-PC on 18-05-2014 15:31:55
Running from C:\Users\Romi\Downloads
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Dropbox, Inc.) C:\Users\Romi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrrealtime.p5x
(PC-Doctor, Inc.) C:\Program Files\PC-Doctor\pcdrcpu.p5x


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114368 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6223808 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-22] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2557976 2014-04-29] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll => c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll File Not Found
Startup: C:\Users\Romi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Romi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=114506&babsrc=HP_clro&mntrId=2ec66bcb000000000000002682597d63
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x682F1DA5F450CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&babsrc=HP_clro&mntrId=2ec66bcb000000000000002682597d63
URLSearchHook: HKLM - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll No File
URLSearchHook: HKCU - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll No File
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&babsrc=SP_clro&mntrId=2ec66bcb000000000000002682597d63
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&babsrc=SP_clro&mntrId=2ec66bcb000000000000002682597d63
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} hxxp://consumersupport.lenovo.com/smartdownloading/cab/npdueng.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default
FF user.js: detected! => C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\user.js
FF NewTab: hxxp://www.claro-search.com/?affID=114506&babsrc=NT_clro&mntrId=2ec66bcb000000000000002682597d63
FF Homepage: hxxp://isearch.avg.com/?cid={6060F083-8D82-4889-B801-BB96FC53D723}&mid=0c9050f400e747d6b2e9a113f084fe0b-25b097fd69b0d57d200fd462cd17f9f95425031b&lang=de&ds=AVG&pr=fr&d=2013-09-25 23:46:28&v=18.0.5.292&pid=avg&sg=0&sap=hp
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @lenovo.com/dueng,version=2.0 - C:\Windows\system32\lenovo\update\npdueng.dll (Lenovo)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 - C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\searchplugins\claro.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-24]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-10-22]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.0.443 [2014-04-29]
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

Chrome: 
=======
CHR HomePage: hxxp://www.claro-search.com/?affID=114506&babsrc=HP_clro&mntrId=2ec66bcb000000000000002682597d63
CHR RestoreOnStartup: "hxxp://www.claro-search.com/?affID=114506&babsrc=HP_clro&mntrId=2ec66bcb000000000000002682597d63"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (No Name) - C:\Users\Romi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl [2013-01-25]
CHR Extension: (Skype Extension) - C:\Users\Romi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-05-18]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Romi\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-06-21]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Romi\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx [2013-05-14]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-29] (AVG Secure Search)
S3 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-10-05] (Wajam)

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-29] (AVG Technologies)
S2 SCRCAMHRDRV; C:\Windows\System32\DRIVERS\SCRCAMHRDRV.sys [234800 2010-03-01] (Windows (R) Server 2003 DDK provider)
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 StarOpen; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 15:31 - 2014-05-18 15:33 - 00017847 _____ () C:\Users\Romi\Downloads\FRST.txt
2014-05-18 15:31 - 2014-05-18 15:31 - 00000000 ____D () C:\FRST
2014-05-18 15:28 - 2014-05-18 15:28 - 01056768 _____ (Farbar) C:\Users\Romi\Downloads\FRST.exe
2014-05-18 15:20 - 2014-05-18 15:23 - 00000470 _____ () C:\Users\Romi\Desktop\defogger_disable.log
2014-05-18 15:20 - 2014-05-18 15:20 - 00000000 _____ () C:\Users\Romi\defogger_reenable
2014-05-18 15:18 - 2014-05-18 15:18 - 00050477 _____ () C:\Users\Romi\Desktop\Defogger.exe
2014-05-17 13:44 - 2014-05-17 13:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 13:41 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 13:41 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 13:41 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 12:56 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 12:56 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 12:56 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 12:56 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 12:56 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 12:56 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 12:56 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 12:56 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-17 12:56 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 12:56 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 12:56 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 12:55 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-17 12:55 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-17 12:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-10 20:17 - 2014-05-18 14:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-10 20:16 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-10 11:31 - 2014-05-18 15:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-05 18:52 - 2014-05-05 18:56 - 00000000 ____D () C:\Users\Romi\Desktop\Briest
2014-04-30 00:37 - 2014-04-30 00:37 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 00:37 - 2014-04-30 00:37 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-30 00:37 - 2014-04-30 00:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-30 00:37 - 2014-04-30 00:37 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 23:53 - 2014-04-29 23:53 - 00000000 ____D () C:\ProgramData\AVG Secure Search

==================== One Month Modified Files and Folders =======

2014-05-18 15:34 - 2011-09-11 23:51 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-18 15:33 - 2014-05-18 15:31 - 00017847 _____ () C:\Users\Romi\Downloads\FRST.txt
2014-05-18 15:32 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 15:32 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 15:31 - 2014-05-18 15:31 - 00000000 ____D () C:\FRST
2014-05-18 15:28 - 2014-05-18 15:28 - 01056768 _____ (Farbar) C:\Users\Romi\Downloads\FRST.exe
2014-05-18 15:27 - 2010-09-10 16:01 - 01936331 _____ () C:\Windows\WindowsUpdate.log
2014-05-18 15:23 - 2014-05-18 15:20 - 00000470 _____ () C:\Users\Romi\Desktop\defogger_disable.log
2014-05-18 15:21 - 2014-05-10 11:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-18 15:20 - 2014-05-18 15:20 - 00000000 _____ () C:\Users\Romi\defogger_reenable
2014-05-18 15:20 - 2010-09-10 16:04 - 00000000 ____D () C:\Users\Romi
2014-05-18 15:18 - 2014-05-18 15:18 - 00050477 _____ () C:\Users\Romi\Desktop\Defogger.exe
2014-05-18 15:11 - 2011-09-11 23:51 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-18 15:08 - 2011-05-17 02:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 15:07 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-18 15:06 - 2011-05-18 00:14 - 00000000 ____D () C:\Users\Romi\AppData\Roaming\Dropbox
2014-05-18 15:06 - 2010-12-23 23:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-18 15:04 - 2011-05-18 00:19 - 00000000 ___RD () C:\Users\Romi\Dropbox
2014-05-18 15:00 - 2013-05-31 22:10 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-05-18 15:00 - 2011-05-17 02:07 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 14:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 14:58 - 2009-07-14 06:39 - 00204892 _____ () C:\Windows\setupact.log
2014-05-18 14:56 - 2014-05-10 20:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-18 14:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-17 13:51 - 2012-04-11 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 13:51 - 2010-09-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 13:50 - 2013-08-14 00:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 13:45 - 2010-09-10 17:31 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-17 13:44 - 2014-05-17 13:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 12:51 - 2012-04-11 11:00 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-17 12:51 - 2011-12-16 22:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-17 12:18 - 2011-05-18 00:15 - 00000000 ____D () C:\Users\Romi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-17 12:11 - 2012-04-24 21:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-10 12:04 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-10 10:37 - 2010-09-10 16:09 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 10:33 - 2012-12-15 14:15 - 00000000 ____D () C:\Users\Romi\AppData\Local\AVG Secure Search
2014-05-09 09:06 - 2014-05-17 12:55 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-17 12:55 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:25 - 2014-05-17 13:41 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-17 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-17 13:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 18:56 - 2014-05-05 18:52 - 00000000 ____D () C:\Users\Romi\Desktop\Briest
2014-04-30 00:41 - 2013-11-20 02:34 - 00259913 _____ () C:\Windows\IE11_main.log
2014-04-30 00:37 - 2014-04-30 00:37 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 00:37 - 2014-04-30 00:37 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-30 00:37 - 2014-04-30 00:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-30 00:37 - 2014-04-30 00:37 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 23:53 - 2014-04-29 23:53 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-04-29 23:53 - 2013-09-25 23:46 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-04-29 23:53 - 2013-06-26 16:10 - 00003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-04-29 23:52 - 2012-12-15 14:14 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

Files to move or delete:
====================
C:\Users\Romi\CTX.DAT


Some content of TEMP:
====================
C:\Users\Romi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzmpiyo.dll
C:\Users\Romi\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Romi\AppData\Local\Temp\GLF8DC.tmp.ConduitEngineSetup.exe
C:\Users\Romi\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Romi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Romi\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Romi\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Romi\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Romi\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Romi\AppData\Local\Temp\oi_{045B1DEF-4431-4F1F-84A9-6362D525E5DA}.exe
C:\Users\Romi\AppData\Local\Temp\ose00000.exe
C:\Users\Romi\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Romi\AppData\Local\Temp\Shortcut_sweetim.exe
C:\Users\Romi\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Romi\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Romi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Romi\AppData\Local\Temp\softonic-de3.exe
C:\Users\Romi\AppData\Local\Temp\uninst1.exe
C:\Users\Romi\AppData\Local\Temp\uttE305.tmp.exe
C:\Users\Romi\AppData\Local\Temp\wajam_download.exe
C:\Users\Romi\AppData\Local\Temp\wajam_install.exe
C:\Users\Romi\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-17 12:56] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 11:51

==================== End Of Log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-05-2014
Ran by Romi at 2014-05-18 15:35:07
Running from C:\Users\Romi\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Premium (HKLM\...\{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.5.4 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Apple Application Support (HKLM\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}) (Version: 3.2.0.47 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
ArchiCAD 13 GER (HKLM\...\001FFF1FFF13FF00FF0201F00F02F000-R1) (Version:  - Graphisoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4336 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4336 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.0.443 - AVG Technologies)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.1.0 - )
Bonjour (HKLM\...\{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}) (Version: 2.0.3.0 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
CDex - Open Source Digital Audio CD Extractor (HKLM\...\CDex) (Version: 1.70.4.2009 - Georgy Berdyshev)
Cisco AnyConnect VPN Client (HKLM\...\{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}) (Version: 2.5.1025 - Cisco Systems, Inc.)
Conduit Engine (HKLM\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.6.33 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.13315 - Landesfinanzdirektion Thüringen)
Energy Management (HKLM\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 5.3.0.8 - Lenovo)
GIMP 2.6.10 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Internet Explorer Toolbar 4.6 by SweetPacks (HKLM\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}) (Version: 10.0.1.22 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle)
Lenovo Drivers Update Utility (HKLM\...\Lenovo Drivers Update Utility_is1) (Version:  - DGTSoft Inc.)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}) (Version: 3.1.3.0 - Apple Inc.)
Mozilla Firefox 29.0 (x86 de) (HKLM\...\Mozilla Firefox 29.0 (x86 de)) (Version: 29.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (3.1.3) (HKLM\...\Mozilla Thunderbird (3.1.3)) (Version: 3.1.3 (de) - Mozilla)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
Pixlr-o-matic (HKLM\...\Pixlromatic) (Version: 1.0 - UNKNOWN)
Pixlr-o-matic (Version: 1.0 - UNKNOWN) Hidden
QuickTime (HKLM\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RarZilla Free Unrar (HKLM\...\RarZilla Free Unrar) (Version: 2.90 - Philipp Winterberg)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SweetPacks bundle uninstaller (HKLM\...\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}) (Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Virtual DJ - Atomix Productions (HKLM\...\Virtual DJ - Atomix Productions) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Wajam (HKLM\...\Wajam) (Version: 1.51 - Wajam) <==== ATTENTION
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)

==================== Restore Points  =========================

19-03-2014 19:44:37 Windows Update
23-03-2014 14:06:31 Windows Update
25-03-2014 20:49:00 Windows Backup
06-04-2014 13:18:43 Windows Update
06-04-2014 13:23:03 Windows Backup
06-04-2014 13:52:30 Windows Update
06-04-2014 18:18:49 Windows Backup
06-04-2014 20:25:10 Windows Update
10-04-2014 22:16:35 Windows Update
29-04-2014 22:01:46 Windows Backup
29-04-2014 22:32:24 Windows Update
05-05-2014 16:46:16 Windows Backup
10-05-2014 08:34:37 Windows Update
10-05-2014 18:15:30 Windows Update
17-05-2014 10:23:24 Windows Backup
17-05-2014 11:39:26 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {102356AA-E969-46FE-81FE-643AB1B6AF8D} - System32\Tasks\{C8507317-4BE4-4AF3-944E-EA58E9073EFA} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {25E3D80B-AC81-4E5F-A22A-535FFC051C1A} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {418ADD14-44B1-445A-A13B-DAB4B835A63A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17] (Adobe Systems Incorporated)
Task: {7C62E3B3-D067-4730-A510-2E0089006CB1} - System32\Tasks\{979E9D53-AB7E-45AE-A91A-0D5E9B3E8C8F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/go/help.faq.installer?LastError=1618
Task: {808443C3-319A-4B6D-85FF-40E3382B51A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {9CE76659-939C-4ADC-A0B8-8E978CB9FA7F} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {A2AAB09A-D777-4243-B606-7C153ED32F94} - System32\Tasks\AdobeAAMUpdater-1.0-Romi-PC-Romi => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {BD97CBC3-BE46-4C2C-8A08-BF1329B6186F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CDF925BD-33F3-43D5-ADBD-62DB18C0F780} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-17] (Google Inc.)
Task: {D497ADAF-683F-4F3E-A6C5-561165072A99} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{CBFC41E1-49A3-4A5A-BCDC-847A5A4CDDB8}.exe
Task: {D64EE1A7-F2CA-4DFF-AC28-90A2D708C24C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {E72D8A19-D4EC-472A-AB09-8051A10F63E1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-17] (Google Inc.)
Task: {F6869B3E-1910-422C-A98F-67619C2384EE} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{CBFC41E1-49A3-4A5A-BCDC-847A5A4CDDB8}.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2014-04-29 23:53 - 2014-04-29 23:52 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\loggingserver.exe
2014-04-29 23:53 - 2014-04-29 23:52 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
2010-09-10 17:43 - 2008-12-20 03:20 - 00063304 _____ () C:\Program Files\Lenovo\Energy Management\kbdhook.dll
2010-09-10 17:43 - 2008-12-20 03:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2013-09-25 23:46 - 2014-04-29 23:52 - 02557976 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-05-18 15:02 - 2014-05-18 15:02 - 00041984 _____ () c:\users\romi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzmpiyo.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Romi\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-10 11:31 - 2014-05-10 11:32 - 03845232 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2011-06-27 17:54 - 2011-06-27 17:54 - 00506448 _____ () C:\Program Files\PC-Doctor\libAsapiCSharp.dll
2011-06-27 17:54 - 2011-06-27 17:54 - 00105040 _____ () C:\Program Files\PC-Doctor\libCSharpCommonCS.dll
2011-06-27 17:54 - 2011-06-27 17:54 - 00019536 _____ () C:\Program Files\PC-Doctor\libGapiCSharp.dll
2011-06-27 17:54 - 2011-06-27 17:54 - 00029776 _____ () C:\Program Files\PC-Doctor\libDataStoreCSharp.dll
2011-06-27 17:54 - 2011-06-27 17:54 - 00096848 _____ () C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll
2011-06-27 17:54 - 2011-06-27 17:54 - 00032336 _____ () C:\Program Files\PC-Doctor\pcdcsharpcommon.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:820563D3

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Romi\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Program Files\BitTorrent\BitTorrent.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/18/2014 03:34:36 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2412) Asapi: (15:34:36:3910)(2412) S3LogPusherPlugin.Helper - Error -- 334 Unable to storage the test log to medium

Error: (05/18/2014 03:15:56 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (2412) Asapi: (15:15:56:5060)(2412) engine.EngineLink - Error -- 81 Invalid connection to client

Error: (05/18/2014 03:00:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Transactions, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=x86" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (05/18/2014 03:00:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "AspNetMMCExt, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (05/18/2014 03:00:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Runtime.Remoting, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil".  The error returned was Error: The specified assembly is not installed.
.

Error: (05/18/2014 03:00:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (05/18/2014 03:00:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Services, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.

Error: (05/10/2014 02:00:59 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4544) Asapi: (14:00:59:1250)(4544) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium

Error: (05/10/2014 10:50:19 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5948) Asapi: (10:50:19:0430)(5948) enumerator - Error -- 116 pcdrsysinfosoftware: Module timed out after 130603 milliseconds and was terminated

Error: (05/10/2014 10:50:19 AM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (5948) Asapi: (10:50:19:0430)(5948) Matrix.ModuleImp - Error -- 54 Unable to get information from module due to failed exec.


System errors:
=============
Error: (05/18/2014 02:59:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ScreenCamera HR" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058

Error: (05/18/2014 02:59:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Audio" wurde nicht richtig gestartet.

Error: (05/18/2014 02:58:12 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/18/2014 02:58:12 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/17/2014 00:12:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ScreenCamera HR" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058

Error: (05/17/2014 00:12:01 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/17/2014 00:12:01 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/10/2014 10:33:05 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/05/2014 06:35:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ScreenCamera HR" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1058

Error: (05/05/2014 06:34:58 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (04/27/2011 04:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 1282 seconds with 60 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 1788.2 MB
Available physical RAM: 754.68 MB
Total Pagefile: 3576.41 MB
Available Pagefile: 2136.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.57 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:100.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:20 on 18/05/2014 (Romi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

cosinus · 18.05.2014, 15:47

Hi,

Zitat:

Platform: Microsoft Windows 7 Enterprise Service Pack 1
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE)

wie kommen die Enterprise Editions auf deinen Rechner?
Wo hast du das Gerät her, wer hat es installiert, ist es ein gewerblich genutztes System oder war es das mal?

Speedy2014 · 18.05.2014, 16:54

Hi,

den Laptop habe ich selbst gekauft, aber ein Bekannter von mir hat ihn eingerichtet. Keine Ahnung, was er da veranstaltet hat. Aber sollte ich neu formatieren müssen, ist die Version ja eh weg.

Viele Grüße

cosinus · 19.05.2014, 00:25

Was zum Geier hat der da eingerichtet, es gibt fast keine Notebooks ohne vorinstalliertem Windows. Klär das mal warum dein Bekannter da ein Enterprise Windows & Office draufgepackt hat. Ich glaube kaum, dass es sich hier um legale sondern gecrackte Geschichten handelt. Und wenn das Betriebssystem schon gecrackt ist, dann gibt es keine Bereinigung hier mehr. Schau auch mal nach, was für einen Windows-Lizenzaufkleber dein Notebook hat.

Speedy2014 · 19.05.2014, 22:17

Der Bekannte von mir hat eine eigene Firma und da bin ich mit auf der "MSDN subscription" drauf, sagt er.

cosinus · 20.05.2014, 00:12

Ok, das ist sein Ding dann wenn er meint.

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Speedy2014 · 21.05.2014, 10:06

super, dass ihr mir helft. Ich wollte noch sagen, dass der Computer sich nur ganz schwer starten lässt. Meist geht nur die "an" led an und nichts passiert, manchmal hört man den Lüfter und nach im Schnitt 5 versuchen an aus startet er dann langsam.

Code:

ATTFilter

# AdwCleaner v3.210 - Report created 20/05/2014 at 23:23:44
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Romi - ROMI-PC
# Running from : C:\Users\Romi\Desktop\adwcleaner_3.210.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : WajamUpdater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Wajam
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Romi\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Romi\AppData\Local\Wajam
Folder Deleted : C:\Users\Romi\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Romi\AppData\Local\Temp\mt_ffx
Folder Deleted : C:\Users\Romi\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Romi\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Romi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Romi\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Romi\AppData\LocalLow\softonic-de3
Folder Deleted : C:\Users\Romi\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Romi\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Romi\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Romi\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Romi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Romi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Romi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl
File Deleted : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\bProtector_extensions.rdf
File Deleted : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\bprotector_prefs.js
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\searchplugins\claro.xml
File Deleted : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\user.js
File Deleted : C:\Users\Romi\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\BrowserProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25E3D80B-AC81-4E5F-A22A-535FFC051C1A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25E3D80B-AC81-4E5F-A22A-535FFC051C1A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\59538ddfb26ebf13
Key Deleted : HKLM\SOFTWARE\59538ddfb26ebf13
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-flash-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_adobe-flash-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pixlr-o-matic_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_pixlr-o-matic_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{462BA517-CD06-472B-9388-555F5A265145}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{462BA517-CD06-472B-9388-555F5A265145}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74946672-4342-439E-8EB6-E15697CA7E98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8185BBBC-1821-4FB5-9FFD-40C644676F34}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\softonic-de3
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\Software\softonic-de3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\B6EF34C0188ECFA43B48A4BE9C00748E
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ File : C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\prefs.js ]

Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=114506&babsrc=HP_clro&mntrId=2ec66bcb000000000000002682597d63");
Line Deleted : user_pref("avg.install.userSPSettings", "Claro Search");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=114506&babsrc=NT_clro&mntrId=2ec66bcb000000000000002682597d63");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={6060F083-8D82-4889-B801-BB96FC53D723}&mid=0c9050f400e747d6b2e9a113f084fe0b-25b097fd69b0d57d200fd462cd17f9f95425031b&lang=de&ds=AVG&p[...]
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.claro.admin", false);
Line Deleted : user_pref("extensions.claro.aflt", "babsst");
Line Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Line Deleted : user_pref("extensions.claro.autoRvrt", "false");
Line Deleted : user_pref("extensions.claro.dfltLng", "en");
Line Deleted : user_pref("extensions.claro.excTlbr", false);
Line Deleted : user_pref("extensions.claro.id", "2ec66bcb000000000000002682597d63");
Line Deleted : user_pref("extensions.claro.instlDay", "15730");
Line Deleted : user_pref("extensions.claro.instlRef", "sst");
Line Deleted : user_pref("extensions.claro.prdct", "claro");
Line Deleted : user_pref("extensions.claro.prtnrId", "claro");
Line Deleted : user_pref("extensions.claro.rvrt", "false");
Line Deleted : user_pref("extensions.claro.tlbrId", "base");
Line Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.claro.vrsn", "1.8.8.5");
Line Deleted : user_pref("extensions.claro.vrsni", "1.8.8.5");
Line Deleted : user_pref("extensions.claro_i.excTlbr", false);
Line Deleted : user_pref("extensions.claro_i.newTab", false);
Line Deleted : user_pref("extensions.claro_i.smplGrp", "none");
Line Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.8.519:38:14");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1400420417276");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{8F18489B-BB2E-11E1-800B-705AB66017F8}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Romi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [30047 octets] - [20/05/2014 23:02:54]
AdwCleaner[S0].txt - [28981 octets] - [20/05/2014 23:23:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29042 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x86
Ran by Romi on 21.05.2014 at  9:41:20,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3463353614-471682109-4233546492-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3463353614-471682109-4233546492-1000\Software\wajam



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Romi\AppData\Roaming\mozilla\firefox\profiles\0hsu6duq.default\minidumps [236 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.05.2014 at  9:48:12,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Romi (administrator) on ROMI-PC on 21-05-2014 10:00:05
Running from C:\Users\Romi\Desktop
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Dropbox, Inc.) C:\Users\Romi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Romi\Desktop\FRST(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\utility.exe [4114368 2009-12-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [6223808 2009-12-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-22] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
Startup: C:\Users\Romi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Romi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x682F1DA5F450CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} hxxp://consumersupport.lenovo.com/smartdownloading/cab/npdueng.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @lenovo.com/dueng,version=2.0 - C:\Windows\system32\lenovo\update\npdueng.dll (Lenovo)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nullsoft.com/winampDetector;version=1 - C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Romi\AppData\Roaming\Mozilla\Firefox\Profiles\0hsu6duq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-24]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-05-18]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-18]

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (Skype Extension) - C:\Users\Romi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-05-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21256 2009-09-03] (Lenovo Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-29] (AVG Technologies)
S2 SCRCAMHRDRV; C:\Windows\System32\DRIVERS\SCRCAMHRDRV.sys [234800 2010-03-01] (Windows (R) Server 2003 DDK provider)
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 StarOpen; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 09:58 - 2014-05-21 09:59 - 01056768 _____ (Farbar) C:\Users\Romi\Desktop\FRST(1).exe
2014-05-21 09:48 - 2014-05-21 09:48 - 00001128 _____ () C:\Users\Romi\Desktop\JRT.txt
2014-05-21 09:40 - 2014-05-21 09:40 - 00000000 ____D () C:\Windows\ERUNT
2014-05-21 09:39 - 2014-05-21 09:39 - 01016261 _____ (Thisisu) C:\Users\Romi\Desktop\JRT.exe
2014-05-20 23:30 - 2014-05-20 23:30 - 00029123 _____ () C:\Users\Romi\Desktop\AdwCleaner[S0].txt
2014-05-20 23:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-20 23:02 - 2014-05-20 23:24 - 00000000 ____D () C:\AdwCleaner
2014-05-20 23:00 - 2014-05-20 23:00 - 01326389 _____ () C:\Users\Romi\Desktop\adwcleaner_3.210.exe
2014-05-18 16:22 - 2014-05-18 16:22 - 00000000 _____ () C:\Users\Romi\Desktop\gmer.txt
2014-05-18 15:42 - 2014-05-18 15:42 - 00380416 _____ () C:\Users\Romi\Desktop\Gmer-19357.exe
2014-05-18 15:35 - 2014-05-18 15:36 - 00025767 _____ () C:\Users\Romi\Desktop\Addition.txt
2014-05-18 15:31 - 2014-05-21 10:00 - 00011289 _____ () C:\Users\Romi\Desktop\FRST.txt
2014-05-18 15:31 - 2014-05-21 10:00 - 00000000 ____D () C:\FRST
2014-05-18 15:28 - 2014-05-18 15:28 - 01056768 _____ (Farbar) C:\Users\Romi\Downloads\FRST.exe
2014-05-18 15:21 - 2014-05-18 15:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-18 15:20 - 2014-05-18 15:23 - 00000470 _____ () C:\Users\Romi\Desktop\defogger_disable.log
2014-05-18 15:20 - 2014-05-18 15:20 - 00000000 _____ () C:\Users\Romi\defogger_reenable
2014-05-18 15:18 - 2014-05-18 15:18 - 00050477 _____ () C:\Users\Romi\Desktop\Defogger.exe
2014-05-17 13:44 - 2014-05-17 13:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 13:41 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 13:41 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 13:41 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 12:56 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-17 12:56 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-17 12:56 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-17 12:56 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-17 12:56 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-17 12:56 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-17 12:56 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-17 12:56 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-17 12:56 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 12:56 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-17 12:56 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-17 12:56 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-17 12:55 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-17 12:55 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-17 12:45 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-10 20:17 - 2014-05-18 14:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-10 20:16 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-05 18:52 - 2014-05-05 18:56 - 00000000 ____D () C:\Users\Romi\Desktop\Briest
2014-04-30 00:37 - 2014-04-30 00:37 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 00:37 - 2014-04-30 00:37 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-30 00:37 - 2014-04-30 00:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-30 00:37 - 2014-04-30 00:37 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

==================== One Month Modified Files and Folders =======

2014-05-21 10:01 - 2014-05-18 15:31 - 00011289 _____ () C:\Users\Romi\Desktop\FRST.txt
2014-05-21 10:00 - 2014-05-18 15:31 - 00000000 ____D () C:\FRST
2014-05-21 09:59 - 2014-05-21 09:58 - 01056768 _____ (Farbar) C:\Users\Romi\Desktop\FRST(1).exe
2014-05-21 09:51 - 2012-04-11 11:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 09:48 - 2014-05-21 09:48 - 00001128 _____ () C:\Users\Romi\Desktop\JRT.txt
2014-05-21 09:40 - 2014-05-21 09:40 - 00000000 ____D () C:\Windows\ERUNT
2014-05-21 09:39 - 2014-05-21 09:39 - 01016261 _____ (Thisisu) C:\Users\Romi\Desktop\JRT.exe
2014-05-21 09:28 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 09:28 - 2009-07-14 06:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 09:26 - 2010-12-23 23:26 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-21 09:22 - 2011-05-18 00:19 - 00000000 ___RD () C:\Users\Romi\Dropbox
2014-05-21 09:22 - 2011-05-18 00:14 - 00000000 ____D () C:\Users\Romi\AppData\Roaming\Dropbox
2014-05-21 09:20 - 2013-05-31 22:10 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-05-21 09:20 - 2011-05-17 02:07 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 09:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-21 09:20 - 2009-07-14 06:39 - 00205116 _____ () C:\Windows\setupact.log
2014-05-20 23:30 - 2014-05-20 23:30 - 00029123 _____ () C:\Users\Romi\Desktop\AdwCleaner[S0].txt
2014-05-20 23:30 - 2010-09-10 16:01 - 01973389 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 23:26 - 2011-09-11 23:51 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-20 23:26 - 2010-09-10 17:46 - 00079960 _____ () C:\Windows\PFRO.log
2014-05-20 23:24 - 2014-05-20 23:02 - 00000000 ____D () C:\AdwCleaner
2014-05-20 23:08 - 2011-05-17 02:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 23:07 - 2014-03-25 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-20 23:00 - 2014-05-20 23:00 - 01326389 _____ () C:\Users\Romi\Desktop\adwcleaner_3.210.exe
2014-05-18 17:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-18 16:50 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-18 16:23 - 2011-09-11 23:51 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-05-18 16:22 - 2014-05-18 16:22 - 00000000 _____ () C:\Users\Romi\Desktop\gmer.txt
2014-05-18 16:02 - 2012-04-24 21:35 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-18 15:51 - 2012-04-11 11:00 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-18 15:51 - 2011-12-16 22:52 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-18 15:42 - 2014-05-18 15:42 - 00380416 _____ () C:\Users\Romi\Desktop\Gmer-19357.exe
2014-05-18 15:36 - 2014-05-18 15:35 - 00025767 _____ () C:\Users\Romi\Desktop\Addition.txt
2014-05-18 15:28 - 2014-05-18 15:28 - 01056768 _____ (Farbar) C:\Users\Romi\Downloads\FRST.exe
2014-05-18 15:23 - 2014-05-18 15:21 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-18 15:23 - 2014-05-18 15:20 - 00000470 _____ () C:\Users\Romi\Desktop\defogger_disable.log
2014-05-18 15:20 - 2014-05-18 15:20 - 00000000 _____ () C:\Users\Romi\defogger_reenable
2014-05-18 15:20 - 2010-09-10 16:04 - 00000000 ____D () C:\Users\Romi
2014-05-18 15:18 - 2014-05-18 15:18 - 00050477 _____ () C:\Users\Romi\Desktop\Defogger.exe
2014-05-18 14:56 - 2014-05-10 20:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-18 14:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-17 13:51 - 2010-09-10 17:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-17 13:50 - 2013-08-14 00:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-17 13:45 - 2010-09-10 17:31 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-17 13:44 - 2014-05-17 13:44 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-17 12:18 - 2011-05-18 00:15 - 00000000 ____D () C:\Users\Romi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-10 10:37 - 2010-09-10 16:09 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 09:06 - 2014-05-17 12:55 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-17 12:55 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 05:25 - 2014-05-17 13:41 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-17 13:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-17 13:41 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 18:56 - 2014-05-05 18:52 - 00000000 ____D () C:\Users\Romi\Desktop\Briest
2014-04-30 00:41 - 2013-11-20 02:34 - 00259913 _____ () C:\Windows\IE11_main.log
2014-04-30 00:37 - 2014-04-30 00:37 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-30 00:37 - 2014-04-30 00:37 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-30 00:37 - 2014-04-30 00:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-30 00:37 - 2014-04-30 00:37 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-30 00:37 - 2014-04-30 00:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-30 00:37 - 2014-04-30 00:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 23:53 - 2013-06-26 16:10 - 00003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-04-29 23:52 - 2012-12-15 14:14 - 00042272 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx86.sys

Files to move or delete:
====================
C:\Users\Romi\CTX.DAT


Some content of TEMP:
====================
C:\Users\Romi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzxu3wo.dll
C:\Users\Romi\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Romi\AppData\Local\Temp\GLF8DC.tmp.ConduitEngineSetup.exe
C:\Users\Romi\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Romi\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Romi\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Romi\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Romi\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Romi\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Romi\AppData\Local\Temp\oi_{045B1DEF-4431-4F1F-84A9-6362D525E5DA}.exe
C:\Users\Romi\AppData\Local\Temp\ose00000.exe
C:\Users\Romi\AppData\Local\Temp\Quarantine.exe
C:\Users\Romi\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Romi\AppData\Local\Temp\Shortcut_sweetim.exe
C:\Users\Romi\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Romi\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Romi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Romi\AppData\Local\Temp\softonic-de3.exe
C:\Users\Romi\AppData\Local\Temp\uninst1.exe
C:\Users\Romi\AppData\Local\Temp\uttE305.tmp.exe
C:\Users\Romi\AppData\Local\Temp\wajam_download.exe
C:\Users\Romi\AppData\Local\Temp\wajam_install.exe
C:\Users\Romi\AppData\Local\Temp\ytb.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-17 12:56] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 11:51

==================== End Of Log ============================

--- --- ---

cosinus · 21.05.2014, 11:10

Okay, dann bitte Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Speedy2014 · 21.05.2014, 17:35

hier die neuen scans. Der Akku funktioniert übrigens gar nicht mehr. Nur zur Info, vielleicht hängt das ja auch mit den startschwierigkeiten zusammen...

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 21.05.2014
Suchlauf-Zeit: 12:50:30
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.21.04
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Romi

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 245169
Verstrichene Zeit: 27 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 19
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe, In Quarantäne, [f117c49069120d29b49193e13fc5e51b], 
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\Shortcut_sweetim.exe, In Quarantäne, [b0585bf9fa8189ade85d92e2c73dda26], 
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\mgsqlite3.dll, In Quarantäne, [c147db79c3b83ef8e75e9bd946be639d], 
Trojan.RotBrow.A, C:\Users\Romi\AppData\Local\Temp\che5D7D.tmp, In Quarantäne, [e5239fb57dfe3501bb746911b15022de], 
PUP.Optional.Wajam.A, C:\Users\Romi\AppData\Local\Temp\wajam_install.exe, In Quarantäne, [c2464c0864178da92e4054ca06fa8080], 
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\{3B000140-654F-6BE1-890A-2D6DE0E323B6}\Addons\sweetim.exe, In Quarantäne, [7296d87ce9920135360faec62bd9e917], 
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\OfferID9000\bundlesweetimsetup.exe, In Quarantäne, [2fd9b69ed2a9ea4cde6702720cf818e8], 
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\OfferID9001\bundlesweetimsetup.exe, In Quarantäne, [df293123bdbe003694b1e1936b996799], 
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\OfferID9999\bundlesweetimsetup.exe, In Quarantäne, [d731371dbcbf6bcbb095df9582822ad6], 
Trojan.RotBrowse, C:\Users\Romi\AppData\Local\Temp\A85CA217-BAB0-7891-B9AB-AFF21C1AED11\Latest\ccp.exe, In Quarantäne, [0404c98b7dfe38fe9a99de66e123748c], 
PUP.Optional.Montera.A, C:\Users\Romi\AppData\Local\Temp\A85CA217-BAB0-7891-B9AB-AFF21C1AED11\Latest\MyBabylonTB.exe, In Quarantäne, [bf49d77db2c9c571efcd0b65f60bd52b], 
PUP.Optional.SweetIM, C:\Users\Romi\AppData\Local\Temp\2827278562\chromeupdaterfull.exe, In Quarantäne, [c64244105823f83eed58561ece3603fd], 
PUP.Optional.Softonic.A, C:\Users\Romi\Downloads\SoftonicDownloader_fuer_pixlr-o-matic.exe, In Quarantäne, [0bfd1b395823b08624ed59c7c73aca36], 
PUP.Optional.OpenCandy, C:\Users\Romi\Downloads\winamp5581_full_bundle_emusic-7plus_en-us.exe, In Quarantäne, [9474193bf7841224f0c4d79d57ad9769], 
PUP.Optional.OpenCandy, C:\Users\Romi\Downloads\winamp563_full_emusic-7plus_all(1).exe, In Quarantäne, [44c4cd8739421d19763eb9bb857f29d7], 
PUP.Optional.OpenCandy, C:\Users\Romi\Downloads\winamp563_full_emusic-7plus_all.exe, In Quarantäne, [0efa70e439429c9ab400165e9173d32d], 
PUP.Optional.OpenCandy.A, C:\Users\Romi\Downloads\winamp565_full_emusic-7plus_all.exe, In Quarantäne, [9276a3b192e90c2a6affe35f32cea15f], 
PUP.Optional.SweetIM, C:\Windows\Installer\16427b6.msi, In Quarantäne, [eb1da8ac3546280e1e271064a65eb749], 
PUP.Optional.SweetIM, C:\Windows\Installer\16427ce.msi, In Quarantäne, [34d45301fc7f9b9b9aabbdb76a9a7a86], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e4be71514335c843ba1f0a02a7ac4efc
# engine=18351
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-21 04:23:05
# local_time=2014-05-21 06:23:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 26766642 152320576 0 0
# scanned=204006
# found=15
# cleaned=0
# scan_time=9602
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\ConduitEngine\ConduitEngine.dll.vir"
sh=DE9B204D012FB33BD0C347BDF97964DF713275F6 ft=1 fh=0c4b823d0078b59b vn="Win32/Wajam.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Wajam\IE\priam_bho.dll.vir"
sh=A252FEDCEEDCA1655D593982040CCEED07812DEF ft=1 fh=975aa770e795194d vn="Win32/Wajam.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Wajam\Updater\WajamUpdater.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Romi\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=E52066236563D51EA30A42BF905692FB7055053B ft=1 fh=c71c0011d38dd872 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lenovo Drivers Update Utility\driverlib.dll"
sh=CECF436EC2CC2B184098D240FF8C7B6F11D231BE ft=1 fh=693f35bf8f3c0150 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\AppData\Local\Temp\softonic-de3.exe"
sh=3F7976498661C306FE1B73EA0F8FD80C7C30F3F7 ft=1 fh=93a499006a4dae46 vn="Win32/Wajam.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\AppData\Local\Temp\wajam_download.exe"
sh=E17439583212C06773999FC1D7348BEE61D3CC37 ft=1 fh=a4005ec9d1726284 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\AppData\Local\Temp\A85CA217-BAB0-7891-B9AB-AFF21C1AED11\Setup.exe"
sh=35B21F8E30C52C943B437503DA1628EA0BCA86FC ft=1 fh=0e562033e18bbf1f vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\AppData\Local\Temp\A85CA217-BAB0-7891-B9AB-AFF21C1AED11\Latest\IECookieLow.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\AppData\Local\Temp\A85CA217-BAB0-7891-B9AB-AFF21C1AED11\Latest\IEHelper.dll"
sh=1B2983DD978DB886263B1740E4C7E0CA1CEF88C4 ft=1 fh=29f8994b325a4b60 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\AppData\Local\Temp\A85CA217-BAB0-7891-B9AB-AFF21C1AED11\Latest\Setup.exe"
sh=F76164513E979CD7D4D24FEDDFDD221CA2FE8D95 ft=1 fh=04f196d458950267 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\Downloads\CCleaner - CHIP-Downloader.exe"
sh=FF559A327F89C18218855B9A29AF4E9B2542AEBC ft=1 fh=36a8d984d3787c24 vn="Win32/DriverBoss.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\Downloads\lenovo-drivers-update-utility.exe"
sh=5F77DD79DC81F78221EE7034C7D09F6E97A997CE ft=1 fh=fb6c34a30adebd81 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Romi\Downloads\SoftonicDownloader_fuer_adobe-flash-player.exe"

cosinus · 21.05.2014, 22:56

Nur noch ein paar Reste.

TFC - Temp File Cleaner

Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Speedy2014 · 22.05.2014, 08:38

Es scheint alles wieder zu funktionieren

cosinus · 22.05.2014, 08:55

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Speedy2014 · 22.05.2014, 09:19

Hey! Super! Ein kleines Problem ist jetzt noch aufgetreten. Firefox friert nach dem Start sofort ein. Nach 10 min tut sich nichts. Ich hatte versucht die gesamte Chronik zu löschen. Sie war riesig...

Danke für die geniale Hilfe!

Edit: Hier ist eine Nawa1110.exe auf dem Desktop. Was ist das und was mache ich damit?

cosinus · 22.05.2014, 09:40

Zitat:

Edit: Hier ist eine Nawa1110.exe auf dem Desktop. Was ist das und was mache ich damit?

Woher soll ich denn das wissen was du dir auf den Desktop packst??!

Speedy2014 · 22.05.2014, 17:49

Hat sich alles erledigt. System läuft einwandfrei! Vielen Dank für die Hilfe cosinus

Windows 7: Laptop extrem langsam

Log-Analyse und Auswertung: Windows 7: Laptop extrem langsam