| |
| |||||||
Log-Analyse und Auswertung: nervende Pop-ups beim Surfen im InternetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.07.2014, 13:45
| #1 |
| |  nervende Pop-ups beim Surfen im Internet Vor kurzem trat bei mir das Problem auf, dass während des Surfens Pop-Ups auftraten. Außerdem erscheinen beim Surfen auch blau unterstrichene Wörter, die ebenfalls zu Pop-Ups führen. Mein Betriebssystem ist Windows 7. Ich habe unter der Systemsteuerung alle unbekannten Programme gelöscht und Erweiterungen bei Google Chrome entfernt, nur hat das das Problem nicht behoben. Leider kenne ich mich in diesem Bereich nicht so gut aus. Ich habe bisher nur einen Systemscan mit FRST gemacht: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Tim (administrator) on TIM-PC on 03-07-2014 13:58:08
Running from C:\Users\Tim\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
() C:\Program Files\003\hmmwwoblzz64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\SupraSavingsService64.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
() C:\Program Files (x86)\Freetec\TubeBox\TubeBox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860040 2010-12-10] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-11-25] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Facebook Update] => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-25] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Hoolapp Android] => "C:\Users\Tim\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Google+ Auto Backup] => "C:\Users\Tim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {05e26f25-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {05e26f43-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {2015051a-041a-11e3-a567-00030d000001} - E:\iStudio.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Facebook Update] => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-25] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Hoolapp Android] => "C:\Users\Tim\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Google+ Auto Backup] => "C:\Users\Tim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Amazon Cloud Player] => C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {05e26f25-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {05e26f43-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {2015051a-041a-11e3-a567-00030d000001} - E:\iStudio.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {54c7a3c9-523c-11e0-800b-806e6f6e6963} - D:\autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317483&octid=CT3317483&SearchSource=61&CUI=UN10777025582064410&UM=2&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM-x32 - DefaultScope {94FFAD7D-8641-4A53-B922-8DCB67274105} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {94FFAD7D-8641-4A53-B922-8DCB67274105} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {94FFAD7D-8641-4A53-B922-8DCB67274105} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
BHO: PinPhotoZoom - {4a0c8953-9d4e-4790-b732-2b9fc9ebce05} - C:\Users\Tim\AppData\Roaming\PinPhotoZoom\64\AutocompletePro64.dll (SimplyGen)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: 2rs3 - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SupraSavings\2rs3.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: PinPhotoZoom - {4a0c8953-9d4e-4790-b732-2b9fc9ebce05} - C:\Users\Tim\AppData\Roaming\PinPhotoZoom\AutocompletePro.dll (SimplyGen)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: RadioTotal Customized Web Search
FF SearchEngineOrder.1: Search the web (Babylon)
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\plasmoo.xml
FF Extension: Plasmoo Search Engine - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\engine@plasmoo.com [2011-07-14]
FF Extension: incredibar.com - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\ffxtlbr@incredibar.com [2012-10-19]
FF Extension: softonic.com - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\ffxtlbra@softonic.com [2012-10-19]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\sparpilot@sparpilot.com [2014-04-11]
FF Extension: SupraSavings - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\SupraSavings@jetpack [2014-06-20]
FF Extension: RadioTotal - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{2ee84ac6-8dd6-4a14-bd37-b79c8f9ecf4d} [2014-06-20]
FF Extension: DealPly - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-08-23]
FF Extension: PinPhotoZoom - Eaisly zoom photos in Pinterest! - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{ebc3cfe3-606b-4470-98ae-4dd305d4c0b9} [2013-05-21]
FF Extension: BetterAds - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\betterads@BetterAds.org.xpi [2012-10-19]
FF Extension: GMX MailCheck - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\toolbar@gmx.net.xpi [2012-05-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-21]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2011-05-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKCU\...\Firefox\Extensions: [lspeaker@lyricsspeaker.net] - C:\Program Files (x86)\LyricsSpeaker\128.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsSpeaker\128.xpi [2013-08-17]
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3320325&octid=EB_ORIGINAL_CTID&ISID=M637B8354-47E7-40FE-A1FE-42C22830FE17&SearchSource=55&CUI=&UM=5&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3317483&SearchSource=48&CUI=UN23478112263258983&UM=2&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
CHR Extension: (Chelsea FC) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\balpfijklohemjmpdkdpgoklgahmleip [2013-03-02]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]
CHR Extension: (Google-Suche) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
CHR Extension: (DivX HiQ) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-03-02]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-02]
CHR Extension: (Google Mail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]
CHR Extension: (Extutil) - C:\Users\Tim\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-01-17]
CHR Extension: (Managera) - C:\Users\Tim\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-01-17]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-01-17]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2014-01-17]
CHR HKCU\...\Chrome\Extension: [ioighjflakajniehlakelhkdfljfemcd] - C:\Users\Tim\AppData\Local\CRE\ioighjflakajniehlakelhkdfljfemcd.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [aigpiepdfjlnahejechnegkblnkidiom] - C:\Program Files (x86)\LyricsSpeaker\128.crx [2013-08-16]
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Tim\AppData\Local\MediaBA\betterads.crx [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Tim\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ioighjflakajniehlakelhkdfljfemcd] - C:\Users\Tim\AppData\Local\CRE\ioighjflakajniehlakelhkdfljfemcd.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [mbdamgnimlipjnpgiakiojcbbmcmiibn] - C:\Program Files (x86)\PinPhotoZoom\chrome\PinPhotoZoomChrome.crx [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.
|
|
03.07.2014, 13:52
| #2 |
| /// the machine /// TB-Ausbilder    | nervende Pop-ups beim Surfen im Internet Hi,
__________________FRST öffnen ,Haken setzen bei Addition und scannen, poste bitte beide Logs.
__________________ |
|
03.07.2014, 14:19
| #3 |
| | nervende Pop-ups beim Surfen im InternetFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014
Ran by Tim (administrator) on TIM-PC on 03-07-2014 14:56:07
Running from C:\Users\Tim\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
() C:\Program Files\003\hmmwwoblzz64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\SupraSavingsService64.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860040 2010-12-10] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-11-25] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Facebook Update] => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-25] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Hoolapp Android] => "C:\Users\Tim\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Google+ Auto Backup] => "C:\Users\Tim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {05e26f25-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {05e26f43-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {2015051a-041a-11e3-a567-00030d000001} - E:\iStudio.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Facebook Update] => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-25] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Hoolapp Android] => "C:\Users\Tim\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Tim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Google+ Auto Backup] => "C:\Users\Tim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Amazon Cloud Player] => C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {05e26f25-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {05e26f43-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {2015051a-041a-11e3-a567-00030d000001} - E:\iStudio.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\MountPoints2: {54c7a3c9-523c-11e0-800b-806e6f6e6963} - D:\autorun.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
ShortcutTarget: Launcher.lnk -> C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3317483&octid=CT3317483&SearchSource=61&CUI=UN10777025582064410&UM=2&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM-x32 - DefaultScope {94FFAD7D-8641-4A53-B922-8DCB67274105} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {94FFAD7D-8641-4A53-B922-8DCB67274105} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {94FFAD7D-8641-4A53-B922-8DCB67274105} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=protegere
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
BHO: PinPhotoZoom - {4a0c8953-9d4e-4790-b732-2b9fc9ebce05} - C:\Users\Tim\AppData\Roaming\PinPhotoZoom\64\AutocompletePro64.dll (SimplyGen)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: 2rs3 - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\SupraSavings\2rs3.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll No File
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: PinPhotoZoom - {4a0c8953-9d4e-4790-b732-2b9fc9ebce05} - C:\Users\Tim\AppData\Roaming\PinPhotoZoom\AutocompletePro.dll (SimplyGen)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: RadioTotal Customized Web Search
FF SearchEngineOrder.1: Search the web (Babylon)
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\plasmoo.xml
FF Extension: Plasmoo Search Engine - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\engine@plasmoo.com [2011-07-14]
FF Extension: incredibar.com - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\ffxtlbr@incredibar.com [2012-10-19]
FF Extension: softonic.com - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\ffxtlbra@softonic.com [2012-10-19]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\sparpilot@sparpilot.com [2014-04-11]
FF Extension: SupraSavings - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\SupraSavings@jetpack [2014-06-20]
FF Extension: RadioTotal - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{2ee84ac6-8dd6-4a14-bd37-b79c8f9ecf4d} [2014-06-20]
FF Extension: DealPly - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-08-23]
FF Extension: PinPhotoZoom - Eaisly zoom photos in Pinterest! - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{ebc3cfe3-606b-4470-98ae-4dd305d4c0b9} [2013-05-21]
FF Extension: BetterAds - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\betterads@BetterAds.org.xpi [2012-10-19]
FF Extension: GMX MailCheck - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\toolbar@gmx.net.xpi [2012-05-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-21]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2011-05-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014-07-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF HKCU\...\Firefox\Extensions: [lspeaker@lyricsspeaker.net] - C:\Program Files (x86)\LyricsSpeaker\128.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsSpeaker\128.xpi [2013-08-17]
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3320325&octid=EB_ORIGINAL_CTID&ISID=M637B8354-47E7-40FE-A1FE-42C22830FE17&SearchSource=55&CUI=&UM=5&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3317483&SearchSource=48&CUI=UN23478112263258983&UM=2&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
CHR Extension: (Chelsea FC) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\balpfijklohemjmpdkdpgoklgahmleip [2013-03-02]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]
CHR Extension: (Google-Suche) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
CHR Extension: (DivX HiQ) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-03-02]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-02]
CHR Extension: (Google Mail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]
CHR Extension: (Extutil) - C:\Users\Tim\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-01-17]
CHR Extension: (Managera) - C:\Users\Tim\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-01-17]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2014-01-17]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2014-01-17]
CHR HKCU\...\Chrome\Extension: [ioighjflakajniehlakelhkdfljfemcd] - C:\Users\Tim\AppData\Local\CRE\ioighjflakajniehlakelhkdfljfemcd.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [aigpiepdfjlnahejechnegkblnkidiom] - C:\Program Files (x86)\LyricsSpeaker\128.crx [2013-08-16]
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Tim\AppData\Local\MediaBA\betterads.crx [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Tim\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2012-06-27]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ioighjflakajniehlakelhkdfljfemcd] - C:\Users\Tim\AppData\Local\CRE\ioighjflakajniehlakelhkdfljfemcd.crx [2013-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [mbdamgnimlipjnpgiakiojcbbmcmiibn] - C:\Program Files (x86)\PinPhotoZoom\chrome\PinPhotoZoomChrome.crx [2013-05-21]
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx [2012-10-19]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
==================== Services (Whitelisted) =================
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2012-07-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-03] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations) [File not signed]
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868224 2010-12-10] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 hmmwwoblzz64; C:\Program Files\003\hmmwwoblzz64.exe [709120 2014-06-20] () [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-06-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2010-10-28] () [File not signed]
R2 SupraSavingsService64; C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\SupraSavingsService64.exe [172544 2014-06-25] () [File not signed]
S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] () [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-07-01] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2012-07-30] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2012-07-30] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2012-07-30] (Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2012-07-30] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-01-08] (REALiX(tm))
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110713.031\IDSvia64.sys [488056 2011-07-08] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110714.005\ENG64.SYS [117880 2011-07-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110714.005\EX64.SYS [2011768 2011-07-01] (Symantec Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-03-30] (StdLib)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\Tim\AppData\Local\Temp\0059AE9.tmp [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-03 13:58 - 2014-07-03 15:04 - 00045905 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-03 13:49 - 2014-07-03 13:50 - 00039368 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-07-03 13:46 - 2014-07-03 14:57 - 00000000 ____D () C:\FRST
2014-07-03 13:45 - 2014-07-03 13:46 - 02083840 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-03 13:36 - 2014-07-03 13:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tim\Downloads\SpyHunter-Installer (1).exe
2014-07-03 13:35 - 2014-07-03 13:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tim\Downloads\SpyHunter-Installer.exe
2014-07-03 13:28 - 2014-07-03 13:28 - 00002104 _____ () C:\Users\Tim\Desktop\Avira Free Antivirus Profil Lokale Festplatten.LNK
2014-07-01 00:49 - 2014-07-01 00:49 - 00003098 _____ () C:\Windows\System32\Tasks\{7255066F-C0FA-4F6D-986F-F2F7411E4FDA}
2014-07-01 00:36 - 2014-07-01 00:36 - 00998592 _____ () C:\Users\Tim\Downloads\setup (1).exe
2014-06-27 23:39 - 2014-06-27 23:39 - 00000000 ____D () C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9
2014-06-20 13:06 - 2014-06-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-06-20 13:04 - 2014-07-03 14:40 - 00000000 ____D () C:\Program Files\suprasavings
2014-06-20 13:04 - 2014-06-20 13:06 - 00000000 ____D () C:\temp
2014-06-20 13:04 - 2014-06-20 13:04 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-06-20 13:03 - 2014-07-03 13:03 - 00002160 _____ () C:\Windows\Tasks\a572a9d1-bfa7-4ec0-9fee-795843c32073-4.job
2014-06-20 13:03 - 2014-06-20 13:04 - 00000000 ____D () C:\Program Files\003
2014-06-20 13:03 - 2014-06-20 13:03 - 00005190 _____ () C:\Windows\System32\Tasks\a572a9d1-bfa7-4ec0-9fee-795843c32073-4
2014-06-20 13:02 - 2014-07-01 01:07 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-06-20 13:02 - 2014-06-20 13:02 - 00000000 ____D () C:\Users\Tim\AppData\Local\globalUpdate
2014-06-20 13:01 - 2014-06-20 13:01 - 00119296 _____ () C:\Windows\system32\opengl42.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-11 18:33 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 18:33 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 18:33 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 18:33 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 18:33 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 18:33 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 18:33 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 18:33 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 18:33 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 18:33 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 18:33 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 18:33 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 18:33 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 18:33 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 18:33 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:33 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 18:33 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 18:33 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 18:33 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:33 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 18:33 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 18:33 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 18:33 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 18:33 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 18:33 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 18:33 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 18:33 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 18:33 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 18:33 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 18:33 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 18:33 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 18:33 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 18:33 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 18:33 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 18:33 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 18:33 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 18:33 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 18:33 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 18:33 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 18:33 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 18:33 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 18:33 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 18:33 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 18:33 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 18:33 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 18:33 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 18:33 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 18:33 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 18:33 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 18:33 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 18:33 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 18:33 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 18:33 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 18:33 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 18:33 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 18:33 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 18:33 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 18:33 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 18:33 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 18:33 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 18:33 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 18:33 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 18:33 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 18:33 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 18:33 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 18:33 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 18:32 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 18:32 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-09 15:59 - 2014-06-09 16:02 - 00000000 ____D () C:\Users\Tim\Desktop\Christoph stinkt auch
==================== One Month Modified Files and Folders =======
2014-07-03 15:04 - 2014-07-03 13:58 - 00045905 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-07-03 14:57 - 2014-07-03 13:46 - 00000000 ____D () C:\FRST
2014-07-03 14:54 - 2011-07-28 18:06 - 00000000 ____D () C:\Users\Tim\AppData\Local\CrashDumps
2014-07-03 14:53 - 2012-10-26 15:46 - 00000000 ____D () C:\Users\Tim\AppData\Local\Freetec
2014-07-03 14:40 - 2014-06-20 13:04 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-03 14:39 - 2013-03-02 14:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 14:31 - 2012-06-04 06:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 13:50 - 2014-07-03 13:49 - 00039368 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-07-03 13:48 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 13:48 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 13:46 - 2014-07-03 13:45 - 02083840 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-07-03 13:36 - 2014-07-03 13:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tim\Downloads\SpyHunter-Installer (1).exe
2014-07-03 13:36 - 2014-07-03 13:35 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Tim\Downloads\SpyHunter-Installer.exe
2014-07-03 13:28 - 2014-07-03 13:28 - 00002104 _____ () C:\Users\Tim\Desktop\Avira Free Antivirus Profil Lokale Festplatten.LNK
2014-07-03 13:22 - 2011-11-05 23:12 - 00001130 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002UA.job
2014-07-03 13:07 - 2012-05-30 00:23 - 00000000 ____D () C:\Users\Tim\Documents\TubeBox
2014-07-03 13:03 - 2014-06-20 13:03 - 00002160 _____ () C:\Windows\Tasks\a572a9d1-bfa7-4ec0-9fee-795843c32073-4.job
2014-07-03 13:03 - 2013-03-02 14:25 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-03 13:03 - 2011-03-19 17:26 - 01160284 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 12:53 - 2012-12-11 00:39 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater
2014-07-03 12:52 - 2013-07-04 20:20 - 00000382 _____ () C:\Windows\Tasks\LyricsSpeaker Update.job
2014-07-03 12:52 - 2011-11-05 23:12 - 00001108 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002Core.job
2014-07-03 12:52 - 2011-03-19 18:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-07-03 12:52 - 2011-03-19 18:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-02 10:16 - 2012-10-25 22:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\PMB Files
2014-07-02 09:48 - 2011-11-17 14:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-02 09:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-02 09:44 - 2009-07-14 06:51 - 00169141 _____ () C:\Windows\setupact.log
2014-07-02 09:43 - 2011-05-15 00:33 - 00251548 _____ () C:\Windows\PFRO.log
2014-07-01 01:07 - 2014-06-20 13:02 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-01 00:49 - 2014-07-01 00:49 - 00003098 _____ () C:\Windows\System32\Tasks\{7255066F-C0FA-4F6D-986F-F2F7411E4FDA}
2014-07-01 00:36 - 2014-07-01 00:36 - 00998592 _____ () C:\Users\Tim\Downloads\setup (1).exe
2014-06-27 23:39 - 2014-06-27 23:39 - 00000000 ____D () C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9
2014-06-24 15:09 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-06-24 15:09 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-06-22 09:34 - 2013-03-02 14:25 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 09:34 - 2013-03-02 14:25 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 13:07 - 2012-10-26 15:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-20 13:06 - 2014-06-20 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freetec
2014-06-20 13:06 - 2014-06-20 13:04 - 00000000 ____D () C:\temp
2014-06-20 13:06 - 2012-10-26 15:44 - 00002521 _____ () C:\Users\Public\Desktop\Freetec TubeBox.lnk
2014-06-20 13:06 - 2012-10-26 15:44 - 00000000 ____D () C:\Program Files (x86)\Freetec
2014-06-20 13:04 - 2014-06-20 13:04 - 00000000 ____D () C:\Program Files (x86)\SupraSavings
2014-06-20 13:04 - 2014-06-20 13:03 - 00000000 ____D () C:\Program Files\003
2014-06-20 13:03 - 2014-06-20 13:03 - 00005190 _____ () C:\Windows\System32\Tasks\a572a9d1-bfa7-4ec0-9fee-795843c32073-4
2014-06-20 13:02 - 2014-06-20 13:02 - 00000000 ____D () C:\Users\Tim\AppData\Local\globalUpdate
2014-06-20 13:01 - 2014-06-20 13:01 - 00119296 _____ () C:\Windows\system32\opengl42.exe
2014-06-15 20:35 - 2011-03-20 02:14 - 00704972 _____ () C:\Windows\system32\perfh007.dat
2014-06-15 20:35 - 2011-03-20 02:14 - 00152520 _____ () C:\Windows\system32\perfc007.dat
2014-06-15 20:35 - 2009-07-14 07:13 - 01635912 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 15:35 - 2013-03-02 14:26 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 22:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-06-12 01:08 - 2013-08-15 02:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 01:06 - 2011-05-28 12:45 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 01:04 - 2014-05-07 07:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 16:02 - 2014-06-09 15:59 - 00000000 ____D () C:\Users\Tim\Desktop\Christoph stinkt auch
2014-06-09 11:39 - 2011-05-14 23:10 - 00099416 _____ () C:\Users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-08 11:13 - 2014-06-11 18:32 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 18:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 01:59 - 2011-05-24 21:10 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\SoftGrid Client
2014-06-03 15:44 - 2013-08-09 14:21 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-03 15:44 - 2013-08-09 14:21 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Files to move or delete:
====================
C:\Users\Tim\SilkroadOnline_GlobalOfficial_v1_377.exe
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\AskSLib.dll
C:\Users\Tim\AppData\Local\Temp\AutoRun.exe
C:\Users\Tim\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\avguidx.dll
C:\Users\Tim\AppData\Local\Temp\betterads.exe
C:\Users\Tim\AppData\Local\Temp\EAD3458.exe
C:\Users\Tim\AppData\Local\Temp\EAD3477.exe
C:\Users\Tim\AppData\Local\Temp\EADDBCD.exe
C:\Users\Tim\AppData\Local\Temp\EADE030.exe
C:\Users\Tim\AppData\Local\Temp\EADE677.exe
C:\Users\Tim\AppData\Local\Temp\EADFC38.exe
C:\Users\Tim\AppData\Local\Temp\FileSystemView.dll
C:\Users\Tim\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Tim\AppData\Local\Temp\i4jdel0.exe
C:\Users\Tim\AppData\Local\Temp\increBibar_install1003.exe
C:\Users\Tim\AppData\Local\Temp\installerdll141180.dll
C:\Users\Tim\AppData\Local\Temp\installerdll145127.dll
C:\Users\Tim\AppData\Local\Temp\installerdll155985.dll
C:\Users\Tim\AppData\Local\Temp\installerdll183441.dll
C:\Users\Tim\AppData\Local\Temp\installerdll200258.dll
C:\Users\Tim\AppData\Local\Temp\installerdll207403.dll
C:\Users\Tim\AppData\Local\Temp\installerdll644642.dll
C:\Users\Tim\AppData\Local\Temp\installerdll646904.dll
C:\Users\Tim\AppData\Local\Temp\installerdll657684.dll
C:\Users\Tim\AppData\Local\Temp\installerdll968126.dll
C:\Users\Tim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Tim\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Tim\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Tim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Tim\AppData\Local\Temp\k-pj_axg.dll
C:\Users\Tim\AppData\Local\Temp\LyrcStmp.exe
C:\Users\Tim\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Tim\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Tim\AppData\Local\Temp\Montiera_softonic_ggl_1.6.7.4.exe
C:\Users\Tim\AppData\Local\Temp\MSN1D70.exe
C:\Users\Tim\AppData\Local\Temp\MSN8C97.exe
C:\Users\Tim\AppData\Local\Temp\nsaA450.exe
C:\Users\Tim\AppData\Local\Temp\nse2963.exe
C:\Users\Tim\AppData\Local\Temp\nse7551.exe
C:\Users\Tim\AppData\Local\Temp\nse76C7.exe
C:\Users\Tim\AppData\Local\Temp\nsfE0C8.exe
C:\Users\Tim\AppData\Local\Temp\nsj2722.exe
C:\Users\Tim\AppData\Local\Temp\nskD2A0.exe
C:\Users\Tim\AppData\Local\Temp\nskDCF0.exe
C:\Users\Tim\AppData\Local\Temp\nsm2060.exe
C:\Users\Tim\AppData\Local\Temp\nso7CE2.exe
C:\Users\Tim\AppData\Local\Temp\nsp2242.exe
C:\Users\Tim\AppData\Local\Temp\nsp2995.exe
C:\Users\Tim\AppData\Local\Temp\nst4C41.exe
C:\Users\Tim\AppData\Local\Temp\nsu2FDC.exe
C:\Users\Tim\AppData\Local\Temp\nsv9E65.exe
C:\Users\Tim\AppData\Local\Temp\nsvA172.exe
C:\Users\Tim\AppData\Local\Temp\nsvBDB9.exe
C:\Users\Tim\AppData\Local\Temp\nsvE3E5.exe
C:\Users\Tim\AppData\Local\Temp\nsz7DBD.exe
C:\Users\Tim\AppData\Local\Temp\nszC802.exe
C:\Users\Tim\AppData\Local\Temp\oi_{628BAC0A-95FA-4B71-878F-61A1FD1D69C1}.exe
C:\Users\Tim\AppData\Local\Temp\OriginLauncher644642.exe
C:\Users\Tim\AppData\Local\Temp\qdssgdpv.dll
C:\Users\Tim\AppData\Local\Temp\rootsupd.exe
C:\Users\Tim\AppData\Local\Temp\Setup.exe
C:\Users\Tim\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
C:\Users\Tim\AppData\Local\Temp\SHSetup.exe
C:\Users\Tim\AppData\Local\Temp\SimboApp.exe
C:\Users\Tim\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Tim\AppData\Local\Temp\SPSetup.exe
C:\Users\Tim\AppData\Local\Temp\SPStub.exe
C:\Users\Tim\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Tim\AppData\Local\Temp\tbRadi.dll
C:\Users\Tim\AppData\Local\Temp\tmp17E3.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmp1E3A.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmp2545.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmp2BF0.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmp66A3.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmp6A67.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmp8EE6.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmpA9F.tmp.exe
C:\Users\Tim\AppData\Local\Temp\tmpB8A5.tmp.exe
C:\Users\Tim\AppData\Local\Temp\TubeBox-4.1.0.0.exe
C:\Users\Tim\AppData\Local\Temp\TubeBoxSetup.exe
C:\Users\Tim\AppData\Local\Temp\TubeBox_Setup.exe
C:\Users\Tim\AppData\Local\Temp\Uninstall.exe
C:\Users\Tim\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Tim\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Tim\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Tim\AppData\Local\Temp\Welcome.exe
C:\Users\Tim\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-30 11:45
==================== End Of Log ============================
FRST.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014
Ran by Tim at 2014-07-03 15:11:04
Running from C:\Users\Tim\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000101}) (Version: 001.000.001 - Adobe Systems)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Any Video Converter 3.5.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Avid Studio (HKLM-x32\...\{B35DC076-CEF2-4631-9EF7-45380E27C841}) (Version: 1.0.0.2804 - Avid)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.4.672 - Avira)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0600}) (Version: 12.6.0.1900 - APN, LLC)
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version: - BabylonToolbar) <==== ATTENTION
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Backup Manager V3 (x32 Version: 3.0.0.69 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bluesoleil2.6.0.1 Release 070402 (HKLM-x32\...\{11B5E957-FCF2-469D-AB66-963C38134231}) (Version: 2.6.0.1 Release 070402 - IVT Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.45 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.4.9.3 - Broadcom Corporation)
Broadcom Gigabit NetLink Controller (HKLM\...\{029A4933-3F36-4E4F-AEC3-2207AB26463D}) (Version: 14.4.8.3 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CLICK & LEARN DiDi 360° DVD (HKLM-x32\...\{87C4B64E-7BC8-4FF9-91B3-6ADE6788B359}_is1) (Version: CLICK & LEARN DiDi 360° 4.4 DVD - DEGENER)
Cross Fire En (HKLM-x32\...\Cross Fire_is1) (Version: - Z8Games.com)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.0.1027_32100 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.0.1027_32100 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Schlacht um Mittelerde™ II (HKLM-x32\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
FIFA 12 DEMO (HKLM-x32\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.1 - Electronic Arts)
Genius Politik (HKLM-x32\...\Genius Politik) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
HALO 2 FÜR WINDOWS VISTA (HKLM-x32\...\Halo 2) (Version: - Microsoft Corporation)
HALO 2 FÜR WINDOWS VISTA (x32 Version: 1.0.0.0 - Microsoft Corporation) Hidden
Harry Potter TM (HKLM-x32\...\{3F50AF3B-8997-4916-0095-99D63DDB785A}) (Version: - )
HomeMedia (HKLM-x32\...\{AA4BF92B-2AAF-11DA-9D78-000129760D75}) (Version: 2.0.8423 - CyberLink Corporation)
HWiNFO64 Version 4.30 (HKLM\...\HWiNFO64_is1) (Version: 4.30 - Martin Malík - REALiX)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Incredibar Toolbar on IE (HKLM-x32\...\incredibar) (Version: - ) <==== ATTENTION
Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2272 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
James Cameron's AVATAR(tm): DAS SPIEL (HKLM-x32\...\{7E19B002-4CA3-4C9F-BA92-91D101B97219}) (Version: 1.02.00 - Ubisoft)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kurierservice – Die Simulation (HKLM-x32\...\Kurierservice – Die Simulation_is1) (Version: - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.0.3 - Packard Bell)
LyricsSpeaker (HKLM-x32\...\lspeaker@lyricsspeaker.net) (Version: - LyricsSpeaker LTD) <==== ATTENTION
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access 2003 Runtime (HKLM-x32\...\{901C0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 4.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 4.0.1 (x86 de)) (Version: 4.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{f3b75363-fa28-46b2-9d9f-112252157a7b}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.3.2637 - Electronic Arts, Inc.)
Packard Bell Game Console (x32 Version: - WildTangent) Hidden
Packard Bell Games (HKLM-x32\...\WildTangent packardbell Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.69 - NTI Corporation)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3001 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.03.3003 - Packard Bell)
Packard Bell ScreenSaver (HKLM-x32\...\Packard Bell Screensaver) (Version: 1.1.0811.2010 - Packard Bell )
Packard Bell Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 2.0.2211 - CyberLink Corp.)
Packard Bell Social Networks (x32 Version: 2.0.2211 - CyberLink Corp.) Hidden
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Packard Bell)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PinPhotoZoom (HKLM-x32\...\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1) (Version: - PinPhotoZoom)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pro Evolution Soccer 2012 DEMO (HKLM-x32\...\{6844E55F-37A1-42BC-B316-326B48C49ADC}) (Version: 1.00.0000 - KONAMI)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6276 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
Silkroad (HKLM-x32\...\Silkroad) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
suprasavings (HKLM\...\suprasavings) (Version: 2.0.1 - suprasavings) <==== ATTENTION
SupraSavings (x32 Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tour de France 2012 - Der offizielle Radsport-Manager Version 1 (HKLM-x32\...\Pro Cycling Manager 2012_is1) (Version: 1.4.0.0 - Cyanide)
TubeBox (HKLM-x32\...\{df4b6fec-d6ec-46aa-9522-d22aafa2dd0d}) (Version: 5.1.0.0 - Freetec)
TubeBox (x32 Version: 5.1.0.0 - Freetec) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Video Web Camera (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1306 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.0.1306 - CyberLink Corp.) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.02.3007 - Packard Bell)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Restore Points =========================
11-06-2014 22:18:41 Geplanter Prüfpunkt
11-06-2014 23:04:13 Windows Update
20-06-2014 11:04:46 TubeBox
20-06-2014 11:07:01 TubeBox
30-06-2014 09:54:24 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02BF87CF-CA0B-4D0F-9A0E-B65500ACF532} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2010-10-28] (CyberLink)
Task: {12F018F3-8BBD-46E7-8A96-B660FD8286DE} - System32\Tasks\a572a9d1-bfa7-4ec0-9fee-795843c32073-4 => C:\Program Files (x86)\HD-V1.3\a572a9d1-bfa7-4ec0-9fee-795843c32073-4.exe
Task: {44211BBF-6594-4ABD-A904-4C562DD3D84C} - System32\Tasks\LyricsSpeaker Update => C:\Program Files (x86)\LyricsSpeaker\LyricsUpd.exe <==== ATTENTION
Task: {50EFD6DB-1B0B-49D2-B738-833C629BCD41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.)
Task: {5FAF96B8-6AB9-4B51-9C57-7854AAFAB936} - System32\Tasks\Hoolapp Init => C:\Users\Tim\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
Task: {602D8338-F53F-471C-93C2-DD79524A71E8} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {67405662-5321-4C07-A8BD-EA88640AE16F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002Core => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {6AB873F1-1B87-4730-AFCB-50EFFD9B9CD2} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-08] (Symantec Corporation)
Task: {A77B16C8-CF29-49E9-89FC-B15FE08DCF61} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe <==== ATTENTION
Task: {ABFB6377-DCE4-49C8-9548-7F75B02C7F1C} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Tim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {D94A0F45-EBF6-4362-B6DD-ED916971EC04} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002UA => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D9ECB00F-E1AA-42A0-8354-B0B2829F075A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E1B4647C-8E9B-4B10-9B56-CBDB1FAA20BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {EA8A35A3-1883-49E3-AC78-588D40E6E602} - System32\Tasks\Halo 2 for Vista restart => C:\Program Files (x86)\Microsoft Games\Halo 2\startup.exe [2011-06-16] (Microsoft Corporation)
Task: {EC576D10-453C-4313-8806-A07D398E19C8} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-18] ()
Task: {EF1B2492-2B91-4592-BCB4-97313A2BF18B} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2013-12-18] ()
Task: {F86B69F4-9CE8-42EB-B159-C9F8ADDDC7F0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.)
Task: {FF9E7DB1-A9B8-4552-B005-3E032EF8379A} - System32\Tasks\Hoolapp for Android => C:\Users\Tim\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\a572a9d1-bfa7-4ec0-9fee-795843c32073-4.job => C:\Program Files (x86)\HD-V1.3\a572a9d1-bfa7-4ec0-9fee-795843c32073-4.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002Core.job => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002UA.job => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricsSpeaker Update.job => C:\Program Files (x86)\LyricsSpeaker\LyricsUpd.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-03-19 09:18 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-30 15:41 - 2012-07-30 15:45 - 00342984 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2014-06-20 13:04 - 2014-06-20 13:04 - 00709120 _____ () C:\Program Files\003\hmmwwoblzz64.exe
2011-06-16 16:57 - 2011-06-29 17:13 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-12-03 13:36 - 2010-10-28 03:55 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2014-06-25 19:58 - 2014-06-25 19:58 - 00172544 _____ () C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\SupraSavingsService64.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00110080 _____ () C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\nfapi.dll
2014-06-12 21:05 - 2014-06-12 21:05 - 00456192 _____ () C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\ProtocolFilters.dll
2013-09-05 03:36 - 2013-09-05 03:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2011-01-06 06:09 - 2010-12-23 19:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-07 22:21 - 2014-01-14 21:46 - 03140608 _____ () C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2012-07-30 15:41 - 2012-07-30 15:45 - 00510920 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2011-03-21 20:56 - 2011-03-21 20:56 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-12 03:22 - 2010-11-12 03:22 - 00465640 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\sqlite3.dll
2010-11-12 03:22 - 2010-11-12 03:22 - 01081664 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\ACE.dll
2010-11-12 03:22 - 2010-11-12 03:22 - 00125760 _____ () C:\Program Files (x86)\NTI\Packard Bell MyBackup\MailConverter32.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2011-03-21 20:57 - 2011-03-21 20:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-13 20:22 - 2014-02-13 20:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aa739380ca2b2fc7366d464d2f2301ac\IsdiInterop.ni.dll
2010-12-03 13:01 - 2010-09-14 04:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-13 15:35 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-13 15:35 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-06-13 15:35 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 15:35 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 15:35 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-13 15:35 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00935936 _____ () C:\Program Files (x86)\Freetec\TubeBox\TubeBox.exe
2014-06-18 15:46 - 2014-06-18 15:46 - 00238080 _____ () C:\Program Files (x86)\Freetec\TubeBox\System.ComponentModel.Composition.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00130048 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Search.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00107520 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.LinkGrabber.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00370176 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.UI.Resources.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00099328 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Setting.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00115712 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.ARD.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00115200 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Chilloutzone.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00109568 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Citytv.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00116224 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.CollegeHumor.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00111104 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.DailyMotion.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00113152 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.FunnyOrDie.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00112128 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.JeuxVideo.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00104448 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Kabel1.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00112640 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Metacafe.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00111104 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.MyKewego.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00109056 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Pro7.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00110592 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Rai.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00115200 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.RcMovie.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00117248 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.RTVE.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00109568 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.SAPO.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00108544 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Sat1.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00109056 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.SoundCloud.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00115712 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.TapeTV.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00109056 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Videolog.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00116736 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.Vimeo.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00113664 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.YahooVideo.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00118784 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.YouTube.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00113664 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Provider.ZDF.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 16740352 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Convert.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00110080 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Core.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00110080 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Transform.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00105472 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.FileCopier.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00497664 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Download.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00198144 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Analyse.dll
2014-06-18 15:46 - 2014-06-18 15:46 - 00096768 _____ () C:\Program Files (x86)\Freetec\TubeBox\Freetec.TubeBox.Providerbase.SIMVideo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Tim\Downloads\hi.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/03/2014 02:54:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: TubeBox.exe, Version: 5.1.0.0, Zeitstempel: 0x53a19638
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434f4d
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1880
Startzeit der fehlerhaften Anwendung: 0xTubeBox.exe0
Pfad der fehlerhaften Anwendung: TubeBox.exe1
Pfad des fehlerhaften Moduls: TubeBox.exe2
Berichtskennung: TubeBox.exe3
Error: (07/03/2014 02:27:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 1.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a50
Startzeit: 01cf96b609d43127
Endzeit: 127
Anwendungspfad: C:\Users\Tim\Desktop\FRST64.exe
Berichts-ID: 5e5f5ec3-02ad-11e4-9180-00030d000001
Error: (07/03/2014 01:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 1.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2168
Startzeit: 01cf96b4704f1c47
Endzeit: 5
Anwendungspfad: C:\Users\Tim\Downloads\FRST64.exe
Berichts-ID: 722f3245-02a8-11e4-9180-00030d000001
Error: (07/03/2014 00:52:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvtray.exe, Version: 7.17.13.2702, Zeitstempel: 0x521fc6cc
Name des fehlerhaften Moduls: NvUpdt.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x521fbdff
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fef4207422
ID des fehlerhaften Prozesses: 0x1110
Startzeit der fehlerhaften Anwendung: 0xnvtray.exe0
Pfad der fehlerhaften Anwendung: nvtray.exe1
Pfad des fehlerhaften Moduls: nvtray.exe2
Berichtskennung: nvtray.exe3
Error: (06/30/2014 11:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
Error: (06/30/2014 11:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015
Error: (06/30/2014 11:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/30/2014 11:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
Error: (06/30/2014 11:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017
Error: (06/30/2014 11:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (07/03/2014 03:13:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}
Error: (07/03/2014 00:52:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (06/30/2014 06:52:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (06/30/2014 01:06:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (06/29/2014 01:34:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst PlugPlay erreicht.
Error: (06/29/2014 01:34:07 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (06/28/2014 04:59:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "hmmwwoblzz64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/28/2014 10:58:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.
Error: (06/28/2014 10:58:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (06/27/2014 11:38:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NIS erreicht.
Microsoft Office Sessions:
=========================
Error: (07/03/2014 02:54:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TubeBox.exe5.1.0.053a19638KERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42d188001cf96aea1f640eaC:\Program Files (x86)\Freetec\TubeBox\TubeBox.exeC:\Windows\syswow64\KERNELBASE.dll23315346-02b1-11e4-9180-00030d000001
Error: (07/03/2014 02:27:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe1.6.2014.0a5001cf96b609d43127127C:\Users\Tim\Desktop\FRST64.exe5e5f5ec3-02ad-11e4-9180-00030d000001
Error: (07/03/2014 01:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe1.6.2014.0216801cf96b4704f1c475C:\Users\Tim\Downloads\FRST64.exe722f3245-02a8-11e4-9180-00030d000001
Error: (07/03/2014 00:52:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.2702521fc6ccNvUpdt.dll_unloaded0.0.0.0521fbdffc0000005000007fef4207422111001cf95c9a2c5f213C:\Program Files\NVIDIA Corporation\Display\nvtray.exeNvUpdt.dll1db25320-02a0-11e4-9180-00030d000001
Error: (06/30/2014 11:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
Error: (06/30/2014 11:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10015
Error: (06/30/2014 11:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/30/2014 11:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017
Error: (06/30/2014 11:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017
Error: (06/30/2014 11:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 3947.86 MB
Available physical RAM: 1354.76 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 3755.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Packard Bell) (Fixed) (Total:580.57 GB) (Free:272.21 GB) NTFS
Drive d: (ACB) (CDROM) (Total:7.78 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 6B8AFE86)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.07.2014, 13:02
| #4 |
| /// the machine /// TB-Ausbilder | nervende Pop-ups beim Surfen im Internet Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.07.2014, 14:06
| #5 |
| | nervende Pop-ups beim Surfen im Internet Hallo Schrauber, vielen Dank für die schnelle Antwort. "Babylon toolbar on IE" konnte leider nicht deinstalliert werden. Als Fehlermeldung stand: "Uninstall ist fehlgeschlagen! Vermutlich ungültiger deinstall Befehl!" "suprasavings" wurde leider nicht gefunden. Soll ich dafür den Scan mit Combofix nutzen? Liebe Grüße Tim |
|
05.07.2014, 11:55
| #6 | |
| /// the machine /// TB-Ausbilder | nervende Pop-ups beim Surfen im InternetZitat:
Dann Combofix.
__________________ --> nervende Pop-ups beim Surfen im Internet |
|
15.07.2014, 17:49
| #7 |
| | nervende Pop-ups beim Surfen im Internet Habe den Combofix-Scan durchgeführt. Code:
ATTFilter ComboFix 14-07-15.04 - Tim 15.07.2014 18:01:33.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.1646 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
C:\END
c:\program files (x86)\SingAlong
c:\users\Tim\4.0
c:\users\Tim\AppData\Roaming\.#
c:\users\Tim\SilkroadOnline_GlobalOfficial_v1_377.exe
c:\windows\wininit.ini
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-15 bis 2014-07-15 ))))))))))))))))))))))))))))))
.
.
2014-07-15 16:25 . 2014-07-15 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-15 16:25 . 2014-07-15 16:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-15 15:36 . 2014-07-15 15:37 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 15:36 . 2014-07-15 15:37 -------- d-----w- c:\program files\iTunes
2014-07-15 15:36 . 2014-07-15 15:37 -------- d-----w- c:\program files (x86)\iTunes
2014-07-15 15:36 . 2014-07-15 15:36 -------- d-----w- c:\program files\iPod
2014-07-12 22:33 . 2014-07-12 22:33 -------- d-sh--w- c:\users\Tim\AppData\Local\EmieUserList
2014-07-12 22:33 . 2014-07-12 22:33 -------- d-sh--w- c:\users\Tim\AppData\Local\EmieSiteList
2014-07-10 21:35 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-10 21:35 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-10 21:35 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-10 21:30 . 2014-07-11 10:30 11204096 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-08 18:34 . 2014-07-08 18:34 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-07-04 12:40 . 2014-07-04 12:40 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-07-03 11:46 . 2014-07-03 13:16 -------- d-----w- C:\FRST
2014-06-27 21:39 . 2014-07-10 21:11 -------- d-----w- c:\program files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9
2014-06-20 11:04 . 2014-06-20 11:04 -------- d-----w- c:\program files (x86)\SupraSavings
2014-06-20 11:04 . 2014-06-20 11:06 -------- d-----w- C:\temp
2014-06-20 11:04 . 2014-07-15 15:37 -------- d-----w- c:\program files\suprasavings
2014-06-20 11:03 . 2014-06-20 11:04 -------- d-----w- c:\program files\003
2014-06-20 11:02 . 2014-06-30 23:07 -------- d-----w- c:\program files (x86)\globalUpdate
2014-06-20 11:02 . 2014-06-20 11:02 -------- d-----w- c:\users\Tim\AppData\Local\globalUpdate
2014-06-20 11:01 . 2014-06-20 11:01 119296 ----a-w- c:\windows\system32\opengl42.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-15 10:46 . 2013-08-09 12:23 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-11 10:30 . 2012-06-04 04:08 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-11 10:30 . 2011-05-22 17:53 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 22:19 . 2011-05-28 10:45 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-03 18:02 . 2013-08-09 12:21 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-24 13:09 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2014-06-24 13:09 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2014-06-03 13:44 . 2013-08-09 12:21 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-15 21:34 . 2014-05-15 21:34 0 ----a-w- c:\windows\SysWow64\shoD85A.tmp
2014-05-10 23:13 . 2014-05-10 23:13 0 ----a-w- c:\windows\SysWow64\sho2042.tmp
2014-05-08 09:32 . 2014-06-11 16:33 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-11 16:33 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-25 02:34 . 2014-06-11 16:33 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 16:33 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}]
2014-03-21 10:58 91104 ----a-w- c:\program files (x86)\SupraSavings\2rs3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4a0c8953-9d4e-4790-b732-2b9fc9ebce05}]
2012-10-16 00:08 142040 ----a-w- c:\users\Tim\AppData\Roaming\PinPhotoZoom\AutocompletePro.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Tim\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-07-12 1753280]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-10-25 3093624]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2013-11-15 1326408]
"Amazon Cloud Player"="c:\users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-01-14 3140608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe" [2010-11-12 295232]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-12-09 1025616]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 X6va005;X6va005;c:\users\Tim\AppData\Local\Temp\0059AE9.tmp;c:\users\Tim\AppData\Local\Temp\0059AE9.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110713.031\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110713.031\IDSvia64.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S1 wStLibG64;wStLibG64;c:\windows\system32\drivers\wStLibG64.sys;c:\windows\SYSNATIVE\drivers\wStLibG64.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe;c:\program files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 hmmwwoblzz64;hmmwwoblzz64;c:\program files\003\hmmwwoblzz64.exe run options=01100010030000000000000000000000 sourceguid=6DAF2CD5-832E-48EB-8678-2B122163A2D9;c:\program files\003\hmmwwoblzz64.exe run options=01100010030000000000000000000000 sourceguid=6DAF2CD5-832E-48EB-8678-2B122163A2D9 [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SupraSavingsService64;SupraSavingsService64;c:\program files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\SupraSavingsService64.exe;c:\program files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\SupraSavingsService64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 13:33 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:30]
.
2014-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002Core.job
- c:\users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-05 08:17]
.
2014-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002UA.job
- c:\users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-05 08:17]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 12:25]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 12:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-12-10 860040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-11-25 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-11-25 379040]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3317483&octid=CT3317483&SearchSource=61&CUI=UN10777025582064410&UM=2&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV=
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317483&CUI=UN90573189269862215&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-06-20 13:04; SupraSavings@jetpack; c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\extensions\SupraSavings@jetpack
FF - user.js: extensions.blocklist.enabled - false
FF - user.js: app.update.auto - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
Toolbar-Locked - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKCU-Run-Hoolapp Android - c:\users\Tim\AppData\Roaming\HOOLAP~1\Hoolapp.exe
Wow6432Node-HKCU-Run-BackgroundContainer - c:\users\Tim\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
Wow6432Node-HKCU-Run-Google+ Auto Backup - c:\users\Tim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
Toolbar-Locked - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Tim\AppData\Local\Temp\0059AE9.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-07-15 18:41:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-07-15 16:41
.
Vor Suchlauf: 13 Verzeichnis(se), 293.352.259.584 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 310.907.826.176 Bytes frei
.
- - End Of File - - 3AF3F7568A3A213C93F3F64008E46843
|
|
16.07.2014, 17:23
| #8 |
| /// the machine /// TB-Ausbilder | nervende Pop-ups beim Surfen im Internet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.08.2014, 14:54
| #9 |
| | nervende Pop-ups beim Surfen im Internet Hallo schrauber, nachdem ich aus dem Urlaub zurück bin habe ich alle Scas durchgeführt: Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 05/08/2014 um 15:15:35
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Tim - TIM-PC
# Gestartet von : C:\Users\Tim\Downloads\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : hmmwwoblzz64
[#] Dienst Gelöscht : SystemStoreService
Dienst Gelöscht : wStLibG64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\Perion
Ordner Gelöscht : C:\Program Files (x86)\PinPhotoZoom
Ordner Gelöscht : C:\Program Files (x86)\registry mechanic
Ordner Gelöscht : C:\Program Files (x86)\ResultsAlpha
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files (x86)\SparPilotAddon
Ordner Gelöscht : C:\Program Files (x86)\Trymedia
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\Tim\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Tim\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Tim\AppData\Local\MediaBA
Ordner Gelöscht : C:\Users\Tim\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\Users\Tim\AppData\Local\Software Updater
Ordner Gelöscht : C:\Users\Tim\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Tim\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tim\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\HoolappforAndroid
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\PinPhotoZoom
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\registry mechanic
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Software Updater
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\CT3317483
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\engine@plasmoo.com
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\sparpilot@sparpilot.com
Ordner Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{2ee84ac6-8dd6-4a14-bd37-b79c8f9ecf4d}
Datei Gelöscht : C:\Windows\System32\drivers\wStLibG64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Tim\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Tim\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\searchplugins\plasmoo.xml
Datei Gelöscht : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\user.js
***** [ Tasks ] *****
Task Gelöscht : BackgroundContainer Startup Task
Task Gelöscht : DealPlyUpdate
Task Gelöscht : Hoolapp For Android
Task Gelöscht : Hoolapp Init
Task Gelöscht : Software Updater Ui
Task Gelöscht : Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cacclhdpfoingihegojhoipnihfnoaki
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\ioighjflakajniehlakelhkdfljfemcd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ioighjflakajniehlakelhkdfljfemcd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mbdamgnimlipjnpgiakiojcbbmcmiibn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftwareUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317483
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d (1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d (1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj-free-home-edition_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_virtual-dj-free-home-edition_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{011166B1-9A69-4174-93D5-F7D3324553FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522832260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544834460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555835560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566836660}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5dfd64a7-81dd-45a9-9874-1fe13b7f4d56}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v4.0.1 (de)
[ Datei : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\prefs.js ]
Zeile gelöscht : user_pref("CT3317483.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3317483.UserID", "UN90573189269862215");
Zeile gelöscht : user_pref("CT3317483.browser.search.defaultthis.engineName", "true");
Zeile gelöscht : user_pref("CT3317483.fullUserID", "UN90573189269862215.IN.20131215202954");
Zeile gelöscht : user_pref("CT3317483.installDate", "15/12/2013 20:29:57");
Zeile gelöscht : user_pref("CT3317483.installSessionId", "{73A70E10-F1B3-449D-A39A-F86D334B47DE}");
Zeile gelöscht : user_pref("CT3317483.installSp", "TRUE");
Zeile gelöscht : user_pref("CT3317483.installUsage", "15/12/2013 20:31:26");
Zeile gelöscht : user_pref("CT3317483.installUsageEarly", "15/12/2013 20:31:26");
Zeile gelöscht : user_pref("CT3317483.installerVersion", "1.8.1.4");
Zeile gelöscht : user_pref("CT3317483.keyword", "true");
Zeile gelöscht : user_pref("CT3317483.originalHomepage", "hxxp://mystart.incredibar.com/?a=6OyRzDA4ge&loc=skw|hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467[...]
Zeile gelöscht : user_pref("CT3317483.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3317483.originalSearchEngine", "MyStart Search");
Zeile gelöscht : user_pref("CT3317483.originalSearchEngineName", "");
Zeile gelöscht : user_pref("CT3317483.searchRevert", "true");
Zeile gelöscht : user_pref("CT3317483.searchUninstallUserMode", "2");
Zeile gelöscht : user_pref("CT3317483.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3317483.smartbar.homepage", "true");
Zeile gelöscht : user_pref("CT3317483.toolbarInstallDate", "15-12-2013 20:29:55");
Zeile gelöscht : user_pref("CT3317483.versionFromInstaller", "10.23.0.722");
Zeile gelöscht : user_pref("CT3317483.xpeMode", "0");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://plasmoo.com/index.htm?SearchMashine=true&q=");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3317483&octid=CT3317483&SearchSource=61&CUI=UN90573189269862215&UM=2&UP=SP1A44FFD5-BF3C-43EA-8629-BEF92FF9A877");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "RadioTotal Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "RadioTotal Customized Web Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Zeile gelöscht : user_pref("extensions.AVIRA-V7.AUC_clientCache", "{\"AUC_CACHE\":{\"babylon.com\":{\"c\":[1],\"ttl\":1379796596},\"google.com\":{\"c\":[1],\"ttl\":1379796597},\"kicker.de\":{\"c\":[1],\"ttl\":13797971[...]
Zeile gelöscht : user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,engine@plasmoo.com:1.0.0.32,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2,{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.3[...]
Zeile gelöscht : user_pref("extensions.helperbar.Country", "Tajikistan");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.UserID", "d844d2b2-95be-41e3-b467-a234e25a9a55");
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "6380");
Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":1432,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1387466589688 - processInstallationUpgrade - version set to : 1.26\n1387466589689 - processBrowserLoad - Bad mappingListJsonString: null\n1387466592014 - onFla[...]
Zeile gelöscht : user_pref("extensions.wajam.unique_id", "0CA53E02359809BDBF4502091BB60EBF");
Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
Zeile gelöscht : user_pref("plasmoo.search.engine.prevkeywordurl", "chrome://unitedtb/content/search/keywordURL.xul?q=");
Zeile gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultenginename", "RadioTotal Customized Web Search");
Zeile gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaultthisenginename", "RadioTotal Customized Web Search");
Zeile gelöscht : user_pref("plasmoo.search.engine.prevsearchdefaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317483&CUI=UN90573189269862215&UM=2&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("plasmoo.search.engine.prevsearchselectedengine", "Conduit Search");
Zeile gelöscht : user_pref("plasmoo.search.engine.prevstartuphomepage", "chrome://branding/locale/browserconfig.properties");
Zeile gelöscht : user_pref("plasmoo.search.engine.status", "INSTALLED");
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3317483");
Zeile gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317483&CUI=UN90573189269862215&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3317483&octid=CT3317483&SearchSource[...]
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317483&SearchSource=2&CUI=UN90573189269862215&UM=2&q=");
Zeile gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT3317483");
Zeile gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT3317483");
Zeile gelöscht : user_pref("smartbar.machineId", "S7RNGVOFUNBHTYQ6I7PJVRZYNYSIPKZLTI7UZBOULEE9EU9MCHUHY0W3S6IG2D/WE8J7EPMJC9OIQXPG8LKVUG");
Zeile gelöscht : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3317483&CUI=UN90573189269862215&UM=2&SearchSource=13");
Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Zeile gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=01/01/1970
Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=d844d2b2-95be-41e3-b467-a234e25a9a55&searchtype=ds&q={searchTerms}&installDate=
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN23478112263258983&ctid=CT3317483&UM=2
Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3317483&SearchSource=48&CUI=UN23478112263258983&UM=2&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV=
Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3320325&octid=EB_ORIGINAL_CTID&ISID=M637B8354-47E7-40FE-A1FE-42C22830FE17&SearchSource=55&CUI=&UM=5&UP=SPB44AEF2C-5807-4DBC-8182-A7187D043878&SSPV=
Gelöscht [Extension] : abepbblpkilpjohncjbccmdjhdhbnhdj
Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : cacclhdpfoingihegojhoipnihfnoaki
Gelöscht [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Gelöscht [Extension] : engeblojhfeingnjnfpiceofljnjpldp
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : fmlgoencnlndpglbocajlimaikjohmab
Gelöscht [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Gelöscht [Extension] : ioighjflakajniehlakelhkdfljfemcd
Gelöscht [Extension] : jifflliplgeajjdhmkcfnngfpgbjonjg
Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
Gelöscht [Extension] : mbdamgnimlipjnpgiakiojcbbmcmiibn
Gelöscht [Extension] : niogeckbkdcabhnapjbkeiklablhjoca
Gelöscht [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
*************************
AdwCleaner[R0].txt - [24864 octets] - [05/08/2014 15:14:04]
AdwCleaner[S0].txt - [23826 octets] - [05/08/2014 15:15:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23887 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tim on 05.08.2014 at 15:27:59,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-283462342-1146700221-3439875133-1002\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-283462342-1146700221-3439875133-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Montiera_softonic_ggl_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Montiera_softonic_ggl_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Montiera_softonic_ggl_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Montiera_softonic_ggl_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{94FFAD7D-8641-4A53-B922-8DCB67274105}
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\sho10CD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1824.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1B04.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1CB2.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2042.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho20D3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho235B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho24BF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho2D09.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3063.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3555.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3968.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3EA6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3F28.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4116.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho421C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4445.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4980.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4A0C.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4AB6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5052.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho57BB.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho59E3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5D0F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6902.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6DEF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6DFF.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7419.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho78C7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7CE3.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7F3E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8314.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8A37.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho901F.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho93A8.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho954.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho95EE.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9686.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho97AA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho98BD.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9A36.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9CCA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho9DEC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA024.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA43C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA9E6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA9FB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB66A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB6C1.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC13F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC1FD.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC20.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC248.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC3EC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC9DC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCBAA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCEC.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCED5.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD85A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDA1A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDCDF.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDD54.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDF89.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE153.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE797.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoECC3.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoED40.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF9AA.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFA7C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFB01.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoFC89.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Tim\appdata\locallow\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0035F0FC-130E-4C1E-A42C-F3F88DFB7FA4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{007F6EA9-CF1F-4124-92A6-5D70F385444F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0236ADDC-56FC-4F0B-8550-8BFFBA6F494B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{03906868-FA5A-4D47-99E4-1AA88FC70FE0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{03A519AF-1BFA-4B54-8B08-F0AD83F6F383}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{048DFAF7-11A1-497D-ACEA-1279E9E5DC4D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{09B1AFB3-F95C-4788-B7CA-882DF2447B4B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0A65091A-C807-48C7-8FAF-9E41C8FAA5CC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0B254482-A524-48A7-8F23-2202BA8AA19E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0B378F73-A694-47F5-AD17-A15DA15D4F1C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0B47926C-EFCA-428F-86EA-D7BDC97FB5D0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0BCB6E46-6ADD-4375-BB16-B39A96C56624}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0C84312F-4013-4CD9-BD52-236FE52E778B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0CA7F05D-CC3C-4166-8204-6FD3517BA16E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0CCFCB07-1FFC-42BD-8C2B-EC3C987FBDDB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0CD396DC-A309-428D-AFE0-6721F94573B7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0CD98997-F880-4786-88CA-C6DDB48080B1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0E454A61-B846-4619-AC42-D2A72A182936}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{0F9207F7-8A8B-4ECB-9126-3392898D42E3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{111EF858-FA9B-4ACB-A9D3-812286CB09CB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{11525BAE-9830-4FCA-905F-B437A779E9B3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{119E5C4F-B6A0-4DB5-89E4-85D388E9FD53}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{12697FCC-E775-46F4-99EA-C1C0367C89E4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{129B9AFF-B69D-4D61-808E-F067ACA1AB2D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{129C7EA4-B69A-44C0-844F-B8AD0F5489CF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{129F46C8-6B6E-44C2-9DF8-F794A20602C0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1312BE19-4CF5-4641-9491-3D1095ABAFBB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{13A19B64-A06F-4817-B813-9AF3F25BE7F4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{13D4369A-6723-475B-B0E4-6DF09B4514B9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{142810AC-7D4F-4806-9F04-AF4720541B1F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1471EA48-8856-41A3-A0D6-0ED717ACC106}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{14771A80-C8EC-4D5C-9F3D-9E8373BDD559}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{14C16DF2-5F60-42AB-9863-F5A8F0C2B491}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{14E40CEB-A017-4E89-B9DD-78EBD8F6B6B0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{151C56B4-3F16-4056-B3FF-6AE74483DE6A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{16AB7954-FD0A-4B82-9886-32FD2DE89807}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{172ACCB5-F36C-42DD-8CF0-6CA7BF739946}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{18233D4F-1F2D-4D7D-8A0C-CF50EA9B164F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{194AD595-A38A-42F4-845C-FA51CDFC26DF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{19DEA648-72BC-46F6-AC87-EB86F2A869F9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1B040577-C048-46C3-B82E-B507BAA3AE58}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1B05069D-C02B-45FF-98C1-63294D7F40CF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1B99779A-7C57-4731-919A-2BEB8115CE9A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1BD19DA1-4E41-4B99-A22D-452F1629725A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1C0EF97D-90FA-473B-B7FE-994B937EBA7C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1DBDFC1B-46F8-475B-B453-DF12861C43F0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1DD51504-804B-4D59-9388-02F2BFE7E7EA}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1DDB13EE-9A25-412C-9561-B2DEA34DC0C8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1DEDCC08-28C4-4BFC-831B-F7DB3294C354}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1E15F558-D349-4930-A204-A1AFF2040ED6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1E2A4C94-3287-41A8-9017-B1546B47E8E4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1E5FBB2A-9DCD-4F98-85E5-0D99BE61CE7E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1E8567BE-948D-42F4-B904-C5FF8CB906B7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1F3191E5-44F0-4C8C-BE7F-DE4D74B0A1AC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1F4E06DB-E4BB-4377-A2F8-DEF13AAF0124}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1F97C1C9-3229-40B3-A028-0282AA6390BE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{1FBA36F0-E1A5-4901-9F82-00391043D894}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{20019EA9-A7C3-47FA-B752-CB1CFC4C13AC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{20EAFA91-9037-4803-877A-EA307FCC6124}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{21A6AD15-F925-4FC5-8633-0B341670D819}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{21C391AE-B704-4DDD-ABAC-80B14108D485}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{21DE4BEB-61AB-476B-A8D3-13F8806E6112}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2244E8C6-6302-46AC-945C-75A2A584317B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{22830D7F-94B8-4396-8EEB-AC5936E24C1B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{23724498-16A1-48A6-9005-B365770B4552}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{23A4BE31-D6E4-4753-93AE-E4FC26CB9EED}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{246F7E55-CFBC-442C-84AF-9C41BB329AD2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{263C6396-73AB-4D9F-AA37-B95EFE4757FC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{26F0EE71-5397-406D-A3B0-496E6C638C8A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{27311E89-84A4-4EE3-8290-0686A6004759}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{27600F3A-027B-4772-9C02-678F487D5509}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{281EDBCF-7FD2-4BAB-A660-D1EDA4CB9F04}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{288D5FC1-F6EF-4309-B78E-DD47AE55027E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2949D403-7AE1-4A5D-951F-EAE8BAC73C94}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{296DE575-709B-4E1F-AE31-A99C8A7B5229}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2998A40C-BB81-4EE2-802E-1EFDC68FEA10}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{29C107EF-1E7C-442E-8851-FC7D64AEE9AD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{29EEA3BC-2FE5-4251-A1E2-0D7E44B062A9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2A9EEE70-7FF6-4372-A433-98C10CB323B6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2B2FAB0C-2FF7-4A84-9D42-5348EAB30EA4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2B46FBE3-BA57-480F-B5E6-4DCA16B46027}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2B76A3D8-8CA3-45C5-A55D-B66C8E1903B6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2B78CD3C-3C67-4DD6-9B64-14E219B519E8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2BCDA167-AC26-41EB-8168-98130893F90C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2C72A607-7CEF-42D5-A8AC-8B29F3C7296F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2C86B16D-E4F2-48A6-A1B2-4B59D0520F00}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2CC3FEEB-04E2-4293-BBE8-F9F97C9093D3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2CF081D3-4560-44FB-B0DA-3CEA0C11E153}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2CF91B63-0FBB-4400-B79F-BDAD3A5ACA5B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2D0C1EA5-6D56-4D23-B906-C963C513212B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2D6FE14D-8BF6-4F6D-86E8-351141738C7E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2D77F8CC-F2A4-4DF3-8693-5A002798E4CE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2D7AE7F9-621C-4144-B504-D4CE62EA0B21}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2DBDB38C-481E-48DD-A75E-054F207CCFBD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2E82A2BA-4114-4EA9-A18E-616F4B80B9B9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2E8D672F-B2B4-464B-8548-D2AAF09762A1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2FB849A4-5E13-4E10-AD1C-8BCD93E8A2A5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2FE2ABC3-8397-4C26-A027-EF6DF3B03A81}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{2FE9E233-1204-43CB-A80F-32613262C806}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{306662F5-E354-4310-8D90-7E08E041648D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{307FE483-BF9A-4E29-B98F-72A88308B122}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3132F6DD-A2E5-40AE-88D3-E7BF2BF7F5E0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{31C46AC6-BF1A-4BB9-8FC7-D82E038A0559}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{31DAAF9E-265F-4E08-904B-C1DB4C26BA11}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3291BCC9-821B-48C3-A49E-0072EB8EC849}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{32D3EA48-BAA0-4449-9294-93411C674156}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{330B3455-0410-4C60-90AF-31E76F429F34}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{331F8629-9FF1-49EB-AD2E-EF6229081F9B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{33C86C48-BCAB-464F-B105-C1363A0B3F19}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{34E54134-E813-4A83-B23F-89F130270A58}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{34E94E54-5C4A-4478-82B9-E7C558DA7BA5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{357075AF-50AE-43A0-9448-B9BDD4775DC6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{358CE5B2-CAF7-4D12-B50E-3385CD27B54A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{364AF13D-767D-42CD-BE69-9ECDF739726A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{36F8218E-1C04-4B11-ACAE-F31A91800470}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{37492E00-7145-4635-9376-50E992F2B2D9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3758BEE8-9F5F-4FC1-992F-7E96156CCD3E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3911A54C-F579-43CC-8298-506499932482}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{392B83E3-46C7-4CF9-B9A6-CD0868176B77}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{39574678-CE88-451E-B4B7-8206AAF741FF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3A1161EA-1EFD-4B9F-909F-4053A98E1004}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3B1F6E84-6FC2-443A-B706-4F9B1C5FBD8E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3BAFEA68-C4F0-4AE3-A5B3-3817DC326326}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3BEF0436-2AB0-42E8-9AEC-A701866C154B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3D6E0395-3E6E-42B3-8B9E-794DFAA8DBCE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3DC12BE6-4B53-4075-A854-2C1BEFD9DB6F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3E704E20-EC85-4D54-AB3D-DB86D7334BCD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3EFC149D-3023-47A2-A35F-047EFFC01291}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3F762798-6FC6-4E43-8004-7704D52C78A4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{3FEEC130-DAFC-4B6E-84EA-9B1FACCCE9A9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4080A7AF-27CE-473D-A52B-11C205E7705F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{42D6C729-AC90-47C0-8AA9-3B92E794E364}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{431A2F4A-A5EE-4982-AE35-3307CE0D3278}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{435AEAC4-6B25-4191-A928-DE103337669C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{43C6A83D-5240-4FFF-9F2E-03D43265603C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{43E5F195-F30C-40DF-8529-909A2A2A806E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{450E1220-5DC3-49B2-8AAD-B0467CDF607C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{45AE6C57-6621-4A4E-B9AC-4D0939013872}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{45C30AA9-164D-4FB1-84FE-E1328CEDB19A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{45E6CF88-2FC0-4567-B547-0FE99A1FC91E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{45F1E73B-C2E7-48E1-8441-47DBC08DE7AA}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{46988AE3-D8F6-4CE3-BA8C-E2C6CEB88806}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{469B4032-6DD4-455B-B8F7-1A1A27D7F0FB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{46E46979-DE62-4C78-AEFE-E1397CBBAF0C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4771C1F4-C741-4BDA-A911-EEBBCF7FA1D6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4824B855-13ED-40AA-AE1A-1D869F9242D6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{48C8A8AD-3352-43EA-8D9E-4D29ED8F7357}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{48CC4D99-91C4-42F8-A19C-732FAB50542D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{49843CC8-9A68-4C75-A172-E9D99E32641D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4A487835-D01E-44A7-B59A-5D88A42670CC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4AAE20E1-6049-4059-AE2A-1B3088B1AE53}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4C3EC6DC-B4BD-4151-8157-CDDA22080115}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4C52880A-010A-4517-BD5D-349FEE9CF35D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4C68FBDE-CBD7-4220-85F7-ABECE2907686}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4CB35363-F936-4BBA-BCBC-2D2139D964D4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4D742A68-698A-46D4-A0A3-70714BC60B0C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4D792846-039C-46A9-8D46-128B5EAED8F0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4EC5B65C-0ABD-4473-8518-E294063E31E1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{4EE8EB13-88FD-4CB4-953F-88306A3A4832}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{521CD290-56AF-4E12-860E-7CC5852A6775}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{529CB19E-3544-49A3-998A-3234D561A57E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{52E2744D-586E-456F-B51F-EBF3B4EB7780}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{53DF77ED-86B4-4964-91C3-1E7889F5BD15}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{53E7011D-05DC-4FBC-8EB4-15B0D2ADBE93}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{54108623-A9C8-423F-87A0-CB6380934DA4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{55403E9D-BF47-44C1-8699-250744486FFE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{555637B2-8536-4A3C-9F09-730EA95337D0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{56DDA0EA-B5DA-45E0-B5A7-02E23D69712D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{59015477-B4E2-4DEC-A1C0-090E0E62238E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{59B99804-B7BE-4981-AE8A-70E4A3B51C42}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{59C676FB-35D9-490A-A891-AA9FDC0D7543}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{59C7B06E-E42C-4439-9BE1-69BF67C0260E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5A03AE0B-06AC-4B81-ABAB-2D21FB6F704B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5A2D2775-417B-4BF6-A416-6493027C6E37}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5B841BCC-8BEC-4F69-BE54-B13EB0F2DCB7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5B86AC72-AD0D-4636-BF20-A4D80C3121CE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5BBEF33B-9137-490F-96F2-FF8B73DC08B1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5CB7B5A5-2CC7-4388-8DC7-1224851E320A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5D5B6A46-B6F4-4E47-AE08-46ABACE3338F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5FB41281-3042-4212-BC8C-98EF279CDB7E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{5FF8D2D2-4507-4B58-8911-D28D6D0DEB97}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{60C8C8DE-85D8-4C25-8E8A-815A7ADF9C33}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{611F0801-F0CE-441C-9BA4-A1F536B5CE29}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{61CAA624-38B2-47E1-88EA-B2C629811E08}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{626B9977-EDCE-4680-967C-F13541280FE8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{62CA732F-9381-4489-A889-8637197C41EE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{62CA7EFF-803B-4703-812B-60A47E3EE68A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{62DE997C-18BC-4954-B3DE-F70D568ADC83}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{63ACE6DE-A71F-42BE-8B20-994481D42DFA}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6567DCDE-BCBB-40DC-9224-137275DC0ED2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{65814EFC-A905-4762-B6AF-63905644F4F1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{658E1DDE-6400-4BE9-9706-6869E71356D8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{67327D35-85FD-468F-91AA-6B14C479DD08}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{675971BF-9C2F-4897-9DA9-D32D3A3B67C6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6892DD40-F6BB-421A-AD50-A24372E54122}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{68C5C960-2484-4566-BE6E-B0238DEBAE2A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6938ACE1-6C79-44DB-A6B5-A937D269D8FB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{69CA4E77-FF1E-4BD9-B826-FB1FD8F1AF69}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{69CAD35B-ED93-41B6-93EA-77432B8B12D3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{69D53D22-5244-4423-BC02-FFDC12A1F6F4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{69FA79A3-1401-4F30-B2EC-17AED8E87B12}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6B28FE23-E867-4BF4-95E6-47CCA051AF0F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6C152850-F5C0-4DD7-B0D2-954ADE2939FC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6C6E86A4-76E0-4EDE-9868-52172818F471}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6D04296B-1915-43F5-90BA-440255672B41}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6D5E7B8C-BD3B-4F59-A553-08BEAAC37801}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6D8906A2-77DE-4CA2-9154-48207C8FF7DC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6DE0916F-BDFB-4013-8FFF-0F4832FF8172}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6E1FA0FF-6C3F-4349-A22A-7596A5FC7E1F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6E215D50-5F50-4A23-80D1-3002D5350671}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6E4B796E-2309-48FB-B0E4-5B1FB20A9E3F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6E85CF3A-344A-4906-B301-1B172D8BE858}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6EDA6434-B98E-4CF9-A875-17C0320484F4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{6F84DBD9-907F-46C3-9DF6-AF1A2DA09695}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7163FA63-1172-4A6F-93F4-02D2FAAA1A54}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{719CB7AE-7B22-4E41-900A-0E029A71D3CA}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{724F434C-5450-495C-A0F4-E4AA53AF955C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{72AF407C-EC22-4778-9E21-8184934E8156}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{72B0C648-1DFB-4B1B-9A3D-8A64312AF5F6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{73D46AAA-7894-45E5-B1AA-6CF2F34DDCB5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7401C419-32F4-461D-AD53-B97E3F1B1EAB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{74498C7E-9D30-4B7A-8592-DBB23BD06732}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{74978646-03FF-4C64-9E24-8F478C925983}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{752A6DB1-6233-4C4B-915B-46FA08B09056}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{754AFF55-8182-4051-8628-899FB515BB19}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{75E2A6D4-6EB3-4424-9DA1-8E5AD21B13BC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{75FBC0F4-9C27-4AD2-933E-7EE8BD51D60E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{76355C5E-E74C-427F-B1D6-6486308742F9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{76CE0B2A-3824-47CF-869C-0135DEDC5E6E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{76F1939C-29FC-45E9-AF79-F55ED25D0AD0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7759D3C9-9F55-4100-A246-98178F1921BF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7873A818-D70F-4580-9C98-D4BDCF0606A1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7880044E-30E4-428F-BE3B-1A25B9A87B81}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{79EA11E0-B22B-41CC-8B23-7BB16A982D89}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{79FFE3B2-AE9D-42AF-A7FC-48A10A9BD04E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7B0A2137-2C11-454D-8EB1-82E440E83B72}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7D0488BD-DC0D-482F-ADC7-2F3B74A25D59}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7D726850-9C02-4A26-A8F8-418FBD5464D6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7E69A6A5-C6B3-4F1C-9559-C3374D3B7DB4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7EDB186B-A177-4588-AB55-3B780137A9FB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7EF3E4E3-EB64-4BB4-A87E-184572D6670F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7EF56231-4116-4F63-9F53-8DF7C7773139}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7F4C2F0C-9719-4AD1-A450-449E3DBC01E7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7F55D116-A6CD-4309-8A62-ACE815379104}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7FB21D7D-843A-46D7-8784-BC9B47B1F0B8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{7FDD49EB-5DBF-41A9-AEA8-69F8A95E3B1E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{80342F4A-D88C-45D8-9D29-8E7FA58A449C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{80D95B4C-FE3B-427B-83A7-67C1BFC601A7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8157C6AE-5FF7-440D-BD7A-B285F081936A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{81BB3D24-EFE9-4B23-A728-68605EEDBB55}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8220A105-E234-4FAF-A603-4EDAB0523660}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{82A6CA76-47D3-4505-B865-7744505B6C75}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{83458A84-C6BC-49BE-B1A4-EDAB87945DD6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{84C5E1E0-CB60-4730-9EB0-A4A5850BA286}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8508C965-91A0-4FEE-9F7A-723D789229B9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{85531DFF-DE6E-49CE-B162-02E7574F2ED3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{861D3FFF-50F9-4766-A17B-9EF2BD811D77}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{87510890-C5E2-4A16-8EAF-9BB0D99170D0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{87F52C0A-C50F-4915-B0BA-9909ACF199A9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8862DE33-1DFE-4F75-91F6-A78357C01878}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{88955F71-6530-43DA-B5F7-EDDA029D12A4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{88A838CC-57D8-4DA1-A155-8129F5D7D92B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{89297526-6CAB-482C-830C-33508E88B690}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{89374AC6-DD4E-4D5E-BE08-F1516E881099}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8957AA03-B06F-49D0-91A9-B13591713861}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{898F67AA-D92D-4F31-B7F8-C0747F51950E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{89BB8979-077A-443A-9EF2-42F73C6B2F7C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{89E1748E-58EA-4460-AE62-3315CAD45E3F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8A61AAAC-127C-482F-989E-778F66F8E973}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8B0FD667-87AF-40C7-A73B-0641165D3AC7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8B37BB76-8D0A-4793-9164-F6245D092609}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8BF1D0CB-7433-4212-A8FB-0BFBFC6112DA}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8D547394-1A25-4987-95A9-FCE39BE749B5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8DF81A92-7474-485A-BF86-EBEBFF83DDED}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8E4A9799-1475-46B9-ACCD-FE98F38911E5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8E7A0DD1-A2D2-465B-99B6-893811FD6490}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8ED32224-1F98-4205-8ECA-AF5946CC0F35}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8FA03273-BC31-4B2C-A570-0D7375D83FCC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8FB29121-9E01-4103-BCD1-2CEAEE2D7AFB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{8FD0C4A6-422E-41B7-B29D-0F90D5317D9A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{902FFC7E-1FDC-49D5-848E-80537DB31640}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{904A4AFF-04E2-4B32-AB98-E69866242F1B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{90FF56D3-9E8F-4857-8B41-503B1EC9491C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{91AB0C04-D4A8-47C3-9C1C-8A0C57C081C3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{91BDE649-DB01-401F-A3E1-1A8FF222407B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{924E7273-8931-446F-94D3-57E33E13D6D8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9292B99A-C78C-49B8-B50E-697ED6992E9D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{92D6FFE3-20A5-4128-B656-44FC24121935}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{933E8DA8-3431-48D1-85A3-7851FD9BAAE6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{941DAEB8-A37B-4AC4-A5D7-0DFD6D98A646}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{94323F4F-DA09-4B3C-945D-DE83BF49A094}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9443589C-8FB5-4599-9043-422EAA5CF9D3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{947A8656-D791-4B11-A9A2-B91DC89C82D5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{952207CF-B86A-44B4-B8E5-1241485A2F2B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{95DBBD2D-16E4-4397-BD57-DC64A8C3D188}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9B18F0A6-63F8-44A5-BB1E-B884F2096BB5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9B6A5762-35CA-45EB-AD5C-34B24603186F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9BA31A65-8453-40A9-B2E6-68F38D69C2D2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9BBF2506-8514-4291-B183-41C560EC32EE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9C4B0764-6A60-4FF0-A1A3-CCEDBFCDA28F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9CD1997E-00E5-4391-851A-A9239C62528D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{9FC79364-7960-4EDE-897A-196B1047828D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A1887224-B524-47F2-8865-AD92E324BD58}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A196A069-1C29-4E63-ABDA-B3B45961B707}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A2B7038E-3F85-43BD-937D-1FA34522ABDD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A4223ED7-0F6C-4C0D-AB30-5EAFB2F6B3E3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A467CE92-4D04-4A33-A926-87F4CE686CF3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A559A935-A957-4FCF-A7B1-F726740D58C3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A5970FAF-97A5-4577-A139-B6FDA101F26B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A625C86E-83E4-4876-8F61-6AE668F2BD38}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A6F64D74-2B3C-46F5-86C6-8C3F84FCFA97}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A7D573E5-5D7D-4A6A-854C-A25CD517A6D2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A809578D-321B-4E93-BCC0-1E8CB3A65186}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A8B5DECC-1224-4116-A3AF-B08A53790460}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A8E14334-90D7-4B02-A20E-A7CCA58EB3FC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A8E864CF-32B1-4A40-81A0-3AA97342E1FA}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A9125A2A-61EB-48B8-B3DE-CAEAF27A5302}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{A925C377-EAF4-4609-8DB4-735B02FC2B63}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AA2C2089-1E25-4EF1-AA64-C354DB0121AD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AAF0433E-7F31-4558-97AE-3A7822F6ACE2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{ABE1B9B3-4340-4AA9-A7AE-77725718118C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AC7DBF61-2A37-46B3-AC4B-40AA0EBC28C1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{ACAE79D0-B743-4A97-A47C-9EE35B79FD6C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AF0A8334-1E86-46D6-B176-0FD9D725E95B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AF492ADC-75D9-4E95-8D3C-DDC82F6AC618}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AF6070B9-5F2E-4231-A081-9B670AC19771}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AF908802-2114-4403-9330-3AEA1CC13770}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{AFED9928-65DA-43B7-977F-54DE1BABB770}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B00D8FFB-BCEC-4D20-B76E-B372DA402FD6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B0AE0F33-2739-41A4-AB11-83DF8AE3A3AF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B13824AD-81E7-4A9B-B3FA-31F88619E1EC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B1BDB881-AA52-4B3A-B103-9E2E45C60948}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B1E327E0-C95B-490B-8FDA-63CDF1BE8420}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B208D87B-8078-4598-A146-3D1C6BAD48B1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B21A5C07-DF65-41B6-9C57-59601D26BE7B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B22BE4F5-0D0F-4106-8623-BBBE141E063B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B237ECF2-E4E4-441C-A62F-A56E5A22A89E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B2956AE6-0CE6-453A-B473-4F7824212555}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B3720915-0017-435A-9B4F-95B459D376D7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B46662B7-9903-4024-ACA8-0414207E6E27}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B474047B-3CAB-4977-BB19-E2F79CF6C2D5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B4B38457-CF19-4B3D-BAEC-E18F6BACEE2E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B4F41598-E678-4316-9753-D3794EEB1A34}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B62AD7AF-2071-4A98-B827-ADE0BDAB085F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B7F1F903-94C0-4A96-BB48-1DF5031BA10C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B815AB69-1F83-4861-9E45-B20B2A4119BE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B841D3BB-8952-48AA-B05A-C4F52289FADC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B8E4A605-FDBE-46E7-8870-4B4AA6031669}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{B8FA025D-298D-486A-92A4-EFA8484A4B2F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BA153D2D-5DDB-4329-AFB8-3BFBC2FD2DC9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BA195AFB-94ED-4407-A157-937647994061}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BA5AE3BD-9B07-49E9-AB03-B9DC46C5B662}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BA9787ED-2E3F-439A-B178-7B37A1ACDF88}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BAC85645-84B7-4EF9-8CEB-8217A23A6763}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BB1E02E3-741B-4880-85A5-4AB45E28B541}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BBA75B35-FF91-4892-98AD-564C4DB5ED19}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BC2C2844-0F5B-4F6E-ABE7-D5173347F424}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BC46C3DC-07B6-409E-90B4-BE16C4EB50B2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BD0B7C96-FB01-4632-BC70-49964139CD4B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BE0FCA19-881D-4858-AAA1-DBA873DD3221}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{BF7EF10A-F7EB-44DD-AA73-8BC7A8E62B32}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C05E0C82-BBD1-4A47-8A71-6CE379261E73}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C15DD10F-EECA-44F0-A159-474F3976C510}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C1A1DBF7-1FF8-4A71-962F-824E6EBA7A83}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C1BB617C-1047-4807-91B5-CDB1F5F8D65D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C1FCA7CB-08EA-41A0-9368-CD8474B96203}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C2317749-65F4-4B23-9097-BAF1CB481B7E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C3F283DA-F14F-414F-91E3-E5B89D22B7FC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C40625C6-1EB6-443D-A782-CA316E041E6D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C406B4F4-08D3-49FB-83DF-8B38CE3759EC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C410EA90-36E6-4044-8355-C60717126CDB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C47C64A0-5BA4-4265-B8FD-78576BB2124E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C485B0AD-0357-40F9-B335-31466526CB6C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C4F05F0F-A6F2-446F-9F64-712A13F63E8F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C56B0475-87AC-4BAA-B7B4-82B2BFEC0C14}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C609174D-8CE6-457F-B1B5-7623A8E5B967}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C70ABB7F-FE70-4388-BAED-B7C16A9BAE16}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C7E2DCAC-D053-42AC-BFBE-9AF57A8B1D25}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C837391C-2BF1-4E95-A51E-51E3C93A1B99}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C8648C74-46A3-4E69-A84A-570A2082FBC6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C897423D-11E2-46E5-958E-FB8F6FA14B74}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C8ED296A-C4C0-4F21-A093-765FF5CC7A7F}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C8EEAB21-E359-435C-A68F-06A9C46BE502}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C952C225-47C7-4914-B384-A390B580DD85}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{C9D78B60-C438-4253-9DBB-00E80A417E63}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CA3F9A65-793C-44FC-97D6-C08073DE93BF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CAE2225E-5443-47F9-A352-EF00C1FF6AA0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CB0A4775-4E1A-4E6D-A76F-E9AE7F697392}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CC20977B-803A-47CB-B831-11A277E219CD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CD32F5E4-7E31-4B44-8411-881BEECA77C1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CD7E632C-CFA7-4D5E-A74C-1012E28629FE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CDA4E7D4-1AB8-42FB-8A72-C15A3A21CA4D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CDBB4E7D-0A72-455B-B4AE-F3E900D2B053}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CE7352E8-9023-4BAB-9A54-E8453BF2CEB5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CEB29274-FBE1-4691-A34A-6349E4A09738}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CFAC9344-514A-4EAB-9E86-9422BFA3C262}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{CFD2FCD9-0258-4C21-8E01-41086E81E655}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D019CC03-5B01-4FC9-9F2D-C6F896D7A8CF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D05020C4-A1C5-4605-BB74-7E32BFFB1FCC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D1F64ECB-C379-42E7-938F-8E8957B2E407}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D22ED39F-1ADF-4827-BA3F-67E957AD87AF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D23F0344-AD59-42FC-A5A4-181BC587E718}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D2E4345C-95CE-4DDF-B7B0-F65045D45FC6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D567985B-C54C-40DD-A2CE-01276D425EEB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D7414767-DBAA-4C5C-A2A5-B8DEA2AD12B1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D74B6E25-E557-4157-943D-169AD482FFFF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D7A4B820-DB58-42FF-8DA5-548D719E42F8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D7E36239-20D8-4FB4-AEBF-E490250112F2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D7EE8DBA-B1FF-4BA4-91A6-865054B02D12}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D80CF69E-AFC9-4317-9AD5-F559F34DF5B0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D85BE803-A265-4FD9-A3A6-DFECB8DBCA27}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D872D030-7CF1-4DEE-BC43-8ADD8DAD219A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D878F3B8-6016-4B3B-A51B-298EB89AD5A4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D8BB00A7-6BD2-4D8B-943E-FF3EC8ED5725}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D8F98EB0-DE9A-488F-B7C1-D7A17A181671}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D983F610-AD6C-475B-A64E-3C8DC2E89FB4}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D9A7FF10-96AE-43E4-B967-6CE371C8AB28}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D9B4B7E4-E39F-4B58-BB1E-A17FA90483DE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{D9D89068-7DF6-440F-AADC-320AF0A20E32}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DA2CE422-4F48-4C93-A7E1-2BD676B5E966}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DAA6AF4B-7CD9-487B-88B1-2F006686FEB9}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DAD6CD0E-2730-452A-9BE8-3299FAEBA453}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DB1F75AB-B6DD-45D0-877A-0B9C2312640A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DC3A5F08-722A-405C-BACF-49BB24B71DDD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DCA3B27C-38E1-43E1-8116-63A591D9ECDC}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DEE11616-AFB0-489C-84D8-C774F4AFC0AF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{DEF4ECBC-29E9-4628-AFFC-140BDBF73D81}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E0F38535-5B6C-44EB-B841-BFB83DABA3C1}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E0FE09DB-C83D-4BBD-A38A-C54EA626DB08}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E1B90ECE-5283-4B15-B175-BC20FACC6160}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E2850AAD-0562-441B-8C6E-FD0196E70A1C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E2DA6D0B-5B4A-4B07-B72B-7EC702963068}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E42EC43E-30C9-48C5-8380-F064C55E8D64}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E4553A8A-C5E3-43B0-948A-5DAC456FE671}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E4FBA426-D5D1-43A6-8095-CBAA1E4539FD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E551FC9E-F3F3-4E7E-AB5B-FEC99E4AEFB6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E5F1B464-5271-4EC5-9702-A35158C81F46}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E60ABD5C-DC52-4349-94C7-39628357D1DF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E619964C-2D88-46CD-A4C9-7B2652D04D8E}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E7524DAF-F66B-4BEA-8A97-FC74019244AD}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E77829D3-7473-4E43-A26D-E6F50822449C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E7AD2CA6-953D-4DBD-928C-7762476CADD0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E8A076FB-62F1-405D-80AF-4DF386AF6994}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{E992A511-11C4-4982-91DA-A52C08B704DB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EA8A3F86-BD62-4B50-A1F8-AD03DDF95134}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EAD17493-924B-4DBF-9527-7B4B9DDC1A7D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EC315A6A-C183-4A9B-B07F-AF9A336A4581}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EC3ED523-9495-44F9-9368-93AD1F4C7E00}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EC8C5039-BB99-46F7-97BE-EC30477124EE}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{ECC9C7F1-3A0B-4875-9252-30C945E937EB}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EDA037B3-55EE-41A3-B0DB-5CB49CA91A23}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EDAA7913-2271-4D61-94A8-877693B8A5F5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EEBC3B3C-88B2-415E-9DBB-70CBA3AF4664}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{EF1E3736-D6FA-4E04-9FD9-B0E17AB01657}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F03172F3-C934-4D13-BA49-E43315EB37B6}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F0713E9A-6516-4278-99C4-E97AA4601EC3}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F285C20D-950F-40CB-8BB3-94A69385535D}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F35BB15C-B64E-478F-8A0E-823BA49D72AF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F35BBD13-47A6-4F15-8EFC-DE786055F02C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F49EEA77-3BC2-4019-847E-ED54B701973B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F4D9BE04-DEF8-4ADF-9E31-5489FCF4EA3C}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F668131C-06DE-4F58-8384-C8AFD02541B5}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F67BE681-2606-428E-A258-A3988CA947C0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F6D3C059-94A9-4F7D-8086-5C669BE31317}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F6D95D22-B89F-439A-A408-5BBC4C8C2EA7}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F6DF30F5-4517-41BD-9DA8-51B952DA0F02}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F73D805F-CBAF-47F3-8AC7-A36E9D325DD8}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F770A6E2-C15F-4D4C-A1D7-63B74D1D5BA2}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F88FFB01-9AAC-4FCC-B0BC-25871F65304B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F93673A4-D465-404A-9CC2-2E45B53D39B0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F96F3436-A213-4A2D-94FF-ACD6B15F4F86}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F9AE8E9F-47D6-4724-B81D-C260BE7C135B}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{F9CB836F-4AF4-4C2F-97DA-60BDB02D6F58}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FAB447C8-8947-4C8F-8078-4E54194E9E81}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FB87AE58-A574-4739-A0FD-59526EBA04FF}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FD43A12A-0606-499E-A8E2-9BACE313E28A}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FDB8CBDC-A812-40B0-A966-B2DE50D87616}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FE725D44-D6AC-4A00-B8B8-8B6BD749C1F0}
Successfully deleted: [Empty Folder] C:\Users\Tim\appdata\local\{FFFC1E7A-A060-4102-8862-D3693F6E4F59}
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\lgl0eoy2.default\extensions\{ebc3cfe3-606b-4470-98ae-4dd305d4c0b9}
Successfully deleted the following from C:\Users\Tim\AppData\Roaming\mozilla\firefox\profiles\lgl0eoy2.default\prefs.js
user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Anal
user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.08.2014 at 15:35:10,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bei Malwarebytes Anti-Malware gab es ein Problem mit dem mbam.txt. Wenn ich das Suchlauf-Protokoll exportieren möchte stürzt das Programm ab und es kmmt eine Medung, dass das Programm nicht mer reagiert. LG Tim |
|
05.08.2014, 20:36
| #10 |
| /// the machine /// TB-Ausbilder | nervende Pop-ups beim Surfen im InternetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.08.2014, 09:19
| #11 |
| | nervende Pop-ups beim Surfen im InternetCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9f95709697fce24a8f6c7dcda41dcc8c
# engine=19703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-18 05:21:06
# local_time=2014-08-18 07:21:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 47534 152891444 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 32288348 159969116 0 0
# scanned=459886
# found=68
# cleaned=0
# scan_time=26521
sh=B98C851D46F6F34607DEC601FF82469DA350D9EC ft=1 fh=95a049650cc65f75 vn="Variante von Win64/Adware.Adpeak.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\003\hmmwwoblzz64.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317483\UninstallerUI.exe.vir"
sh=7747A4AF95D60CB0E9636E483BBED8D1E94A3BCD ft=1 fh=d5b93855013f06e6 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Conduit\Chrome\CT3317483\CHUninstaller.exe.vir"
sh=033DE528C6418977EAA5D4D5870A8B6F338E8715 ft=1 fh=ea1ff2bfabb3bd29 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Conduit\Chrome\CT3317483\UninstallerUI.exe.vir"
sh=BB1A5AE5206E9995C35E517ECBA291C30CE4F7B7 ft=1 fh=34cca54ca63a6441 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\NativeMessaging\CT3317483\1_0_0_6\TBMessagingHost.exe.vir"
sh=6D2D98D744890E6BFA3FE63D6C71E34AAB5F6B23 ft=1 fh=d4529ad38c1f7860 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Local\Software Updater\Downloads\DLG_tubebox_update51_de-de.exe.vir"
sh=9EA2EC35286E8B152E1B0FB0F7CB45ECE5DD1E94 ft=1 fh=1d1710bbc0b94508 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{2ee84ac6-8dd6-4a14-bd37-b79c8f9ecf4d}\ctypes\FirefoxCtype.dll.vir"
sh=E5893674EB5035340F082FF31ABEA60C87BC26E7 ft=1 fh=4a5efe03ccdce2f0 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\{2ee84ac6-8dd6-4a14-bd37-b79c8f9ecf4d}\Plugins\npFirefoxPlugin.dll.vir"
sh=C5B13CA2F7AAB4B2B9E14738813404E3F724159E ft=1 fh=959213819692c14f vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Roaming\PinPhotoZoom\KeepMeUpdated.exe.vir"
sh=87BB4F071D7F85B7C5149E63EE2E6D853CBC5934 ft=1 fh=1a4fd5a3459a377b vn="möglicherweise Variante von Win64/Complitly.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Roaming\PinPhotoZoom\64\AutocompletePro64.dll.vir"
sh=C5B13CA2F7AAB4B2B9E14738813404E3F724159E ft=1 fh=959213819692c14f vn="Variante von Win32/PredictAd.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Tim\AppData\Roaming\PinPhotoZoom\64\KeepMeUpdated.exe.vir"
sh=268979BC94F89E29C10C925824C49D5C9B5B1C09 ft=1 fh=029569cfdc034e29 vn="Variante von Win64/Adware.Adpeak.F Anwendung" ac=I fn="C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9\eugubobiys64.exe"
sh=6C1D5DC6B67B4CB2172F97970204A61DE992F7E3 ft=1 fh=0086fbf19071c909 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe"
sh=FB2DD80D3410BBAE4387DE0ECF8BD1F6867D3BA4 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\AppData\Local\CRE\ioighjflakajniehlakelhkdfljfemcd.crx"
sh=51C7DCEE8162985E30DAEC045D00C97F5358AC04 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx"
sh=9D3707E575BDD39830328AF577E03762D9D90331 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHE Trojaner" ac=I fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H7NQ73B\8o5hfgit0i[1].htm"
sh=C8ED85CBB679DFF0D72E7D8C79CE5E74B5EFADE0 ft=1 fh=37dd7ede875c1f3d vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9H7NQ73B\spstub[1].exe"
sh=8398427DEE8FECAF5BC25B22C826FC2DC6DF9747 ft=1 fh=81c159dc949cee29 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LKJEY940\SPSetup[1].exe"
sh=83BB986E40DDC0574137E703AE46360EFD58AEC8 ft=1 fh=4eacabcddf74ac25 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Tim\AppData\Local\PMB Files\Upgrade41270\PMB_update.exe"
sh=37381F388BAE1EDBAC14E32FF3277F224AF74188 ft=1 fh=bc860133a238d9e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Tim\Downloads\avira_free_antivirus_de.exe"
sh=A9C4F60236EDAD5F523002D9FA303DA9210E9B52 ft=1 fh=811decb37f5b2ffa vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\FileConverter_1_3.exe"
sh=B3B479F3AD669EE220CE0540B24DBFAE7CC7B9C3 ft=1 fh=f46f3c92167c7d39 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Tim\Downloads\FreeStudio.exe"
sh=5F11692DC5706BA3EFEF116FA0CAB9242F0BC4F1 ft=1 fh=562c1aa0d066f8da vn="Win32/Adware.1ClickDownload.AM Anwendung" ac=I fn="C:\Users\Tim\Downloads\octomom.exe"
sh=0656FC78B08FDD8799148DA7F1B135B37B5CC832 ft=1 fh=b33a35bb32cda56c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\OpenOffice - CHIP-Downloader.exe"
sh=B6063BB2BE75EFE0A734F343F5B0418A804A4171 ft=1 fh=b75dcb633474ac28 vn="Variante von Win32/Adware.Trymedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\WormsArmageddon-dm.exe"
sh=CA1DD1BED1A7B1F1375A9E48AF4E0685609D8B2F ft=1 fh=f9c7abb69ab91005 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\wz165gev (1).exe"
sh=CA1DD1BED1A7B1F1375A9E48AF4E0685609D8B2F ft=1 fh=f9c7abb69ab91005 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\wz165gev (2).exe"
sh=CA1DD1BED1A7B1F1375A9E48AF4E0685609D8B2F ft=1 fh=f9c7abb69ab91005 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tim\Downloads\wz165gev.exe"
sh=F4B0FF4B42F223CF8338684906BCFFAD9AA2710E ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\Installer\20b97.msi"
sh=DC935CCB0E757C9C719A73A1D67A70CF645516A6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\4e7979.msi"
sh=E44D062204C9698F5C95651F2E424D37A31F5B15 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[10]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[3]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[4]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[5]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[6]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[7]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[8]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[9]"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\update[2]"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\update[2]"
sh=69A35E782A90296DC01CD4184D2775CE1A35C4B2 ft=1 fh=7f4a4e7ae8724a95 vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
sh=E44D062204C9698F5C95651F2E424D37A31F5B15 ft=0 fh=0000000000000000 vn="Variante von Win32/Bundled.Toolbar.Ask.F potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[10]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[3]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[4]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[5]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[6]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[7]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[8]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[9]"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\update[2]"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\update[1]"
sh=E6EB57D31EBB34333C7946B099CD30A2AF3A4BE0 ft=1 fh=9c58a27d54f366a1 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\update[2]"
sh=69A35E782A90296DC01CD4184D2775CE1A35C4B2 ft=1 fh=7f4a4e7ae8724a95 vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Norton Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 40
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (4.0.1)
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by Tim (administrator) on TIM-PC on 18-08-2014 09:32:54
Running from C:\Users\Tim\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(NirSoft) C:\Users\Tim\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [860040 2010-12-10] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-11-25] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-11-25] (Atheros Commnucations)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-14] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe [295232 2010-11-12] (NTI Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1025616 2010-12-09] (Dritek System Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Facebook Update] => C:\Users\Tim\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-14] (Valve Corporation)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-25] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Hoolapp Android] => "C:\Users\Tim\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\Run: [Google+ Auto Backup] => "C:\Users\Tim\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe [154144 2010-07-29] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {05e26f25-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {05e26f43-da2b-11e1-bfef-00030d000001} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-283462342-1146700221-3439875133-1000\...\MountPoints2: {2015051a-041a-11e3-a567-00030d000001} - E:\iStudio.exe
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Tim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-14] (Valve Corporation)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-25] ()
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-283462342-1146700221-3439875133-1002\...\Run: [Amazon Cloud Player] => C:\Users\Tim\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: BetterAds - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\betterads@BetterAds.org.xpi [2012-10-19]
FF Extension: GMX MailCheck - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\lgl0eoy2.default\Extensions\toolbar@gmx.net.xpi [2012-05-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn [2011-05-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_13_2 [2014-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-23]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-23]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll (Macromedia, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Tim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02]
CHR Extension: (Chelsea FC) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\balpfijklohemjmpdkdpgoklgahmleip [2013-03-02]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02]
CHR Extension: (Google-Suche) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02]
CHR Extension: (Avira Browser Safety) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-05]
CHR Extension: (DivX HiQ) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2013-03-02]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-03-02]
CHR Extension: (Google Mail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2012-07-30] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-11-25] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [868224 2010-12-10] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-04-04] (WildTangent, Inc.)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [257344 2010-11-12] (NTI Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2011-06-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [244904 2010-10-28] () [File not signed]
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-29] (Acer Group)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
R3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\SysWOW64\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\SysWOW64\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-15] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-07-01] (Symantec Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2012-07-30] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2012-07-30] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2012-07-30] (Huawei Technologies Co., Ltd.)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2012-07-30] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-01-08] (REALiX(tm))
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110713.031\IDSvia64.sys [488056 2011-07-08] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-05] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110714.005\ENG64.SYS [117880 2011-07-01] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110714.005\EX64.SYS [2011768 2011-07-01] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\SysWOW64\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\SysWOW64\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va005; \??\C:\Users\Tim\AppData\Local\Temp\0059AE9.tmp [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 07:41 - 2014-08-18 07:41 - 00854417 _____ () C:\Users\Tim\Downloads\SecurityCheck.exe
2014-08-17 23:47 - 2014-08-17 23:47 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2014-08-17 19:26 - 2014-08-17 19:26 - 00000000 ____D () C:\Windows\LastGood
2014-08-15 03:33 - 2014-08-15 03:33 - 00000000 _____ () C:\Windows\SysWOW64\sho17B8.tmp
2014-08-15 03:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:03 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 03:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 01:27 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 01:27 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 01:27 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 01:27 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 01:27 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 01:27 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 01:27 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 01:27 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 01:27 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 01:27 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 01:27 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 01:27 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 01:27 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 01:27 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 01:27 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 01:27 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 01:27 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 01:27 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 01:27 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 01:27 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 01:27 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 01:27 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 01:27 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 01:27 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 01:27 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 01:27 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 01:27 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 01:27 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 01:27 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 01:27 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 01:27 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 01:27 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 01:27 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 01:27 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 01:27 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 01:27 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 01:27 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 01:27 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 01:27 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 01:27 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 01:27 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 01:27 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 01:27 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 01:27 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 01:27 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 01:27 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 01:27 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 01:27 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 01:27 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 01:27 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 01:27 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 01:27 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 01:27 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 01:27 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 01:27 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 01:27 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 01:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 01:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 01:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 01:26 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 01:26 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 01:26 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 01:26 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 01:26 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 01:26 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 01:26 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 01:26 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 01:26 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 01:25 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 01:25 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 01:25 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 01:25 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 01:25 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 01:25 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 01:25 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 01:25 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 01:25 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 01:25 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 01:25 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 01:25 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 01:25 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 01:25 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 01:25 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 01:25 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 01:25 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 01:24 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 01:24 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 11:46 - 2014-08-14 11:46 - 00102454 _____ () C:\Users\Tim\Desktop\Apple.xps
2014-08-14 11:26 - 2014-08-14 11:26 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-14 11:26 - 2014-08-14 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-14 11:24 - 2014-08-14 11:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-14 11:24 - 2014-08-14 11:25 - 00000000 ____D () C:\Program Files\iTunes
2014-08-14 11:24 - 2014-08-14 11:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-14 11:24 - 2014-08-14 11:24 - 00000000 ____D () C:\Program Files\iPod
2014-08-08 02:09 - 2014-08-08 02:09 - 00000000 _____ () C:\Windows\SysWOW64\shoE2EE.tmp
2014-08-05 17:17 - 2014-08-18 09:30 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-05 15:43 - 2014-08-05 15:43 - 00058088 _____ () C:\Users\Tim\Desktop\FRST(2).txt
2014-08-05 15:39 - 2014-08-18 09:32 - 00000000 ____D () C:\Users\Tim\Desktop\FRST-OlderVersion
2014-08-05 15:35 - 2014-08-05 15:35 - 00056851 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-08-05 15:27 - 2014-08-05 15:27 - 01016261 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-08-05 15:27 - 2014-08-05 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 15:21 - 2014-08-05 15:21 - 00024024 _____ () C:\Users\Tim\Desktop\AdwCleaner[S0].txt
2014-08-05 15:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-05 15:13 - 2014-08-05 15:16 - 00000000 ____D () C:\AdwCleaner
2014-08-05 15:12 - 2014-08-05 15:12 - 01361309 _____ () C:\Users\Tim\Desktop\adwcleaner_3.302.exe
2014-08-05 12:09 - 2014-08-05 15:24 - 00001149 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 03:06 - 2014-08-05 15:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 03:06 - 2014-08-05 03:06 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-05 03:06 - 2014-08-05 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-05 03:06 - 2014-08-05 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-05 03:06 - 2014-08-05 03:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-05 03:06 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-05 03:06 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-05 03:06 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-05 03:03 - 2014-08-05 03:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-05 03:03 - 2014-08-05 03:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 09:33 - 2014-07-03 13:46 - 00000000 ____D () C:\FRST
2014-08-18 09:32 - 2014-08-05 15:39 - 00000000 ____D () C:\Users\Tim\Desktop\FRST-OlderVersion
2014-08-18 09:32 - 2014-07-03 13:58 - 00036187 _____ () C:\Users\Tim\Desktop\FRST.txt
2014-08-18 09:32 - 2014-07-03 13:45 - 02101760 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2014-08-18 09:30 - 2014-08-05 17:17 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-18 09:30 - 2012-06-04 06:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 09:30 - 2011-03-19 18:01 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-08-18 08:39 - 2013-03-02 14:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 07:41 - 2014-08-18 07:41 - 00854417 _____ () C:\Users\Tim\Downloads\SecurityCheck.exe
2014-08-18 07:22 - 2011-11-05 23:12 - 00001130 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002UA.job
2014-08-18 07:07 - 2011-03-19 17:26 - 01396070 _____ () C:\Windows\WindowsUpdate.log
2014-08-17 23:47 - 2014-08-17 23:47 - 02347384 _____ (ESET) C:\Users\Tim\Downloads\esetsmartinstaller_deu.exe
2014-08-17 19:30 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-17 19:30 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-17 19:27 - 2009-07-14 06:51 - 00172970 _____ () C:\Windows\setupact.log
2014-08-17 19:26 - 2014-08-17 19:26 - 00000000 ____D () C:\Windows\LastGood
2014-08-17 19:08 - 2012-05-30 00:23 - 00000000 ____D () C:\Users\Tim\Documents\TubeBox
2014-08-17 18:33 - 2012-10-25 22:19 - 00000000 ____D () C:\Users\Tim\AppData\Local\PMB Files
2014-08-17 18:02 - 2011-11-17 14:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-17 18:01 - 2013-03-02 14:25 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 18:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 18:01 - 2009-07-14 06:45 - 00390080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 21:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-15 20:44 - 2013-03-02 14:26 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-15 03:33 - 2014-08-15 03:33 - 00000000 _____ () C:\Windows\SysWOW64\sho17B8.tmp
2014-08-15 03:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:20 - 2013-08-15 02:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 03:11 - 2011-05-28 12:45 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 03:01 - 2014-05-07 07:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 11:46 - 2014-08-14 11:46 - 00102454 _____ () C:\Users\Tim\Desktop\Apple.xps
2014-08-14 11:26 - 2014-08-14 11:26 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-14 11:26 - 2014-08-14 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-14 11:25 - 2014-08-14 11:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-14 11:25 - 2014-08-14 11:24 - 00000000 ____D () C:\Program Files\iTunes
2014-08-14 11:25 - 2014-08-14 11:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-14 11:24 - 2014-08-14 11:24 - 00000000 ____D () C:\Program Files\iPod
2014-08-14 02:59 - 2012-12-25 23:54 - 00000000 ____D () C:\Users\Tim\Documents\FIFA 13
2014-08-14 00:04 - 2011-08-04 12:39 - 00000000 ____D () C:\ProgramData\Origin
2014-08-14 00:03 - 2011-08-04 12:39 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-10 17:03 - 2011-11-05 23:12 - 00001108 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-283462342-1146700221-3439875133-1002Core.job
2014-08-09 00:42 - 2011-07-28 18:06 - 00000000 ____D () C:\Users\Tim\AppData\Local\CrashDumps
2014-08-08 02:09 - 2014-08-08 02:09 - 00000000 _____ () C:\Windows\SysWOW64\shoE2EE.tmp
2014-08-07 04:06 - 2014-08-15 01:24 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-15 01:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 15:43 - 2014-08-05 15:43 - 00058088 _____ () C:\Users\Tim\Desktop\FRST(2).txt
2014-08-05 15:37 - 2014-08-05 03:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-05 15:35 - 2014-08-05 15:35 - 00056851 _____ () C:\Users\Tim\Desktop\JRT.txt
2014-08-05 15:27 - 2014-08-05 15:27 - 01016261 _____ (Thisisu) C:\Users\Tim\Downloads\JRT.exe
2014-08-05 15:27 - 2014-08-05 15:27 - 00000000 ____D () C:\Windows\ERUNT
2014-08-05 15:24 - 2014-08-05 12:09 - 00001149 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-05 15:24 - 2013-08-09 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-05 15:24 - 2013-08-09 14:21 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-05 15:24 - 2012-10-26 15:43 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-05 15:21 - 2014-08-05 15:21 - 00024024 _____ () C:\Users\Tim\Desktop\AdwCleaner[S0].txt
2014-08-05 15:18 - 2011-05-15 00:33 - 00372450 _____ () C:\Windows\PFRO.log
2014-08-05 15:16 - 2014-08-05 15:13 - 00000000 ____D () C:\AdwCleaner
2014-08-05 15:12 - 2014-08-05 15:12 - 01361309 _____ () C:\Users\Tim\Desktop\adwcleaner_3.302.exe
2014-08-05 12:37 - 2014-06-27 23:39 - 00000000 ____D () C:\Program Files (x86)\6DAF2CD5-832E-48EB-8678-2B122163A2D9
2014-08-05 12:37 - 2014-03-19 09:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-05 12:37 - 2014-03-19 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-05 12:37 - 2012-07-18 22:15 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 12:21 - 2014-06-20 13:04 - 00000000 ____D () C:\temp
2014-08-05 12:09 - 2012-06-26 05:35 - 00000000 ____D () C:\ProgramData\Avira
2014-08-05 03:06 - 2014-08-05 03:06 - 00001114 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-05 03:06 - 2014-08-05 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-05 03:06 - 2014-08-05 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-05 03:06 - 2014-08-05 03:06 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-05 03:04 - 2014-08-05 03:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-05 03:03 - 2014-08-05 03:03 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-05 02:17 - 2014-03-19 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-01 01:41 - 2014-08-15 01:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-15 01:27 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-25 16:52 - 2014-08-15 01:27 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 16:02 - 2014-08-15 01:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 16:01 - 2014-08-15 01:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 15:51 - 2014-08-15 01:27 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 15:30 - 2014-08-15 01:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 15:28 - 2014-08-15 01:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 15:28 - 2014-08-15 01:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 15:25 - 2014-08-15 01:27 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-15 01:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 15:11 - 2014-08-15 01:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 15:10 - 2014-08-15 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 15:04 - 2014-08-15 01:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 15:03 - 2014-08-15 01:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 15:00 - 2014-08-15 01:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 15:00 - 2014-08-15 01:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 14:59 - 2014-08-15 01:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 14:47 - 2014-08-15 01:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 14:40 - 2014-08-15 01:27 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-15 01:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 14:34 - 2014-08-15 01:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 14:33 - 2014-08-15 01:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 14:30 - 2014-08-15 01:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-15 01:27 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-15 01:27 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-15 01:27 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 14:19 - 2014-08-15 01:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 14:18 - 2014-08-15 01:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 14:17 - 2014-08-15 01:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 14:17 - 2014-08-15 01:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 14:12 - 2014-08-15 01:27 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 14:10 - 2014-08-15 01:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 14:10 - 2014-08-15 01:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 14:08 - 2014-08-15 01:27 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-15 01:27 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-15 01:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-15 01:27 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-15 01:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-15 01:27 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-15 01:27 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 13:39 - 2014-08-15 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 13:36 - 2014-08-15 01:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 13:34 - 2014-08-15 01:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-15 01:27 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-15 01:27 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-15 01:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 13:07 - 2014-08-15 01:27 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 13:07 - 2014-08-15 01:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 13:03 - 2014-08-15 01:27 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-15 01:27 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 12:26 - 2014-08-15 01:27 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-15 01:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-15 01:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-15 01:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-15 01:27 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avgnt.exe
C:\Users\Tim\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-07 13:18
==================== End Of Log ============================
FRST.txt Nein aktuel gibt es keine Probleme mehr. Vielen Dank Liebe Grüße Tim |
|
19.08.2014, 04:33
| #12 |
| /// the machine /// TB-Ausbilder | nervende Pop-ups beim Surfen im Internet Java und ADobe updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.03.2016, 15:33
| #13 |
| | nervende Pop-ups beim Surfen im Internet Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:01-03-2016
durchgeführt von Tim (2016-03-02 11:33:33) Run:2
Gestartet von C:\Users\Tim\Desktop
Geladene Profile: UpdatusUser & Tim (Verfügbare Profile: UpdatusUser & Tim)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
*****************
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Wert erfolgreich entfernt
==== Ende von Fixlog 11:33:33 ====
Vielen Dank für die Hilfe |
|
| Themen zu nervende Pop-ups beim Surfen im Internet |
| administrator, adobe, akamai, antivir, autorun, avira, blau unterstrichene wörter, bonjour, browser, explorer, frst.txt, google, home, homepage, internet, launch, mozilla, newtab, object, packard bell, pop-ups, problem, realtek, registry, rundll, secure search, security, software, symantec, temp, usb, windows, windows7, wscript.exe |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
