| |
| |||||||
Log-Analyse und Auswertung: Windows7: Toolbars, Werbung Istart. Surfen unmöglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.09.2014, 11:25
| #1 |
 |  Windows7: Toolbars, Werbung Istart. Surfen unmöglich Hallo, ich würde gerne den PC eines bekannten überholen. Dabei ist es kaum noch möglich eine Internetseite zu besuchen. Die Startseite lässt sich nicht einstellen und die Anzahl der Toolbars ist mittlerweile beachtlich  Würde mich freuen, wenn ihr mir helfen könnt. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:38 on 06/09/2014 (Franzi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by ******* (administrator) on *******-PC on 06-09-2014 11:40:17
Running from C:\Users\*******\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
(Wajam Internet Technologies Inc.) C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Revizer) C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\fst_de_56\fst_de_56.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
() C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [301056 2009-06-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [FILSHtray] => C:\Program Files (x86)\FILSHtray\FILSHtray.exe [596992 2011-12-16] (FILSH Media GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_de_7] => "C:\Program Files (x86)\fst_de_7\fst_de_7.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [fst_de_56] => C:\Program Files (x86)\fst_de_56\fst_de_56.exe [3979760 2014-06-20] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [upfst_de_56.exe] => C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe [3356656 2014-06-20] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-12] (Microsoft Corporation)
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-24] (Google Inc.)
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\Run: [BackgroundContainerV2] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\*******\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\Run: [BlockAndSurf] => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurf.exe [131584 2014-06-10] (Revizer)
HKU\S-1-5-21-183469539-3613899766-4047468319-1000\...\MountPoints2: {8ce0fcd3-1865-11e1-a8f1-705ab6144e7e} - E:\iStudio.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [224728 2014-09-02] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [181720 2014-09-02] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14307;https=127.0.0.1:14307
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=55&CUI=&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
URLSearchHook: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
URLSearchHook: HKCU - MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll (ClientConnect Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=58&CUI=&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0&q={searchTerms}&SSPV=C212_DC_sp_ie
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE406
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=58&CUI=&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0&q={searchTerms}&SSPV=C212_DC_sp_ie
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: BlockAndSurf -> {09B73D47-DE1A-89C6-EE3B-3DEC891DE5E4} -> C:\Program Files (x86)\BlockAndSurf-soft\172.dll ()
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: ToggleMark -> {dc59a866-959c-4638-a191-c13177d0bd68} -> C:\Program Files (x86)\ToggleMark\ToggleMarkbho.dll (ToggleMark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - MessengerPlusLive Germany TB Toolbar - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - C:\Program Files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=MCA667DEF-764A-422A-B5BC-5EB5D2D73B57&SearchSource=55&CUI=&UM=2&UP=SPA60947A0-2F8F-4A50-9FE0-6A11A556BD5F&SSPV=
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Freeven pro 1.2 - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\2ab9302c-551a-4804-9971-9932d6d5b0f9@2bfa4cf8-298a-4792-80d5-75352ee81de1.com [2014-07-15]
FF Extension: MediaPlayerplus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-07-15]
FF Extension: Fast Start - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\faststartff@gmail.com [2014-07-13]
FF Extension: BrowseToolE0203 - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} [2014-07-13]
FF Extension: DVDVideoSoftTB - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-12-01]
FF Extension: ST-de3 - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2014-07-15]
FF Extension: FDislike - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\fbdislike@doweb.fr.xpi [2012-04-07]
FF Extension: ToggleMark - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}.xpi [2014-09-06]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-24]
FF Extension: Greasemonkey - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-08]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\extensions\quick_start@gmail.com
FF HKCU\...\Firefox\Extensions: [{C498947A-67CC-C868-A155-E77523522BAE}] - C:\Program Files (x86)\BlockAndSurf-soft\172.xpi
FF Extension: BlockAndSurf - C:\Program Files (x86)\BlockAndSurf-soft\172.xpi [2014-06-10]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-19] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 BlockAndSurf; C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe [179712 2014-06-10] () [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2998232 2014-09-02] (Client Connect LTD)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 uCamMonitor; C:\Program Files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 Update ToggleMark; C:\Program Files (x86)\ToggleMark\updateToggleMark.exe [323360 2014-09-06] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
R2 vosr; C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe [52736 2014-04-26] () [File not signed]
R2 Wajam Internet Enhancer Service; C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [217600 2014-06-06] (Wajam Internet Technologies Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-28] (Cherished Technololgy LIMITED) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2010-07-15] () [File not signed]
U3 DfSdkS; No ImagePath
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 11:40 - 2014-09-06 11:43 - 00029006 _____ () C:\Users\*******\Desktop\FRST.txt
2014-09-06 11:39 - 2014-09-06 11:42 - 00000000 ____D () C:\FRST
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-09-06 11:38 - 2014-09-06 11:38 - 00000474 _____ () C:\Users\*******\Desktop\defogger_disable.log
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Users\*******\AppData\Local\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-09-06 11:32 - 2014-09-06 11:25 - 02104832 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-09-06 11:32 - 2014-09-06 11:25 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe
2014-09-06 11:32 - 2014-09-06 11:25 - 00050477 _____ () C:\Users\*******\Desktop\Defogger.exe
2014-09-06 11:01 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-06 11:01 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-06 11:01 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-06 11:01 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-06 11:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-06 11:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-06 11:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-06 11:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-13 01:10 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 01:10 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 01:10 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 01:10 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 01:10 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 01:10 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 01:10 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 01:10 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 23:08 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 23:08 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 23:07 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 23:07 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 23:07 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 23:07 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 23:07 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 23:07 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 23:07 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 23:07 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 23:07 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 23:07 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 23:07 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 23:07 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 23:07 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-12 23:07 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 23:07 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 23:07 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 23:07 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 23:07 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 23:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 23:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 23:07 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 23:07 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 23:07 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 23:07 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 23:07 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 23:07 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 23:07 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 23:07 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 23:06 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 23:06 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 23:06 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 23:06 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 23:06 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 23:06 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 23:06 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 23:06 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 23:06 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 23:06 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 23:06 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 23:06 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 23:06 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 23:06 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 23:06 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 23:06 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 23:06 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 23:06 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 23:06 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 23:06 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 23:06 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 23:06 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 23:06 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 23:06 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 23:06 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 23:06 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 23:06 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 23:06 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 23:06 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 23:06 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 23:06 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 23:06 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 23:06 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 23:06 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 23:06 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 23:06 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 23:06 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 23:06 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 23:06 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 23:06 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 23:06 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 23:06 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 23:06 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 23:06 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 23:06 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 23:04 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 23:04 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 23:04 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 23:04 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 23:00 - 2014-08-13 00:05 - 00000000 ____D () C:\Users\*******\Desktop\Neuer Ordner
2014-08-12 22:38 - 2014-08-12 22:38 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-06 11:43 - 2014-09-06 11:40 - 00029006 _____ () C:\Users\*******\Desktop\FRST.txt
2014-09-06 11:42 - 2014-09-06 11:39 - 00000000 ____D () C:\FRST
2014-09-06 11:39 - 2014-09-06 11:39 - 00000000 ____D () C:\Program Files (x86)\ToggleMark
2014-09-06 11:38 - 2014-09-06 11:38 - 00000474 _____ () C:\Users\*******\Desktop\defogger_disable.log
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Users\*******\AppData\Local\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-09-06 11:38 - 2014-09-06 11:38 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-09-06 11:38 - 2010-11-16 21:17 - 00000000 ____D () C:\Users\*******
2014-09-06 11:37 - 2014-06-22 14:43 - 00000000 ____D () C:\Users\*******\AppData\Local\fst_de_56
2014-09-06 11:33 - 2009-12-27 23:49 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-06 11:33 - 2009-12-27 23:49 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-06 11:33 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 11:28 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 11:28 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 11:25 - 2014-09-06 11:32 - 02104832 _____ (Farbar) C:\Users\*******\Desktop\FRST64.exe
2014-09-06 11:25 - 2014-09-06 11:32 - 00380416 _____ () C:\Users\*******\Desktop\Gmer-19357.exe
2014-09-06 11:25 - 2014-09-06 11:32 - 00050477 _____ () C:\Users\*******\Desktop\Defogger.exe
2014-09-06 11:04 - 2009-12-27 14:59 - 01104273 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 10:58 - 2011-01-25 23:01 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 10:28 - 2014-06-10 20:33 - 00000426 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-09-06 10:28 - 2012-06-10 21:34 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-06 10:25 - 2014-06-10 20:33 - 00000406 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-09-06 10:25 - 2014-04-28 21:10 - 00001538 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.job
2014-09-06 10:25 - 2014-04-28 21:10 - 00001490 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-5.job
2014-09-06 10:25 - 2014-04-28 21:10 - 00001424 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.job
2014-09-06 10:25 - 2014-04-28 21:09 - 00001444 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-1.job
2014-09-06 10:25 - 2014-04-28 21:09 - 00001396 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-1.job
2014-09-06 10:25 - 2014-04-28 21:09 - 00001376 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-2.job
2014-09-06 10:25 - 2014-04-28 21:08 - 00003124 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.job
2014-09-06 10:25 - 2014-04-28 21:08 - 00002192 _____ () C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.job
2014-09-06 10:25 - 2014-04-28 21:07 - 00002780 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-3.job
2014-09-06 10:25 - 2014-04-28 21:07 - 00002136 _____ () C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-4.job
2014-09-06 10:25 - 2014-04-28 16:29 - 00004674 _____ () C:\Windows\setupact.log
2014-09-06 10:25 - 2011-01-25 23:01 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 10:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 10:37 - 2009-07-14 06:45 - 00425816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-05 08:32 - 2014-04-28 21:08 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-09-05 08:32 - 2014-04-28 21:07 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2
2014-08-13 13:06 - 2014-05-06 20:52 - 00090080 _____ () C:\Windows\PFRO.log
2014-08-13 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 01:21 - 2009-10-24 00:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 01:19 - 2012-06-10 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-13 01:17 - 2012-06-10 20:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-13 01:17 - 2012-06-10 20:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-13 01:09 - 2014-05-07 00:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 01:00 - 2014-05-11 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-13 01:00 - 2014-05-01 20:12 - 00000343 _____ () C:\Windows\wininit.ini
2014-08-13 01:00 - 2012-08-07 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-13 00:05 - 2014-08-12 23:00 - 00000000 ____D () C:\Users\*******\Desktop\Neuer Ordner
2014-08-12 22:39 - 2014-05-06 21:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-12 22:38 - 2014-08-12 22:38 - 00001146 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-12 22:38 - 2014-05-06 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-12 22:38 - 2014-05-06 21:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-08-12 22:35 - 2014-05-08 18:20 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-08-07 04:06 - 2014-08-12 23:04 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-12 23:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\AskSLib.dll
C:\Users\*******\AppData\Local\Temp\avgnt.exe
C:\Users\*******\AppData\Local\Temp\BackupSetup.exe
C:\Users\*******\AppData\Local\Temp\dlLogic.exe
C:\Users\*******\AppData\Local\Temp\dltr.exe
C:\Users\*******\AppData\Local\Temp\fuhoxzyb.dll
C:\Users\*******\AppData\Local\Temp\GCVerifier.dll
C:\Users\*******\AppData\Local\Temp\nhpmonitor.exe
C:\Users\*******\AppData\Local\Temp\nseC363.exe
C:\Users\*******\AppData\Local\Temp\nsh609B.exe
C:\Users\*******\AppData\Local\Temp\nshE577.exe
C:\Users\*******\AppData\Local\Temp\nsj463B.exe
C:\Users\*******\AppData\Local\Temp\nsj7C2A.exe
C:\Users\*******\AppData\Local\Temp\nsjBA0F.exe
C:\Users\*******\AppData\Local\Temp\nsm6EBF.exe
C:\Users\*******\AppData\Local\Temp\nsx2C51.exe
C:\Users\*******\AppData\Local\Temp\nsx7F6.exe
C:\Users\*******\AppData\Local\Temp\ose00001.exe
C:\Users\*******\AppData\Local\Temp\setup.exe
C:\Users\*******\AppData\Local\Temp\vcredist_x64.exe
C:\Users\*******\AppData\Local\Temp\verifier.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-31 22:43
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by ***** at 2014-09-06 11:44:28
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.102.2002.208 - Alps Electric)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BlockAndSurf (HKLM-x32\...\08C32DDE-4BDC-E1D0-542D-B93D01488AE4) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
Conduit Engine (HKLM-x32\...\conduitEngine) (Version: - Conduit Ltd.) <==== ATTENTION
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version: - Microsoft)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.8.5.1 - DVDVideoSoftTB)
EASEUS Partition Master 6.5.2 Home Edition (HKLM-x32\...\EASEUS Partition Master Home Edition_is1) (Version: - EASEUS)
eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)
eMachines Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3004 - Acer Incorporated)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.2.0805 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
FILSHtray Version 0.8 (HKLM-x32\...\{5928359F-BF46-4646-BF19-B64E55171EB5}_is1) (Version: 0.8 - FILSH Media GmbH)
Freeven pro 1.2 (HKLM-x32\...\Freeven pro 1.2) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
fst_de_37 (HKLM-x32\...\fst_de_37_is1) (Version: - fst) <==== ATTENTION
fst_de_56 (HKLM-x32\...\fst_de_56_is1) (Version: - FREE_SOFT_TODAY) <==== ATTENTION
fst_de_7 (HKLM-x32\...\fst_de_7_is1) (Version: - free_soft_today)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HAMA WEBCAM AC-100 (HKLM-x32\...\{32C2F9AA-7484-48C2-AC19-2031F2ADD8F2}) (Version: 1.52 - )
Hama Webcam Suite (HKLM-x32\...\{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}) (Version: - ArcSoft)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.02 - eMachines)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Messenger Plus! Live (HKLM-x32\...\Messenger Plus! Live) (Version: 4.90.0.392 - Yuna Software)
MessengerPlusLive Germany TB Toolbar (HKLM-x32\...\MessengerPlusLive_Germany_TB Toolbar) (Version: 5.7.2.2 - MessengerPlusLive Germany TB)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office SharePoint Designer MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.17.2.3 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
softonic-de3 Toolbar (HKLM-x32\...\softonic-de3 Toolbar) (Version: 6.2.2.4 - softonic-de3) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.1.9385 - TeamViewer GmbH)
ToggleMark (HKLM\...\ToggleMark) (Version: 2014.09.06.052616 - ToggleMark) <==== ATTENTION
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Wajam (HKLM-x32\...\Wajam) (Version: 2.8 (i2.1) - Wajam) <==== ATTENTION
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3009 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Toolbar (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WPM18.8.0.212 (HKLM-x32\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1C6A7945-C923-4F45-BCA5-F7DF1A367987} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.exe <==== ATTENTION
Task: {4A736C5F-F76C-4352-8F2D-CEE48EA3E068} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-2 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-2.exe <==== ATTENTION
Task: {50ED9A55-9348-4DC9-97CC-AC35DF5082AC} - System32\Tasks\BlockAndSurf_wd => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe [2014-06-10] () <==== ATTENTION
Task: {69E50893-6DA5-41B4-9473-84D303AD6750} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: {7CEFEAE6-CF69-48C2-9255-4B82A5937978} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-3 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-3.exe <==== ATTENTION
Task: {7EA61D14-B4AE-4186-884E-5A6F8B3786F5} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-1 => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe <==== ATTENTION
Task: {86D8E24C-9D91-4174-A59E-69D24DFBCC92} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfs64.exe [2014-06-10] () <==== ATTENTION
Task: {94966810-D87D-4022-9809-3A6D2836421C} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.exe <==== ATTENTION
Task: {952E2AE3-A124-4441-94AD-0EBC2F9A43DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AA9F3486-2C1D-4D6C-854E-3F7FC1190603} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28] (AnyProtect by CMI) <==== ATTENTION
Task: {AD03FF07-2705-4335-96A5-AB39CB855965} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.exe <==== ATTENTION
Task: {B03A8522-D7AB-4D43-B43E-89B42E809A98} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28] (AnyProtect by CMI) <==== ATTENTION
Task: {BBA10B45-32E9-4017-B7B5-33920DA1C48B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25] (Google Inc.)
Task: {C075F5EF-5340-4DED-AEA8-092E3A368068} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28] (AnyProtect by CMI) <==== ATTENTION
Task: {DE1C0252-3A92-464B-97A4-9C1EFAA44262} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25] (Google Inc.)
Task: {DFB65E5A-A842-4A8B-A8C1-075A06162507} - System32\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2 => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe <==== ATTENTION
Task: {E39F3E63-D31C-4951-8950-C69B063ADA18} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-5 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-5.exe <==== ATTENTION
Task: {E928B057-29CC-4448-925D-89FB001AB92F} - System32\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-4 => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-4.exe <==== ATTENTION
Task: {F8E37130-6CFC-4F14-9B98-07FBBBA1E380} - System32\Tasks\One-Click Optimizer => D:\Ashampoo WinOptimizer 9\WO9.exe [2012-05-14] (Ashampoo Development GmbH & Co. KG)
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-1.job => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-2.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-3.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-4.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\14ecb001-f416-4a5e-b100-cc6e315349af-5.job => C:\Program Files (x86)\Freeven pro 1.2\14ecb001-f416-4a5e-b100-cc6e315349af-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.job => C:\Program Files (x86)\MediaPlayerplus\923e656c-7931-4c44-9b19-6d3c00ebfbd9-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfs64.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf_wd.job => C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Optimizer.job => D:\Ashampoo WinOptimizer 9\WO9.exe
==================== Loaded Modules (whitelisted) =============
2014-06-10 20:33 - 2014-06-10 20:33 - 00100864 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-04-26 19:58 - 2014-04-26 19:58 - 00052736 _____ () C:\Users\*****\AppData\Roaming\VOPackage\VOsrv.exe
2014-06-22 14:43 - 2014-06-20 16:32 - 03356656 _____ () C:\Users\*****\AppData\Local\fst_de_56\upfst_de_56.exe
2014-06-22 14:43 - 2014-06-20 16:32 - 03979760 _____ () C:\Program Files (x86)\fst_de_56\fst_de_56.exe
2014-06-10 20:33 - 2014-06-10 20:33 - 00179712 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe
2014-09-06 08:01 - 2014-09-06 08:01 - 00323360 _____ () C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
2014-06-10 20:33 - 2014-06-10 20:33 - 00172544 _____ () C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-05-06 21:08 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Spotify => "C:\Users\*****\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\*****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/06/2014 11:39:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x2a0c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/06/2014 11:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x2134
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/06/2014 11:01:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (09/06/2014 11:01:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (09/06/2014 11:01:29 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (09/06/2014 11:01:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/13/2014 01:12:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (08/13/2014 01:09:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
System errors:
=============
Error: (09/06/2014 11:09:01 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 10.
Error: (09/06/2014 10:26:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/06/2014 10:26:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (09/06/2014 10:25:12 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/06/2014 10:25:12 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/05/2014 10:38:05 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (09/05/2014 10:36:53 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/05/2014 10:36:53 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/05/2014 10:34:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (09/05/2014 10:34:21 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (09/06/2014 11:39:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b2a0c01cfc9b2f8c939c7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb47e7a26-35a9-11e4-a8c7-705ab6144e7e
Error: (09/06/2014 11:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b213401cfc9b2f82c1ef5C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllb2cade54-35a9-11e4-a8c7-705ab6144e7e
Error: (09/06/2014 11:01:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (09/06/2014 11:01:37 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (09/06/2014 11:01:29 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (09/06/2014 11:01:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)
Error: (08/19/2014 09:08:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: *****-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/13/2014 01:12:58 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (08/13/2014 01:09:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
==================== Memory info ===========================
Processor: AMD Athlon(tm) Processor TF-20
Percentage of memory in use: 40%
Total physical RAM: 3836.05 MB
Available physical RAM: 2293.85 MB
Total Pagefile: 7670.28 MB
Available Pagefile: 5811.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (eMachines) (Fixed) (Total:68.36 GB) (Free:1.84 GB) NTFS
Drive d: (Lager) (Fixed) (Total:68.58 GB) (Free:47.55 GB) NTFS
Drive e: () (Removable) (Total:3.77 GB) (Free:3.76 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C67F5CA2)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=68.6 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3.8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-06 12:14:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545016B9A300 rev.PBBOC60F 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\*******\AppData\Local\Temp\kwriipob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002e04000 45 bytes [4D, 6D, 53, 74, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002e0402f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\IePluginService\PluginService.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\ProgramData\IePluginService\PluginService.exe[1188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe[2840] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe[2840] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe[3476] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[244] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[244] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe[12956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe[12956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[11300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe[11300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[3636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[11076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fc1465 2 bytes [FC, 76]
.text C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe[11076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fc14bb 2 bytes [FC, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1332] (WPM Service/Cherished Technololgy LIMITED)(2 00000000011d0000
Process C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe (*** suspicious ***) @ C:\Users\*******\AppData\Roaming\VOPackage\VOsrv.exe [2744](2014-04-26 17:58:28) 00000000012a0000
Process C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe (*** suspicious ***) @ C:\Users\*******\AppData\Local\fst_de_56\upfst_de_56.exe [3476](2014-06-22 12:43:36) 0000000000200000
---- EOF - GMER 2.1 ----
|
|
06.09.2014, 12:04
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7: Toolbars, Werbung Istart. Surfen unmöglich hi,
__________________Adware & Co. deinstallieren
Scan mit Combofix
__________________ |
|
06.09.2014, 15:27
| #3 |
| | Windows7: Toolbars, Werbung Istart. Surfen unmöglich Finde mit dem ersten Programm keine in der Liste mit dem Zusatz "Attention"
__________________Code:
ATTFilter ComboFix 14-09-05.01 - ******* 06.09.2014 14:19:08.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3836.1623 [GMT 2:00]
ausgeführt von:: c:\users\*******\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BlockAndSurf-soft
c:\program files (x86)\BlockAndSurf-soft\172.crx
c:\program files (x86)\BlockAndSurf-soft\172.dat
c:\program files (x86)\BlockAndSurf-soft\172.dll
c:\program files (x86)\BlockAndSurf-soft\172.xpi
c:\program files (x86)\BlockAndSurf-soft\a.db
c:\program files (x86)\BlockAndSurf-soft\b.db
c:\program files (x86)\BlockAndSurf-soft\BlockAndSurf.exe
c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe
c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.bin
c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.dll
c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.exe
c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfkE172.ini
c:\program files (x86)\BlockAndSurf-soft\BlockAndSurfs64.exe
c:\program files (x86)\BlockAndSurf-soft\Sqlite3.dll
c:\program files (x86)\BlockAndSurf-soft\Uninstall.exe
c:\program files (x86)\Common Files\emachines.ico
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\aff.conf
c:\program files (x86)\MyPC Backup\AlphaVSS.51.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.52.x64.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.52.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.60.x64.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.60.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.Common.dll
c:\program files (x86)\MyPC Backup\AWSSDK.dll
c:\program files (x86)\MyPC Backup\BackupStack.exe
c:\program files (x86)\MyPC Backup\Config\api.ts2
c:\program files (x86)\MyPC Backup\Configuration Updater.exe
c:\program files (x86)\MyPC Backup\Crypto32.dll
c:\program files (x86)\MyPC Backup\Crypto64.dll
c:\program files (x86)\MyPC Backup\Database\mpcb_backup_conf.db
c:\program files (x86)\MyPC Backup\Database\mpcb_backup_id.db
c:\program files (x86)\MyPC Backup\Database\mpcb_file_cache.db
c:\program files (x86)\MyPC Backup\Database\mpcb_queues.db
c:\program files (x86)\MyPC Backup\Database\mpcb_settings.db
c:\program files (x86)\MyPC Backup\Database\mpcb_sig_cache.db
c:\program files (x86)\MyPC Backup\Database\mpcb_version_queue.db
c:\program files (x86)\MyPC Backup\de_DE.mo
c:\program files (x86)\MyPC Backup\diffstack.dll
c:\program files (x86)\MyPC Backup\es_ES.mo
c:\program files (x86)\MyPC Backup\fr_FR.mo
c:\program files (x86)\MyPC Backup\GetText.dll
c:\program files (x86)\MyPC Backup\it_IT.mo
c:\program files (x86)\MyPC Backup\log\AUTH.log
c:\program files (x86)\MyPC Backup\log\BACKOFF.log
c:\program files (x86)\MyPC Backup\log\BACKUP.log
c:\program files (x86)\MyPC Backup\log\BACKUP_COMPLETE.log
c:\program files (x86)\MyPC Backup\log\CLIENT.log
c:\program files (x86)\MyPC Backup\log\COLLECTION_QUERIES.log
c:\program files (x86)\MyPC Backup\log\CORE.log
c:\program files (x86)\MyPC Backup\log\EXTERNAL_DRIVE.log
c:\program files (x86)\MyPC Backup\log\GRID_RECOVERY.log
c:\program files (x86)\MyPC Backup\log\GRID_RECOVERY_INIT.log
c:\program files (x86)\MyPC Backup\log\LICENCE.log
c:\program files (x86)\MyPC Backup\log\NETWORK_SHARES.log
c:\program files (x86)\MyPC Backup\log\REMOTING.log
c:\program files (x86)\MyPC Backup\log\REQUEST.log
c:\program files (x86)\MyPC Backup\log\SERVICE.log
c:\program files (x86)\MyPC Backup\log\SHELL.log
c:\program files (x86)\MyPC Backup\log\STACK_BASE.log
c:\program files (x86)\MyPC Backup\log\UPDATER.log
c:\program files (x86)\MyPC Backup\log\UTC_MIGRATION.log
c:\program files (x86)\MyPC Backup\log\WAIT_HANDLES.log
c:\program files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll
c:\program files (x86)\MyPC Backup\MPCBClient.dll
c:\program files (x86)\MyPC Backup\MPCBContextMenu.dll
c:\program files (x86)\MyPC Backup\MPCBIconOverlays.dll
c:\program files (x86)\MyPC Backup\MyPC Backup.exe
c:\program files (x86)\MyPC Backup\mypcbackup.ico
c:\program files (x86)\MyPC Backup\ObjectListView.dll
c:\program files (x86)\MyPC Backup\pt_PT.mo
c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe
c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe
c:\program files (x86)\MyPC Backup\Resources\keycache\_105ce931-3a4e-45ac-ba4a-135867bd11bb_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_105ce931-3a4e-45ac-ba4a-135867bd11bb_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_20bf8db3-b09a-436d-8965-87a487100f86_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_20bf8db3-b09a-436d-8965-87a487100f86_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_22130fa1-93b5-4be9-ae06-5dcb46006282_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_22130fa1-93b5-4be9-ae06-5dcb46006282_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_2375a21d-7a5f-41ad-b638-881de4c0815a_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_2375a21d-7a5f-41ad-b638-881de4c0815a_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_2bf26b1d-9539-413b-8e75-3b44f17884c4_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_2bf26b1d-9539-413b-8e75-3b44f17884c4_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_3d7a6d12-4afa-427a-8e09-7e47c474db18_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_3d7a6d12-4afa-427a-8e09-7e47c474db18_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_47eca226-192d-47f5-a266-7c784fd5564c_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_47eca226-192d-47f5-a266-7c784fd5564c_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_4e4d6812-4f19-4327-b700-ac5e55e708ef_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_4e4d6812-4f19-4327-b700-ac5e55e708ef_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_5fc3c7be-5615-44f5-968f-cd063fe92fac_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_5fc3c7be-5615-44f5-968f-cd063fe92fac_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_632e726b-26f2-47fc-8d88-c00333f321ea_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_632e726b-26f2-47fc-8d88-c00333f321ea_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_6836130e-c3cd-4018-8a16-cf4223c76010_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_6836130e-c3cd-4018-8a16-cf4223c76010_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_6bd938b5-cf0e-44b2-b9bc-2bdcb8655686_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_6bd938b5-cf0e-44b2-b9bc-2bdcb8655686_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_712e67ad-de54-4f10-a264-beedde65ece1_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_712e67ad-de54-4f10-a264-beedde65ece1_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_760c53e4-990e-441b-b3e1-e651776f845e_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_760c53e4-990e-441b-b3e1-e651776f845e_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_7fefa1c3-f528-4805-a65c-b5203e5eb9c3_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_7fefa1c3-f528-4805-a65c-b5203e5eb9c3_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_82cb90b3-437b-4aac-86cc-9480aa57e3d7_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_82cb90b3-437b-4aac-86cc-9480aa57e3d7_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_84677fab-a1d2-4b45-81d6-4d896730f7ac_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_84677fab-a1d2-4b45-81d6-4d896730f7ac_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_8bd162c9-06b4-4c79-a88c-eda73fc82323_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_8bd162c9-06b4-4c79-a88c-eda73fc82323_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_b96f08a3-5be8-415f-a4d3-dba0a74d6d2d_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_b96f08a3-5be8-415f-a4d3-dba0a74d6d2d_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_c30b8290-9335-401c-a8cf-3009501c460a_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_c30b8290-9335-401c-a8cf-3009501c460a_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_c5deb316-0594-40d1-9b06-504d27fdca33_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_c5deb316-0594-40d1-9b06-504d27fdca33_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_ca40c447-bc4e-4ff3-99dc-6d5aba972ac9_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_ca40c447-bc4e-4ff3-99dc-6d5aba972ac9_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_d1148cd6-982d-4c3a-bb5f-5cd34319ca8e_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_d1148cd6-982d-4c3a-bb5f-5cd34319ca8e_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_e1032dcd-8861-41ef-b6f9-9ee74147160e_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_e1032dcd-8861-41ef-b6f9-9ee74147160e_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_e2f08e90-acfe-41fa-9cb9-e3ad603fabf4_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_e2f08e90-acfe-41fa-9cb9-e3ad603fabf4_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_ea577168-99d7-4842-ad6b-2ec6909b6278_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_ea577168-99d7-4842-ad6b-2ec6909b6278_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_ebf1786e-c6e3-473f-9b02-6187601a0797_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_ebf1786e-c6e3-473f-9b02-6187601a0797_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_f2ef3842-ad94-4f9d-b95a-8a4d72bfce53_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_f2ef3842-ad94-4f9d-b95a-8a4d72bfce53_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_f5c7b4bd-fe5a-466f-9c50-d8783b23a464_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_f5c7b4bd-fe5a-466f-9c50-d8783b23a464_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_f62f68c5-5166-466e-b9d7-b0eacfa2f9e9_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_f62f68c5-5166-466e-b9d7-b0eacfa2f9e9_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\Resources\keycache\_f80fc52c-172b-41a8-9668-39c79bb0075f_backupKeyCache.block
c:\program files (x86)\MyPC Backup\Resources\keycache\_f80fc52c-172b-41a8-9668-39c79bb0075f_backupKeyCache.tree
c:\program files (x86)\MyPC Backup\RestartExplorer.exe
c:\program files (x86)\MyPC Backup\Service Start.exe
c:\program files (x86)\MyPC Backup\Shared Stack.dll
c:\program files (x86)\MyPC Backup\Signup Wizard.exe
c:\program files (x86)\MyPC Backup\syncicon.ico
c:\program files (x86)\MyPC Backup\syncing.ico
c:\program files (x86)\MyPC Backup\tick.ico
c:\program files (x86)\MyPC Backup\uninst.exe
c:\program files (x86)\MyPC Backup\UnRegisterExtensions.exe
c:\program files (x86)\MyPC Backup\Updater.exe
c:\program files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
c:\program files (x86)\MyPC Backup\x86\System.Data.SQLite.dll
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.css
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.html
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\consent.js
c:\program files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files (x86)\Wajam
c:\program files (x86)\Wajam\Logos\amazon.ico
c:\program files (x86)\Wajam\Logos\argos.ico
c:\program files (x86)\Wajam\Logos\ask.ico
c:\program files (x86)\Wajam\Logos\bestbuy.ico
c:\program files (x86)\Wajam\Logos\ebay.ico
c:\program files (x86)\Wajam\Logos\etsy.ico
c:\program files (x86)\Wajam\Logos\facebook.ico
c:\program files (x86)\Wajam\Logos\favicon.ico
c:\program files (x86)\Wajam\Logos\google.ico
c:\program files (x86)\Wajam\Logos\homedepot.ico
c:\program files (x86)\Wajam\Logos\ikea.ico
c:\program files (x86)\Wajam\Logos\imdb.ico
c:\program files (x86)\Wajam\Logos\lowes.ico
c:\program files (x86)\Wajam\Logos\mercado.ico
c:\program files (x86)\Wajam\Logos\mysearchweb.ico
c:\program files (x86)\Wajam\Logos\myshopping.ico
c:\program files (x86)\Wajam\Logos\searchresult.ico
c:\program files (x86)\Wajam\Logos\sears.ico
c:\program files (x86)\Wajam\Logos\setting.ico
c:\program files (x86)\Wajam\Logos\settings.ico
c:\program files (x86)\Wajam\Logos\shopping.ico
c:\program files (x86)\Wajam\Logos\target.ico
c:\program files (x86)\Wajam\Logos\tesco.ico
c:\program files (x86)\Wajam\Logos\tripadvisor.ico
c:\program files (x86)\Wajam\Logos\twitter.ico
c:\program files (x86)\Wajam\Logos\wajam.ico
c:\program files (x86)\Wajam\Logos\walmart.ico
c:\program files (x86)\Wajam\Logos\wiki.ico
c:\program files (x86)\Wajam\Logos\yahoo.ico
c:\program files (x86)\Wajam\Logos\zalando.ico
c:\program files (x86)\Wajam\uninstall.exe
c:\program files (x86)\Wajam\Wajam Internet Enhancer\067120e37ee6ee0d09beb27d19156f21
c:\program files (x86)\Wajam\Wajam Internet Enhancer\2845734c09907de22309ed6090c7c5b9
c:\program files (x86)\Wajam\Wajam Internet Enhancer\3e50639114b03c8aaf2938cf94acc4d1
c:\program files (x86)\Wajam\Wajam Internet Enhancer\4e28c2ff9dcc7f067ae90874063ad866
c:\program files (x86)\Wajam\Wajam Internet Enhancer\5216d7e0a2c0eaf83031beee1f788b88
c:\program files (x86)\Wajam\Wajam Internet Enhancer\773cfb9129c0f325f8188b5e0a9892e4
c:\program files (x86)\Wajam\Wajam Internet Enhancer\96ee5516ec15caa395b08232b3ed0a47
c:\program files (x86)\Wajam\Wajam Internet Enhancer\9d05449db9ec9d013c9f54dcccccb40c
c:\program files (x86)\Wajam\Wajam Internet Enhancer\a12534f1688fe7d400f8d5ec8c062411
c:\program files (x86)\Wajam\Wajam Internet Enhancer\aff952784d84706bf3382a8fd618f6ff
c:\program files (x86)\Wajam\Wajam Internet Enhancer\bc87eb00622193e9f2acf590685816b1
c:\program files (x86)\Wajam\Wajam Internet Enhancer\de513485250b291f9598aec871818bcf
c:\program files (x86)\Wajam\Wajam Internet Enhancer\e86a787764d13b4c9e185ed97e020e8d
c:\program files (x86)\Wajam\Wajam Internet Enhancer\f0cdf53721d79cce27a35b20b8d838a8
c:\program files (x86)\Wajam\Wajam Internet Enhancer\fe0994533aa493b3fcfe342009e5cc25
c:\program files (x86)\Wajam\Wajam Internet Enhancer\FiddlerCore.dll
c:\program files (x86)\Wajam\Wajam Internet Enhancer\HtmlAgilityPack.dll
c:\program files (x86)\Wajam\Wajam Internet Enhancer\makecert.exe
c:\program files (x86)\Wajam\Wajam Internet Enhancer\Newtonsoft.Json.dll
c:\program files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe
c:\program files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe
c:\program files (x86)\Wajam\Wajam Internet Enhancer\wie
c:\program files (x86)\Wajam\Wajam Internet Enhancer\WJManifest
c:\programdata\374311380
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Ask.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Google.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\IMDb.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Shopping.com.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\TripAdvisor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Wikipedia.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Amazon.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Argos.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ebay.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Etsy.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\HomeDepot.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ikea.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Lowe's.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Mercadolivre.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\MyShopping.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Sears.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Target.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Tesco.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Walmart.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Zalando.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Settings.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Facebook.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Twitter.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam\uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk
c:\users\*******\AppData\Local\nsa3A4F.tmp
c:\users\*******\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\*******\AppData\Roaming\.#
c:\windows\StiD1210.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BlockAndSurf
-------\Service_BackupStack
-------\Service_Wajam Internet Enhancer Service
-------\Service_BackupStack
-------\Service_Wajam Internet Enhancer Service
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-06 bis 2014-09-06 ))))))))))))))))))))))))))))))
.
.
2014-09-06 14:01 . 2014-09-06 14:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-06 11:19 . 2014-09-06 11:19 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-09-06 11:10 . 2014-09-04 17:40 61120 ----a-w- c:\windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-09-06 09:39 . 2014-09-06 09:45 -------- d-----w- C:\FRST
2014-09-06 09:39 . 2014-09-06 11:08 -------- d-----w- c:\program files (x86)\ToggleMark
2014-09-06 09:38 . 2014-09-06 09:38 -------- d-----w- c:\users\*******\AppData\Local\SearchProtect
2014-09-06 09:01 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-09-06 09:01 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-09-06 09:01 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-09-06 09:01 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-09-06 09:01 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-09-06 09:01 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-09-06 09:01 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-09-06 09:01 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-12 23:10 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-12 23:10 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-12 23:10 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-12 23:10 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-12 23:10 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-12 23:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-12 23:10 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-12 23:10 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-12 21:08 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-12 21:08 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-12 21:06 . 2014-07-25 10:17 259584 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-08-12 21:04 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-12 21:04 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-12 21:04 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-08-12 21:04 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-02 09:08 . 2014-09-02 09:08 224728 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll
2014-08-12 20:35 . 2014-05-08 16:20 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-04 16:39 . 2014-05-06 19:07 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-18 02:18 . 2014-07-13 15:42 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-13 15:42 646144 ----a-w- c:\windows\SysWow64\osk.exe
2013-07-26 17:43 . 2013-07-26 17:43 4188160 ----a-w- c:\program files (x86)\GUT6799.tmp
2013-05-27 19:22 . 2013-05-27 19:22 4167680 ----a-w- c:\program files (x86)\GUT1841.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
"{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll" [2014-04-10 423744]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{dc59a866-959c-4638-a191-c13177d0bd68}]
2014-09-06 09:39 250144 ----a-w- c:\program files (x86)\ToggleMark\ToggleMarkbho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\users\*******\AppData\LocalLow\DVDVideoSoftTB\prxtbDVD0.dll" [2014-04-10 423744]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-23 39408]
"BackgroundContainerV2"="c:\users\*******\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2014-04-10 325952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"FILSHtray"="c:\program files (x86)\FILSHtray\FILSHtray.exe" [2011-12-16 596992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-04-23 43848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-19 751184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-17 224128]
"fst_de_56"="c:\program files (x86)\fst_de_56\fst_de_56.exe" [2014-06-20 3979760]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-04 161584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"upfst_de_56.exe"="c:\users\*******\AppData\Local\fst_de_56\upfst_de_56.exe" [2014-06-20 3356656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;c:\windows\system32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys;c:\windows\SYSNATIVE\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [x]
S2 IePluginService;IePlugin Service;c:\programdata\IePluginService\PluginService.exe;c:\programdata\IePluginService\PluginService.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\Hama\Hama Webcam Suite\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 Update ToggleMark;Update ToggleMark;c:\program files (x86)\ToggleMark\updateToggleMark.exe;c:\program files (x86)\ToggleMark\updateToggleMark.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S2 Util ToggleMark;Util ToggleMark;c:\program files (x86)\ToggleMark\bin\utilToggleMark.exe;c:\program files (x86)\ToggleMark\bin\utilToggleMark.exe [x]
S2 vosr;Service Component of VO;c:\users\*******\AppData\Roaming\VOPackage\VOsrv.exe;c:\users\*******\AppData\Roaming\VOPackage\VOsrv.exe [x]
S2 Wpm;Wpm Service;c:\programdata\WPM\wprotectmanager.exe;c:\programdata\WPM\wprotectmanager.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-28 c:\windows\Tasks\APSnotifierPP1.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28 19:11]
.
2014-04-30 c:\windows\Tasks\APSnotifierPP2.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28 19:11]
.
2014-04-30 c:\windows\Tasks\APSnotifierPP3.job
- c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-28 19:11]
.
2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25 21:01]
.
2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-25 21:01]
.
2014-05-23 c:\windows\Tasks\One-Click Optimizer.job
- d:\ashampoo winoptimizer 9\WO9.exe [2014-04-28 10:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-09-30 823840]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-11 301056]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=ME49133E1-6361-4FCA-9893-401C4B1DAE96&SearchSource=55&CUI=&UM=2&UP=SPA16C2C5A-7B0B-4259-9FD3-AAC4BA96C5B0&SSPV=
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398712135&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:14368;https=127.0.0.1:14368
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\solfj7ok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hppp&ts=1410002274&from=tugs&uid=HitachiXHTS545016B9A300_091205PBPB00QCDUHXRLX
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
user_pref(extensions.autoDisableScopes,14);
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{09B73D47-DE1A-89C6-EE3B-3DEC891DE5E4} - c:\program files (x86)\BlockAndSurf-soft\172.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BlockAndSurf - c:\program files (x86)\BlockAndSurf-soft\BlockAndSurf.exe
Wow6432Node-HKLM-Run-fst_de_7 - c:\program files (x86)\fst_de_7\fst_de_7.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-08C32DDE-4BDC-E1D0-542D-B93D01488AE4 - c:\program files (x86)\BlockAndSurf-soft\Uninstall.exe
AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
AddRemove-Wajam - c:\program files (x86)\Wajam\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-06 16:15:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-09-06 14:15
.
Vor Suchlauf: 5.716.529.152 Bytes frei
Nach Suchlauf: 6.565.126.144 Bytes frei
.
- - End Of File - - A6A6EE8C6AD940EE1CDC53F084C0C057
A36C5E4F47E84449FF07ED3517B43A31
Geändert von Klimmbimm (06.09.2014 um 14:14 Uhr) |
|
07.09.2014, 12:26
| #4 |
| /// the machine /// TB-Ausbilder | Windows7: Toolbars, Werbung Istart. Surfen unmöglich Der Zusatz steht in der Addition.txt von FRST! Bitte das noch machen, dann: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.09.2014, 12:26
| #5 |
| | Windows7: Toolbars, Werbung Istart. Surfen unmöglich Tut mir Leid, ich habe die Anleitung genau befolgt, vielleicht müssen die Einstellungen geändert werden. Ich kann keine Programme im REVO Uninstaller finden, die den Zusatz, oder etwas ähnliches haben: <===== ATTENTION ATTENTION Achtung Vorsicht etc. Ich habe die Ansicht auch auf Details gestellt und auch darin finde ich keine Hinweise. Ich habe auch die Sprache auf Englisch umgestellt, und auch dann keinen Eintrag gefunden. Auch über die Suchleiste im Programm konnte ich nichts finden. Ich schicke sonst auch gerne ein Screenshot. |
|
08.09.2014, 19:20
| #6 |
| /// the machine /// TB-Ausbilder | Windows7: Toolbars, Werbung Istart. Surfen unmöglich Findest Du die Programme mit ATTENTION schon nicht in der Addition.txt? Wenn ja, kauf dir ne Brille  .Oder findest Du sie da aber dann in Revo nicht?
__________________ --> Windows7: Toolbars, Werbung Istart. Surfen unmöglich |
|
09.09.2014, 17:28
| #7 | |
| | Windows7: Toolbars, Werbung Istart. Surfen unmöglich Okay aus der ersten Anleitung ging für mich nicht heraus, dass ich irgendwas in der Addition.txt suchen sollte. Nachdem ich das dann verstanden habe war natürlich alles klar. Vielleicht kann man an der Stelle explizit darauf hinweisen, dass mit Zitat:
Sory aber mbam ist immer abgestürzt als ich versucht habe das Log zu speichern. Ich habe den Speicherort der .xml gefunden und vorerst den Inhalt hier rein kopiert. Komischerweise wird der Code beim editieren meines Beitrages richtig dargestellt, sobald ich ihn aber speichere, haut er alles in eine Zeile. Auch auf dem anderen Rechner wurde das Log in mbam gefunden, konnte es aber nicht als .txt speichern (sofortiger Absturz des Programms -.-') Weiß auch nicht mehr weiter, ich habs jetzt mal hochgeladen vielleicht können Sie dann einfacher darin lesen. Code:
ATTFilter 2014/09/09 13:27:48 +0200 mbam-log-2014-09-09 (13-27-46).xml yes 2.00.2.1012 v2014.09.09.02 v2014.08.21.01 free disabled disabled disabled Windows 7 Service Pack 1 x64 ******** NTFS threat completed 343470 11587 11 68 84 18 12 271 2066 0 enabled enabled enabled enabled disabled disabled enabled enabled enabled C:\ProgramData\IePluginService\PluginService.exePUP.Optional.IePluginService.Adelete-on-reboot12049afcc328a0db9e98af7d82e3639e2bd5 C:\Program Files (x86)\ToggleMark\updateToggleMark.exePUP.Optional.ToggleMark.Adelete-on-reboot95698fe8a61e695a096df8a0179ae53b34d C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exePUP.Optional.ToggleMark.Adelete-on-reboot2184d9bd856653289c9a73f64634a25f5fa1 C:\Program Files (x86)\TermTutor\Service\ttsvc.exePUP.Optional.TermTutor.Adelete-on-reboot5960177fc52696e555e1462c55a20ff310f0 C:\Users\********\AppData\Local\LPT\srptm.exePUP.Optional.Linkury.Adelete-on-reboot38803561effcee8d93a3c7598d97c043649c C:\Program Files (x86)\LPT\srpts.exePUP.Optional.Linkury.Adelete-on-reboot4920049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\srptsl.exePUP.Optional.Linkury.Adelete-on-reboot5168049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\RCP\RegCleanPro.exePUP.Optional.RegCleanPro.Adelete-on-reboot571232640fdc1b60ed4905b3d88a6f957888 C:\Users\********\AppData\Local\Smartbar\Application\SafeFinder.exePUP.Optional.SmartBar.Adelete-on-reboot3996f3a3bc2ff4871026fd01f14d5fa525db C:\Users\********\AppData\Local\Smartbar\Application\Lrcnta.exePUP.Optional.SmartBar.Adelete-on-reboot8108870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\fst_de_56\upfst_de_56.exePUP.Optional.FreeSoftToday.Adelete-on-reboot147263338f5caccf4bebea2d27be0002fd03 C:\Program Files (x86)\SupTab\DpInterface32.dllPUP.Optional.Skytech.Adelete-on-reboot8511c9227b00c96d346be3b1a25f0000 C:\Users\********\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dllPUP.Optional.ClientConnectdelete-on-reboot03930be0d3a840f6b196baf421e052ae C:\Users\********\AppData\Local\LPT\Smartbar.Common.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\Smartbar.Communication.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\sppsm.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\spusm.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\srpt.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\srptc.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Users\********\AppData\Local\LPT\srut.dllPUP.Optional.Linkury.Adelete-on-reboot3561effcee8d93a3c7598d97c043649c C:\Program Files (x86)\LPT\Smartbar.Common.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\Smartbar.Common.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\Smartbar.Communication.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\Smartbar.Communication.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\srptc.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\srptc.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\LPT\srut.dllPUP.Optional.Linkury.Adelete-on-reboot049203e8a0dbbe7866bbab7921e2fc04 C:\Program Files (x86)\RCP\LicMgr.dllPUP.Optional.RegCleanPro.Adelete-on-reboot32640fdc1b60ed4905b3d88a6f957888 C:\Program Files (x86)\RCP\isxdl.dllPUP.Optional.RegCleanPro.Adelete-on-reboot32640fdc1b60ed4905b3d88a6f957888 C:\Program Files (x86)\RCP\xmllite.dllPUP.Optional.RegCleanPro.Adelete-on-reboot32640fdc1b60ed4905b3d88a6f957888 C:\Users\********\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Interop.WMPLib.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\lrcnt.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\MACTrackBarLib.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sgml.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sgmu.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sidb.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sidc.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\siem.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sipb.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sismlp.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\spbl.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\smsp.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\smta.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\smti.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\smtu.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\spbe.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sppsm.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\sppsm.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\spusm.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srau.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srbs.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srbu.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srns.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srom.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srpdm.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srsbs.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srut.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\srut.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 C:\Users\********\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dllPUP.Optional.SmartBar.Adelete-on-reboot870fc9223d3ec076d5d76c5f956d3bc5 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServicePUP.Optional.IePluginService.Asuccess9afcc328a0db9e98af7d82e3639e2bd5 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ToggleMarkPUP.Optional.ToggleMark.Asuccess98fe8a61e695a096df8a0179ae53b34d HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ToggleMarkPUP.Optional.ToggleMark.Asuccessd9bd856653289c9a73f64634a25f5fa1 HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}PUP.Optional.QuickShare.Asuccess5640f7f47a0174c286752196e02245bb HKLM\SOFTWARE\CLASSES\IESmartBar.BHOPUP.Optional.QuickShare.Asuccess5640f7f47a0174c286752196e02245bb HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}PUP.Optional.QuickShare.Asuccess5640f7f47a0174c286752196e02245bb HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}PUP.Optional.QuickShare.Asuccess5640f7f47a0174c286752196e02245bb HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHOPUP.Optional.QuickShare.Asuccess5640f7f47a0174c286752196e02245bb HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}PUP.Optional.QuickShare.Asuccess5640f7f47a0174c286752196e02245bb HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}PUP.Optional.BrowseFox.Asuccessa9ed03e8e3989d9991fb2a8e5ca634cc HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}PUP.Optional.BrowseFox.Asuccessa9ed03e8e3989d9991fb2a8e5ca634cc HKLM\SOFTWARE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}\INPROCSERVER32PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CB99040-7828-4C37-AC01-F15758F43E4D}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CB99040-7828-4C37-AC01-F15758F43E4D}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{6CB99040-7828-4C37-AC01-F15758F43E4D}PUP.Optional.TermTutor.Asuccessb4e26e7d86f5300649714e2f51b17d83 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccessa1f58a611d5e043249382e552cd60bf5 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}PUP.Optional.SupTab.Asuccessa1f58a611d5e043249382e552cd60bf5 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{dc59a866-959c-4638-a191-c13177d0bd68}PUP.Optional.ToggleMark.Asuccess465029c27902181e23608fef3bc77888 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DC59A866-959C-4638-A191-C13177D0BD68}PUP.Optional.ToggleMark.Asuccess465029c27902181e23608fef3bc77888 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DC59A866-959C-4638-A191-C13177D0BD68}PUP.Optional.ToggleMark.Adelete-on-reboot465029c27902181e23608fef3bc77888 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DC59A866-959C-4638-A191-C13177D0BD68}PUP.Optional.ToggleMark.Adelete-on-reboot465029c27902181e23608fef3bc77888 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}PUP.Optional.Snapdo.Tdelete-on-rebootfa9c7a7191eac670eef7a31836cc8a76 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}PUP.Optional.Snapdo.Tsuccessfa9c7a7191eac670eef7a31836cc8a76 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TermTutorPUP.Optional.TermTutor.Asuccess177fc52696e555e1462c55a20ff310f0 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ttsvcPUP.Optional.TermTutor.Asuccess177fc52696e555e1462c55a20ff310f0 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ttnfdPUP.Optional.TermTutor.Asuccessd5c1f9f280fbaa8c2253e80f50b27888 HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64PUP.Optional.Sanbreel.Asuccessddb97c6fdba050e6929835cb0201847c HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ToggleMarkPUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}PUP.Optional.ToggleMark.Asuccess7b1bd813215a3df9e41c79a4c63df60a HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSystemUpdaterPUP.Optional.Linkury.Asuccess049203e8a0dbbe7866bbab7921e2fc04 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1PUP.Optional.AdvancedSystemProtector.Asuccess63339b50f586e254b60080e20afaa25e HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1PUP.Optional.RegCleanPro.Asuccess32640fdc1b60ed4905b3d88a6f957888 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean-Pro_is1PUP.Optional.RegCleanPro.Asuccess32640fdc1b60ed4905b3d88a6f957888 HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8successc0d67f6cb3c890a68c6129228381728e HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}PUP.Optional.SearchProtectsuccess8f0726c53c3fdd59437624407b891fe1 HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}PUP.Optional.SearchProtectsuccessaaeca447304b5dd996225d07c440b749 HKLM\SOFTWARE\WOW6432NODE\free_soft_todayPUP.Optional.FreeSoftToday.Asuccess1f77ae3d8cef053173f4ec76699b8b75 HKLM\SOFTWARE\WOW6432NODE\supWPMPUP.Optional.SupTab.Asuccess1e783dae5a21e94d5cbc6e8cdf2358a8 HKLM\SOFTWARE\WOW6432NODE\ToggleMarkPUP.Optional.ToggleMark.Asuccess9cfabd2e7a013bfb51b034e9e02308f8 HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftwarePUP.Optional.WebsSearches.Asuccess445238b3d5a692a4dca2f4290ff420e0 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8success2571bb3097e4a59134b9d6754abaee12 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\fst_de_7_is1PUP.Optional.FreeSoftToday.Asuccess4e482cbfcbb0c76f525e61a26e95a060 HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1898B668-CCF5-429F-A86F-9837E5439D77}PUP.Optional.Linkury.Asuccess7b1bb4370f6cf34390ec5a9d24deb34d HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}PUP.Optional.Linkury.Asuccessa6f0feed9edd93a3af2a9f71709312ee HKLM\SOFTWARE\WOW6432NODE\SUPTABPUP.Optional.SupTab.Asuccess177f0edd89f24ceadb3ccd2dfb0743bd HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced-System ProtectorPUP.Optional.AdvancedSystemProtector.Asuccess3d5923c88cef3ff706b8c53433cff30d HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean ProPUP.Optional.RegCleanPro.Asuccessaee83ab1a6d56cca66dd0ef6ae55e11f HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssdPUP.Optional.SystemSpeedupsuccess296d9853ef8c280e4556966ea75c59a7 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2PUP.Optional.Feven.Adelete-on-reboot0690e407cfacda5cb403808aa75cf808 HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplusPUP.Optional.MediaPlayerplus.Adelete-on-reboot8d09d912710a2f073b7dcb51e61d4db3 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttodayPUP.Optional.FreeSoftToday.Adelete-on-reboot861042a997e4d95d89dd431f3dc742be HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarBackupPUP.Optional.SmartBardelete-on-reboot98fee407f6852f07cbbb1543bb49ed13 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLogPUP.Optional.SmartBardelete-on-reboot375fad3e6318999da6df2d2b09fb669a HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ToggleMarkPUP.Optional.ToggleMark.Adelete-on-rebootaaec6784a4d7f640e31fdd40669d42be HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTagPUP.Optional.Tuto4PC.Adelete-on-reboota7ef7972ec8fde583c8476ed8b79748c HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Freeven pro 1.2PUP.Optional.Feven.Adelete-on-reboot4c4a599284f7cd6970470dfd897a04fc HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplusPUP.Optional.MediaPlayerplus.Adelete-on-reboot950102e9007bc86ebbfdea328c7729d7 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGongPUP.Optional.PriceGong.Adelete-on-reboot286ef4f72f4c3cfab4b063c1a45f04fc HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1SPUP.Optional.InstallCore.Adelete-on-reboot11859358611aa393eb02ac7dcf344eb2 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCOREPUP.Optional.InstallCore.Adelete-on-rebootd2c4da113c3ffe38ba919ba5b94bc53b HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}PUP.Optional.Qone8delete-on-reboot2a6c33b8116a83b36d7f7ad1ee163bc5 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBARPUP.Optional.SafeFinder.Adelete-on-reboot960047a40e6db482df651edd738f16ea HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal DownloaderPUP.Optional.Softonic.Adelete-on-rebootcec89457f982171f21f80712fb081de3 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced-System ProtectorPUP.Optional.AdvancedSystemProtector.Adelete-on-reboot15814e9d136887af17a83cbd2fd3817f HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean ProPUP.Optional.RegCleanerPro.Adelete-on-reboot2670b6350f6cf5417f73ab9a57ad857b HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssdPUP.Optional.SystemSpeedupdelete-on-rebootc3d32cbfb0cbf83ed9c12cd81de6a55b HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{09B73D47-DE1A-89C6-EE3B-3DEC891DE5E4}PUP.Optional.BlockAndSurf.Asuccess8b0bc922e59660d69cf66e8cec18df21 HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{09B73D47-DE1A-89C6-EE3B-3DEC891DE5E4}PUP.Optional.BlockAndSurf.Asuccess8b0bc922e59660d69cf66e8cec18df21 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{09B73D47-DE1A-89C6-EE3B-3DEC891DE5E4}PUP.Optional.BlockAndSurf.Adelete-on-reboot8b0bc922e59660d69cf66e8cec18df21 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{09B73D47-DE1A-89C6-EE3B-3DEC891DE5E4}PUP.Optional.BlockAndSurf.Adelete-on-reboot8b0bc922e59660d69cf66e8cec18df21 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{30F9B915-B755-4826-820B-08FBA6BD249D}PUP.Optional.ConduitTB.Asuccess069024c7e794e94da90a95ec1be78080 HKU\S-1-5-21-183469539-3613899766-4047468319-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER{30F9B915-B755-4826-820B-08FBA6BD249D}PUP.Optional.ConduitTB.Adelete-on-reboot
Geändert von Klimmbimm (09.09.2014 um 17:51 Uhr) |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
