| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.12.2014, 17:52
| #1 |
 |  Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Hallo, bei meinem Laptop Windows 7 ist nach einem bischen längerem Hochfahren nur ein schwarzen Bildschirm zu sehen. Alles ist schwarz. Nur das Fenster "Computer" ist offen. Ich hab mir schon einen Thread durchgelesen aber der hat mir wenig geholfen. Was kann ich machen damit mein Laptop wieder normal läuft ? Ich hab mir schon das Programm FRST runtergeladen hier sind die Daten. Code:
ATTFilter (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [LOLReplay Recorder] => "C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [wm] => C:\Users\Henoch\AppData\Local\Temp\wm.exe [5892096 2014-06-14] () <===== ATTENTION
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {81DC31DA-8B77-49F8-8FEC-177610596CC0} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=
FF Homepage: hxxp://www.google.com
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3995798047-183456226-2512991475-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Henoch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\user.js
FF Extension: Avira Browser Safety - C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\abs@avira.com [2014-08-17]
FF Extension: Settings Manager - C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} [2014-05-19]
Chrome:
=======
CHR Profile: C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (AdBlock) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [2012-10-31]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [2013-11-18]
CHR HKLM-x32\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [2012-10-31]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [2013-11-18]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-10] ()
S3 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 17:19 - 2014-12-04 17:20 - 00019916 _____ () C:\Users\Henoch\Downloads\FRST.txt
2014-12-04 17:19 - 2014-12-04 17:19 - 00000000 ____D () C:\FRST
2014-12-04 17:18 - 2014-12-04 17:18 - 02117632 _____ (Farbar) C:\Users\Henoch\Downloads\FRST64.exe
2014-11-24 18:02 - 2014-11-24 18:02 - 00022528 _____ () C:\Users\Henoch\Downloads\(4) Uebung_SVerweis.xls
2014-11-22 18:43 - 2014-11-22 18:43 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth (1).rar
2014-11-22 18:37 - 2014-11-22 18:38 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth.rar
2014-11-20 09:23 - 2014-11-20 09:23 - 00009728 _____ (Razer Inc.) C:\Windows\SysWOW64\RzStats.IPC.dll
2014-11-20 08:42 - 2014-11-20 08:42 - 00930246 _____ () C:\Users\Negede\Downloads\sprache.html
2014-11-20 08:42 - 2014-11-20 08:42 - 00000000 ____D () C:\Users\Negede\Downloads\sprache_files
2014-11-19 10:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 10:45 - 2014-11-19 10:45 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-11-15 14:28 - 2014-10-23 21:05 - 00129600 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpnk.sys
2014-11-15 14:27 - 2014-10-31 23:27 - 00037184 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2014-11-15 14:26 - 2014-11-15 14:26 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10 (1).exe
2014-11-15 14:26 - 2014-11-15 14:26 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-11-15 14:22 - 2014-11-15 14:28 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-15 14:22 - 2014-11-15 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-15 14:21 - 2014-11-15 14:29 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Razer
2014-11-15 14:21 - 2014-11-15 14:28 - 00000000 ____D () C:\ProgramData\Razer
2014-11-15 14:20 - 2014-11-15 14:20 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10.exe
2014-11-12 16:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 16:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 16:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 10:23 - 2014-11-09 10:23 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\OpenOffice
2014-11-04 16:33 - 2014-11-04 16:33 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Elex-tech
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 17:13 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 17:13 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 17:10 - 2012-08-04 10:54 - 01736688 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 17:04 - 2014-07-05 14:38 - 00000302 _____ () C:\Windows\Tasks\RegistryCleanerKit Startup.job
2014-12-04 17:04 - 2012-10-14 20:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 17:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 17:04 - 2009-07-14 05:51 - 00254128 _____ () C:\Windows\setupact.log
2014-12-04 13:00 - 2014-07-05 14:38 - 00000308 _____ () C:\Windows\Tasks\RegistryCleanerKit Maintenance.job
2014-12-04 12:57 - 2014-11-02 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-04 12:57 - 2014-11-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-04 12:57 - 2013-06-15 07:15 - 00000000 ____D () C:\Users\Negede
2014-12-04 12:57 - 2012-08-04 10:56 - 00000000 ____D () C:\Users\Henoch
2014-12-04 12:57 - 2012-02-24 05:01 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-04 12:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-03 20:04 - 2012-10-14 20:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 16:32 - 2012-08-07 19:06 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Skype
2014-12-03 16:29 - 2012-04-23 05:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 16:13 - 2014-11-01 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 14:29 - 2012-04-23 05:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 14:29 - 2012-04-23 05:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 14:29 - 2012-04-23 05:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 16:40 - 2014-02-01 14:38 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 17:28 - 2014-08-18 10:14 - 00000000 ____D () C:\Program Files (x86)\CABAL Online (EU)
2014-11-22 20:48 - 2014-06-07 18:38 - 00000002 _____ () C:\Users\Henoch\Downloads\myFile.txt
2014-11-22 20:47 - 2014-06-07 18:38 - 00000757 _____ () C:\Users\Henoch\Downloads\serial.txt
2014-11-20 21:10 - 2014-03-24 15:25 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Battle.net
2014-11-20 20:37 - 2012-09-11 14:27 - 00000000 ____D () C:\Users\Henoch\AppData\Local\CrashDumps
2014-11-18 16:59 - 2013-10-26 12:14 - 00000000 ____D () C:\Users\Henoch\Desktop\Naruto
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2012-08-04 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-11-17 08:36 - 2013-06-15 07:17 - 00126768 _____ () C:\Users\Negede\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 14:52 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-15 18:18 - 2009-07-14 05:45 - 00488488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 14:29 - 2012-08-04 10:56 - 00126768 _____ () C:\Users\Henoch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 11:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 14:32 - 2012-10-14 20:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 14:32 - 2012-10-14 20:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 15:56 - 2014-04-30 15:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 19:37 - 2013-08-14 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:28 - 2012-10-15 16:18 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:20 - 2014-04-08 17:24 - 00000000 ____D () C:\Users\Henoch\Desktop\LoL
2014-11-09 11:49 - 2014-01-25 11:40 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\SoftGrid Client
2014-11-09 10:32 - 2013-06-15 07:16 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Adobe
2014-11-08 09:37 - 2012-04-23 05:44 - 00000000 ____D () C:\Program Files\Sony
2014-11-08 09:37 - 2010-11-21 04:47 - 00422694 _____ () C:\Windows\PFRO.log
2014-11-08 09:09 - 2012-04-23 05:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\Henoch\AppData\Local\Temp\wm.exe
Some content of TEMP:
====================
C:\Users\Henoch\AppData\Local\Temp\7z920.exe
C:\Users\Henoch\AppData\Local\Temp\AskSLib.dll
C:\Users\Henoch\AppData\Local\Temp\avgnt.exe
C:\Users\Henoch\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Henoch\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Henoch\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel0.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel1.exe
C:\Users\Henoch\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Henoch\AppData\Local\Temp\sdapskill.exe
C:\Users\Henoch\AppData\Local\Temp\sdaspwn.exe
C:\Users\Henoch\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henoch\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Henoch\AppData\Local\Temp\sfextra.dll
C:\Users\Henoch\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Henoch\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Henoch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\Softonic_DE_1-5-10_DE-Production_10_CleanRelease.exe
C:\Users\Henoch\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2276.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2776.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-4292.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-5688.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8172.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8400.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-9100.exe
C:\Users\Henoch\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Henoch\AppData\Local\Temp\wm.exe
C:\Users\Negede\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-29 11:23
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Henoch at 2014-12-04 17:21:02
Running from C:\Users\Henoch\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19460 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{EBF1529E-D2D5-47CF-97EC-7D90CEF0FE04}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.125 - Atheros)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7971 - DsNET Corp)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Interactive Limited)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CABAL Online (EU) (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\CabalOnline(EU)) (Version: - )
CABAL Online Patch 652 (HKLM-x32\...\CABAL Online Patch 652_is1) (Version: - )
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online Live (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\SOE-DC Universe Online Live PSG) (Version: - Sony Online Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.8.0 - International GeoGebra Institute)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hitman: Contracts (HKLM-x32\...\Hitman: Contracts) (Version: - )
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java(TM) 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java(TM) 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.10 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.18.23036 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Hidden Object Game Show (x32 Version: 2.2.0.97 - WildTangent) Hidden
The Sims 4 Deluxe Edition version 1.0 Update 1 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.0 Update 1 - GMT-MAX.ORG)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
Unity Web Player (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.21090 - Sony Corporation)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ mit BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.11.1.15220 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.0.02231 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent sony Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (HKLM-x32\...\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Рупор Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
15-11-2014 13:24:42 Gerätetreiber-Paketinstallation: Razer Audio-, Video- und Gamecontroller
18-11-2014 08:18:21 Windows Update
19-11-2014 10:30:21 Windows Update
21-11-2014 15:01:58 Windows Update
25-11-2014 15:16:00 Windows Update
02-12-2014 16:01:43 Windows Update
03-12-2014 19:09:50 Removed Razer Synapse 2.0.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0093ACB4-5FF9-46AD-9F9C-25F2E82768D5} - System32\Tasks\RegistryCleanerKit Maintenance => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
Task: {0168EB42-78BA-4261-ADBF-0C534A04E37F} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {0557300D-60CC-4079-8D78-0957B7E32539} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {06068ABB-5530-4BA1-8C66-685CC94229DD} - System32\Tasks\RealCreateProcessScheduledTask4424968S-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealPlayer\Update\RealOneMessageCenter.exe
Task: {0E1C2318-B4C4-41A4-A1ED-C4B7EE0F208B} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {4134B0AC-5DD2-4FF3-8EC6-0BE5618BC0BD} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {450A2176-A799-43C0-AAB9-EAA6DE78B2C7} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {46DE0AD6-969D-4EA7-B99A-05B8F25E290E} - System32\Tasks\{BE1279AB-AAF8-45F2-A5E7-71E64C073AE7} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116&LastError=12002
Task: {47529513-BFE5-4FD5-AFEF-F316BFA7DDE9} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {4A67B55E-FDB1-46CC-BA29-9352507763E6} - System32\Tasks\{6A2B7D17-8446-4EA7-95E9-3B66627EBCC5} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.73.104.456/de/abandoninstall?page=tsProgressBar
Task: {5460B8D2-BD33-4F34-B1BA-CE7B4652EED4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {5ED1F88B-0E4A-4200-9C73-53607DC42D4C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {5FE6B8D0-1AEB-4E5C-AAF1-7A61CA30747A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {63F2F0B4-278C-4ED2-A5D1-B8F879A4DB5B} - System32\Tasks\RealCreateProcessScheduledTask4424905S-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
Task: {64AA05F3-04FD-496B-8F80-53A98F4C71A0} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {74F06F81-5947-4D8A-97BE-E0C9712F990D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {778C8B2A-6771-4D50-8C32-736F21706EE9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {79B192AE-FC56-4F02-B342-8FA4110D1392} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {8009F53D-FA56-407C-9B24-D7AE0C0FE44F} - System32\Tasks\Sony Corporation\VAIO Update\VUSU Trigger Task => C:\Program Files\Sony\VAIO Update\VUSUTrigger.exe [2014-02-28] (Sony Corporation)
Task: {9B87EE33-B5CE-4ACC-8BD6-2FA515A9D2BE} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {AD181D42-4800-4149-9EC2-FBF8FA6917DC} - System32\Tasks\{09CC1933-F898-4547-AA0A-72E4D359D205} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.60.105/de/abandoninstall?page=tsBing
Task: {AEF6F980-41E2-4762-92B6-BEEA4D9412C2} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {B4A71C93-B822-4514-820C-B3E10DE0555A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {BB2DA099-C181-465B-A313-15FD9F84734E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C0D9EE0F-E046-4471-959A-73270ECADBA6} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C30EF8A8-8646-4F4D-8652-5CBDB6F10FB4} - System32\Tasks\{77A7005F-AE93-435F-A43F-382438C520CE} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.60.105/de/abandoninstall?page=tsProgressBar
Task: {D22DB6CB-4CB3-4782-9052-3A9DD3DE2D0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
Task: {D9A999F9-FA5B-4F59-AD4F-FEEF2B9C174D} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {DB1E8C6E-30C8-4C08-BED7-F8FFF6B5EAB4} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {E828EF16-3574-4748-AE53-A0EDED779520} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {F275EB3E-DC86-4DF7-91DA-74AA71F0D578} - System32\Tasks\{EB4C17FB-B842-41F8-9D3B-4D2541ACB94B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.60.105/de/abandoninstall?page=tsPlugin
Task: {F83AF91F-D650-4F65-ADA8-A74F80916947} - System32\Tasks\RegistryCleanerKit Startup => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
Task: {F9D696F3-41FC-4309-8CA1-FE19DC396A0C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FABA3BE7-77A3-4B25-AAD1-D4BBA776CB99} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegistryCleanerKit Maintenance.job => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
Task: C:\Windows\Tasks\RegistryCleanerKit Startup.job => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
==================== Loaded Modules (whitelisted) =============
2012-04-23 05:07 - 2012-03-13 17:01 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-03-27 21:40 - 2014-07-10 11:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-11-30 17:49 - 2011-11-30 17:49 - 00321024 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00179712 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00054784 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00061440 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00037376 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 02229760 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00035840 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00055296 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00137728 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00134144 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00024064 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2011-11-30 17:49 - 2011-11-30 17:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2014-11-02 16:18 - 2014-10-08 11:10 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-11-02 16:18 - 2014-10-08 11:10 - 00092320 _____ () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-11-02 16:18 - 2014-09-22 13:13 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-11-02 16:18 - 2014-09-22 13:13 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2012-04-23 05:29 - 2012-03-07 17:57 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2014-11-02 16:18 - 2014-10-08 11:09 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-10-17 18:17 - 2014-10-17 18:17 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-04-23 05:08 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-04-23 05:07 - 2012-03-13 17:02 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:B606BA34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3995798047-183456226-2512991475-500 - Administrator - Disabled)
Gast (S-1-5-21-3995798047-183456226-2512991475-501 - Limited - Disabled)
Henoch (S-1-5-21-3995798047-183456226-2512991475-1001 - Administrator - Enabled) => C:\Users\Henoch
HomeGroupUser$ (S-1-5-21-3995798047-183456226-2512991475-1002 - Limited - Enabled)
Negede (S-1-5-21-3995798047-183456226-2512991475-1003 - Administrator - Enabled) => C:\Users\Negede
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/04/2014 05:05:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/04/2014 00:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 08:26:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 08:09:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 08:06:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 07:30:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 07:10:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 07:07:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 03:05:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 11:46:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (12/04/2014 05:04:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.12.2014 um 13:07:01 unerwartet heruntergefahren.
Error: (12/04/2014 01:03:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet.
Error: (12/03/2014 08:25:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
avipbb
avkmgr
DfsC
discache
iSafeKrnl
iSafeKrnlR3
iSafeNetFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
Error: (12/03/2014 08:25:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Client Virtualization Handler" ist vom Dienst "Application Virtualization Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/03/2014 08:25:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Razer Surround Audio Service" ist vom Dienst "Windows-Audio" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/03/2014 08:25:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/03/2014 08:25:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/03/2014 08:25:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (12/03/2014 08:25:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (12/03/2014 08:25:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (12/04/2014 05:05:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/04/2014 00:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 08:26:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 08:09:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 08:06:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 07:30:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 07:10:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 07:07:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 03:05:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/03/2014 11:46:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 6114.36 MB
Available physical RAM: 4048.75 MB
Total Pagefile: 12226.9 MB
Available Pagefile: 9818.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:681.64 GB) (Free:545.6 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BA624956)
Partition 1: (Not Active) - (Size=16.7 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=681.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.12.2014, 19:26
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
04.12.2014, 21:14
| #3 |
| | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Hier: mbam.txt
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.12.2014 Suchlauf-Zeit: 19:47:32 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.04.08 Rootkit Datenbank: v2014.12.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Henoch Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 404768 Verstrichene Zeit: 43 Min, 48 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 3 PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jcdgjdiieiljkfkdcloehkohchhpekkn, , [17c11549dca0cb6b6d9289daf013c739], PUP.Optional.FindADeal.A, HKU\S-1-5-21-3995798047-183456226-2512991475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\find-a-deal-2, , [4d8bd48a205c70c65034e38f0cf7e41c], PUP.Optional.SystemK.A, HKU\S-1-5-21-3995798047-183456226-2512991475-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [ecec65f9f686d75f23ab97cf689b07f9], Registrierungswerte: 1 Trojan.Winminer, HKU\S-1-5-21-3995798047-183456226-2512991475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wm, C:\Users\Henoch\AppData\Local\Temp\wm.exe, , [0dcb0f4f9edea49249a3e7199e640af6] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.Conduit.A, C:\Users\Henoch\AppData\Local\Temp\TestIfExeExist\CT3312806, , [15c3f36bd9a314225bd1e03ba65dfa06], PUP.Optional.Conduit.A, C:\Users\Henoch\AppData\Local\Temp\TestIfExeExist\CT3312806\nativeMessaging, , [15c3f36bd9a314225bd1e03ba65dfa06], Dateien: 14 Trojan.Winminer, C:\Users\Henoch\AppData\Local\Temp\wm.exe, , [0dcb0f4f9edea49249a3e7199e640af6], PUP.Optional.Softonic.A, C:\Users\Henoch\AppData\Local\Temp\Softonic_DE_1-5-10_DE-Production_10_CleanRelease.exe, , [e8f0aeb073097db96e7b94287d848d73], Riskware.BitcoinMiner, C:\Users\Henoch\AppData\Local\Temp\32\wincpu.exe, , [f3e55fff116b77bf4c955c0108f921df], PUP.Optional.AztecMedia.A, C:\Users\Henoch\AppData\Local\Temp\nspCD70.tmp\Helper.dll, , [b42483dbf08ce84ef3903003cc3915eb], PUP.Optional.AztecMedia.A, C:\Users\Henoch\AppData\Local\Temp\nspCD70.tmp\Starter.exe, , [01d7cb933e3eb77f81f369cae124e11f], PUP.Optional.AztecMedia.A, C:\Users\Negede\AppData\Local\Temp\nsaC2B7.tmp\Helper.dll, , [61775a04cdaff145c8bba29117eeda26], PUP.Optional.AztecMedia.A, C:\Users\Negede\AppData\Local\Temp\nsaC2B7.tmp\Starter.exe, , [10c8025c4f2d201643319a9937ce13ed], PUP.Optional.Linkey.A, C:\Windows\Temp\61176dd6\SettingsManagerSetup.exe, , [74640658ccb0b97d7eb3386bf20fdb25], PUP.Optional.Linkey.A, C:\Windows\Temp\cd6075b9\SettingsManagerSetup.exe, , [fbdd4519d4a861d5929f7033b94809f7], PUP.Optional.Iminent.A, C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, , [5880cb93106c80b6c49f77f835ce29d7], PUP.Optional.Wajam.A, C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage, , [0dcb1b43aece91a54321a5ca6b98c53b], PUP.Optional.Wajam.A, C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal, , [8652b5a97705072f82e27df249ba946c], PUP.Optional.Conduit.A, C:\Users\Henoch\AppData\Local\Temp\TestIfExeExist\CT3312806\nativeMessaging\TBMessagingHost.exe, , [15c3f36bd9a314225bd1e03ba65dfa06], PUP.Optional.DefaultSearch.A, C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");), ,[2cacf16da4d8dc5ad0f20b8d0df84eb2] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 04/12/2014 um 20:42:49
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Henoch - HENOCH-VAIO
# Gestartet von : C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : iSafeKrnl
Dienst Gefunden : iSafeKrnlBoot
Dienst Gefunden : iSafeKrnlKit
Dienst Gefunden : iSafeKrnlR3
Dienst Gefunden : iSafeNetFilter
Dienst Gefunden : iSafeService
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
Datei Gefunden : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gefunden : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gefunden : C:\Users\Henoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
Datei Gefunden : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\user.js
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gefunden : C:\Windows\System32\log\iSafeKrnlCall.log
Ordner Gefunden : C:\Program Files (x86)\Elex-tech
Ordner Gefunden : C:\ProgramData\iolo
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
Ordner Gefunden : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Ordner Gefunden : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Ordner Gefunden : C:\Users\Henoch\AppData\Local\CrashRpt
Ordner Gefunden : C:\Users\Henoch\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\Elex-tech
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\iolo
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}
Ordner Gefunden : C:\Users\Negede\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gefunden : C:\Users\Negede\AppData\Roaming\Elex-tech
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2481020
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gefunden : HKLM\SOFTWARE\SweetIM
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v26.0 (de)
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.affiliate_id", "3553");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.firstrun", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.log_send_info", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/m[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.no_trace", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: null\n1387712401514 - onFla[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.version", "1.26");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.LayoutId", "1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.ShowThankyouPixel", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.enabledAds", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent109", "1387712430303");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent110", "1387712448132");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent111", "1387712430307");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent112", "1387712430369");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent122", "1387712430312");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.version", "7.50.3.1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
[5wimzc6q.default] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
-\\ Google Chrome v39.0.2171.71
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
-\\ Comodo Dragon v
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-05&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gefunden [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gefunden [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
*************************
AdwCleaner[R0].txt - [14251 octets] - [04/12/2014 20:42:49]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14312 octets] ##########
Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 04/12/2014 um 20:56:21
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Henoch - HENOCH-VAIO
# Gestartet von : C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : iSafeKrnl
Dienst Gefunden : iSafeKrnlBoot
Dienst Gefunden : iSafeKrnlKit
Dienst Gefunden : iSafeKrnlR3
Dienst Gefunden : iSafeNetFilter
Dienst Gefunden : iSafeService
***** [ Dateien / Ordner ] *****
Ordner Gefunden : C:\Program Files (x86)\Elex-tech
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\Elex-tech
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v26.0 (de)
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.affiliate_id", "3553");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.firstrun", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.log_send_info", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/m[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.no_trace", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: null\n1387712401514 - onFla[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.version", "1.26");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.LayoutId", "1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.ShowThankyouPixel", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.enabledAds", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent109", "1387712430303");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent110", "1387712448132");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent111", "1387712430307");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent112", "1387712430369");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent122", "1387712430312");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.version", "7.50.3.1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
[5wimzc6q.default] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
-\\ Google Chrome v39.0.2171.71
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
-\\ Comodo Dragon v
*************************
AdwCleaner[R0].txt - [14509 octets] - [04/12/2014 20:42:49]
AdwCleaner[R1].txt - [4333 octets] - [04/12/2014 20:56:21]
AdwCleaner[S0].txt - [15541 octets] - [04/12/2014 20:44:24]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4454 octets] ##########
Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 04/12/2014 um 20:44:24
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Henoch - HENOCH-VAIO
# Gestartet von : C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\iolo
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
[!] Ordner Gelöscht : C:\Program Files (x86)\Elex-tech
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gelöscht : C:\Users\Henoch\AppData\Roaming\Elex-tech
Ordner Gelöscht : C:\Users\Henoch\AppData\Roaming\iolo
Ordner Gelöscht : C:\Users\Negede\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gelöscht : C:\Users\Negede\AppData\Roaming\Elex-tech
Ordner Gelöscht : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Datei Gelöscht : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Users\Henoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
Datei Gelöscht : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\user.js
Datei Gelöscht : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2481020
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v26.0 (de)
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "3553");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/m[...]
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: null\n1387712401514 - onFla[...]
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.LayoutId", "1");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.enabledAds", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1387712430303");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent110", "1387712448132");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1387712430307");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent112", "1387712430369");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1387712430312");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.version", "7.50.3.1");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
-\\ Google Chrome v39.0.2171.71
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-05&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
-\\ Comodo Dragon v
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-05&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gelöscht [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gelöscht [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
*************************
AdwCleaner[R0].txt - [14509 octets] - [04/12/2014 20:42:49]
AdwCleaner[S0].txt - [15283 octets] - [04/12/2014 20:44:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15344 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Henoch on 04.12.2014 at 20:59:53,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] isafekrnl
Failed to stop: [Service] isafekrnlkit
Failed to stop: [Service] isafekrnlr3
Failed to stop: [Service] isafenetfilter
Failed to stop: [Service] isafeservice
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Henoch\AppData\Roaming\elex-tech"
Successfully deleted: [Folder] "C:\Users\Henoch\appdata\local\cre"
Failed to delete: [Folder] "C:\Program Files (x86)\elex-tech"
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0068C03D-36F6-402A-AB87-5E701F97EC75}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{007EDC0C-DB4F-4D2A-8DF6-76EEE828205B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{008FE068-0C87-433C-8FD0-27F97E7D6828}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{00A7E966-ACAB-46BD-9889-588F7B63AF35}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{029E04E5-D466-40EF-B4C8-87E8BB22730B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03291152-3627-400F-8E37-8F6352A8C86F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03B36BA1-6F18-47E9-B07C-B3D67D2EA869}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03BE32F9-9DA8-4AD7-83F4-F0E8A4D28886}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03F2D33C-3190-48A0-BC32-715BEEF4F5CE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{05280976-D492-4544-8FC2-58C3BAF2F9C6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0646A333-7AAB-41C8-815A-5403FF962A44}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{072F04ED-CD8A-4130-A442-FA4F765E080E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{076C4DA0-EB2D-49E9-A769-7E981FA12A07}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0820C272-4B47-493F-B2A7-3975B02D7649}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0AE8CE4A-AA16-474C-960E-66A9A1FA93FA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0D4A2B38-FEA7-4211-9FFA-D0C66074D5CF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0D78B923-F959-4FAE-9903-BDED29D6C9F6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0F21EF93-7CED-41F9-8135-0BAB64C1726B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1304D21D-55F1-42B2-91F0-12BEE5CBFA37}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1396F8E7-DD7A-411C-92EF-F175A219F419}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{14F9CF85-B8CF-469E-809C-4C8509EDD69E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{156CA0EE-C325-4811-A639-5A52DBC41E11}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{162B0D47-F7B4-4706-B9A0-4B8BA8E6DA0F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1A662ED7-DAB2-4DCC-8D41-C625397B45A1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1AC3852C-ED0D-4D47-A3F9-A056742A0E14}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1B0F86F8-D4B9-47BE-9C68-9EEBF692A78A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1B7FDB59-DB25-4596-A240-EA9E8945D3BA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1DD46B2D-95C4-4FDD-ADC9-3A7400B1835C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2112FF6B-25D7-4BA3-8EC6-29B805BA5B43}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2156F5EE-68D1-4088-A6A8-23D242981756}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{21FAC655-E77F-4680-9D38-2C464AE25E49}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{23D7603D-AF41-4CC4-AEA0-B4BA2F0054EA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{24B399B0-7349-46C4-BC56-128285CB525D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{25999472-CFFD-4E4B-BCF0-91FFB2B86987}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{25A53CA1-10B4-475E-BE8E-50D80CAAFAF0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{26A1840D-DE17-4311-9774-9B1E848D43F2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{26F25A2C-BEF2-48E3-8EEE-EE70BB9A6152}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{27D08A0A-7499-4615-A40C-5D2446272D03}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{288AB76E-FCFE-4B8D-A107-787632595918}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{28B0E844-D8C8-4498-B4FC-9670676B2C55}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{290C410C-30AB-4A80-9412-993EC877C0BD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2A132FDE-F325-4F32-824E-CD75FA69A6CF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2B31163D-455C-4453-B555-7757E8E85C54}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2B68A1B3-7F8C-4A44-879F-3B74217803B3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2B6DE6B5-E2E4-4712-B262-4D45390B39BB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2C7D1443-03E2-4539-A011-8441FE6D5B96}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2DF338BF-B144-43D9-A9AA-4FB5BDC366C0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2E6943E6-EF4B-4614-863C-DB17D8AB147E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2E775E92-33A1-41CC-9EF7-5242F90D62C0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2F07BE98-6E64-40E9-8689-FE1182CDECC1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2F9F433C-7EFF-49D1-80C9-E935AF8C4DE3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2FF7BF88-2C4B-4666-8DA3-0A623704DBA8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3034A5CA-1A0D-45EB-B24F-499E9597A9CF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{307FC519-B38C-42C1-A09C-076FD85B3580}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{309638F8-1322-436A-AB4A-F56F64238AC0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{30A609A5-1CD0-41E7-9971-B8C74E4A4342}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3219B956-BE71-4356-8713-A8204C620954}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{33331B3C-B4A7-40C2-ACC7-B16FF8FD65E5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{35194F46-C59A-47C0-927E-1D8573088144}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3813CCA0-AEEB-43CB-92C2-6C48F6A795E2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{381412CF-511C-4394-BF82-849BD0CA5488}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3A1B53F9-A3FC-4DB4-980B-485C44CAD626}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3BC2D61D-50BE-484D-AC23-589B00C5F6D6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3D202CF6-BC43-41E5-B256-A41402178CC6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3EE2797A-C88A-4B6F-A81E-AC7B88CCEEF4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3FE4D78E-F896-4419-AB2A-4E1AE7E31A76}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3FFCD665-1FC4-499E-871D-3313E6127B35}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4032AB76-AC91-470D-94FE-C50856654C12}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{40D45FB4-275A-4508-9F5A-A476E3C53029}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{414284CB-799D-4F1A-8E69-FC92E0EF5571}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{41549BDF-87EC-4361-9CAC-B5B0584B5797}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4494FAC2-5235-4749-B8CA-68C7033D04DF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{455529A7-9652-4F04-BB33-AF204E6BB1E1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{47EA59ED-D0F5-48BA-A0A3-09CEFDA23C93}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4817581D-D459-430A-AFDA-369A31114185}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{48F5B149-D2F4-4499-B0F4-F9C2D3E9D279}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4B880976-6AFF-4B45-90F8-537C82129916}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4C072626-30E2-462A-94A2-3E84614F96D6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4CBA5A24-662B-48B0-8294-76DE15115B61}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4E7224EA-297F-4748-B3CA-89B7166F648D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4E86FD0D-88D6-4C40-9F34-B06E46E75049}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4EA4FC5E-3B10-4F9F-8AB6-19A091951E3A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4EC81182-95E5-4733-A961-303E9C71C699}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4F605D8E-7A59-4D0E-9EBC-343C7A5F9F19}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{506D1108-FDC8-41B3-8343-622168573F50}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{526B747A-5AA7-4377-8E87-DA77C6327F4A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{53405CE3-749A-48CE-ABBE-C40328408514}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{545181B2-D04F-4A10-8A97-43E132D79507}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{54C0BD6D-2B97-47A7-B321-FDB03B42E8F3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{54C16B38-6AE8-4DAF-86D0-FA51A5524252}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{55CC92D5-1052-4F21-B53F-96C6763DE378}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{57B7166E-F88B-4A2B-8677-78BB4889F336}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{586CB17C-4273-40EE-BF56-5D31FE4AD2D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{596D3A70-D348-49F9-9C93-AB67092BD457}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5A913224-AC74-47B7-B7C4-9FF076CC3617}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5AFA5739-F573-4073-B708-2DE5DD2D5ADC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5B05F23F-B8C0-4E12-80C1-F8AFA7CE4CE7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5C77BFE3-B863-4164-A9F0-BF1B34DA3633}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5CBD422C-94C9-414E-B80C-1AE11A1AD2B1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5D523A87-6C54-43E3-83EE-C57209631146}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5DBCA463-F23A-4F34-9020-B374D1B0EBED}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5E3B2DE1-1A92-4329-80B3-3FC0F682EE48}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5E4A5DF6-1E86-4E99-8769-B9F68F42C3BC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5F4081F5-C982-4D86-A667-0B5AF3C0CDFA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5FBAB3EF-BCC6-43D2-AC86-6EE5CB3D891E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6039F03A-BD93-4C84-8EB7-4CBE80324EFD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{61F9A428-BDA2-4F42-9185-FC082B3F4197}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6357DDCC-172B-4E0F-B848-20CFEB02B3C5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{63939698-50C5-4954-8A76-0CB45D285FE7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6450F488-77EB-4C67-A247-3A89CDACF60F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{650654AA-3B39-41F9-8136-BB29659B2BA9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{650CAC75-644A-4077-97E7-6D8D9C9AAC43}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{65BFE0B9-5382-4078-9799-CF7A37A977AD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{66D1FE6A-3F09-4D93-BAB6-E8DD291267B9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6785D256-5A4C-4FE1-8EB2-AB40CADBC15D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{68EAEDCB-0234-4E50-BC35-26DFAD8F1839}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6B456ACC-8692-43F6-8309-D2AD5D715D4F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6B7EBCE7-7C9C-4730-836B-79D351B5BDEB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6C6E6367-AA2E-42A5-B794-29B3F19C5724}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6C9C83FE-8DB6-48E5-AC1D-8D7699754556}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6D167E7A-5719-4651-9DD7-137A987548FA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6E00131E-CA2B-4A1C-9D23-BB97F1A83403}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6E4CDB92-2025-41B1-AD39-C294FA5533C2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6E65312D-E623-47BD-8A83-47FED260E1D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6F043944-835B-4F86-9353-905E27BD3D22}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6FC9D17D-BA71-41D8-9DAB-70A40C8D8BBC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{715EF16E-1205-4F3C-839F-1C36E8DA5B02}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{719BFD13-7B21-4ED6-A147-29ABD8846CDA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{71AFF0D6-2F40-4F70-99DC-525C8B15D86B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{72BA4000-5A8C-4C90-B5B5-3C233EF307D3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{738BDCCF-B6F2-4E44-AE3E-1E1BCE900589}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{73DB4DD0-AC55-43C7-9649-14BC1545D4F3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{75F4DA71-1FE6-4EBD-B0DC-8E8801B9ABFC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{763F4BCE-D9BD-4E67-95B7-82227763AB0C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{764045C4-17CC-4F07-BAA0-9433EDADB831}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{79A38E85-8287-4DC0-A997-1E07E99CF9FC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{7A8A6CB0-A496-4B20-B4E0-A0AE60A397A4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{7E59B9AE-650A-464F-8FF8-44051944E903}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{81DCF8B8-3B9A-420C-846A-40C774600489}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{81EA7DD4-2741-4239-9CA3-08176805B900}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{82297B71-F32E-4618-8474-4BB1710E3012}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{82F709A8-D8C3-4A77-95A8-50398951724B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{84C6FCC9-4A08-4E1A-A4BF-F2A5FB60633A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{875AB168-A109-40C9-9586-1E6F2770ED80}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{87D8FB96-5D4A-4A90-A3DC-466111FA6EE1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{8B4C9694-F1C3-4F1C-9060-02AF562991F7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{8EEA2EA4-14BA-4878-AFD8-9C2B7BA20E3A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{8F8015F6-5CB2-4C9A-A400-BD512A68C166}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{90371118-E8C9-40A6-B129-74B88122C2E5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{903899E2-473A-4909-BADC-1501D7B416B3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{90A7FE95-C86F-4115-9D43-8E4AFDFB5BBB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9155A91D-9262-42D6-9612-AB6E8A37C6D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{92E8D8B9-08B6-412F-9AC3-CDB52D75543E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9334040C-5AA9-48A3-94A2-68707C61AC62}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{942A1A08-C5F5-4237-BE14-683D1DCC4052}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9559364B-05D5-474C-AE1B-877A855BFD1A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{962DFDDA-2223-4F9C-8833-D38F94BE612C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{96DF5501-6AF4-42A7-9D91-4B0C85CD5D33}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{984D6CD9-2ECD-4137-BB7D-CE6DBB6B14CE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9894DBB4-A384-4FD1-A2F6-C6D8BBC2EF32}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9897BF2E-E0E2-4F7C-9317-256E14FED612}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{99180701-8331-4CF7-9B5C-4F4B85853F51}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{992637D9-7522-4FB8-9E50-41AB75894219}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{996F5A4C-F38E-4BE6-B97A-B6CBCA6A240D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9B071422-CBD0-43A2-84D9-D795B8FBD47B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9CC81DEA-D446-42BB-87E8-E1E84424D9EF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9F40BD2A-58D6-4C74-8C53-564B30F378D9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9FDD3EDF-8386-4ED7-898C-0575C664456A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A18AB588-5DA7-4DEC-95DA-35E38407EC07}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A255B98A-83F5-4310-9BDB-5631F424A358}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A3661B9B-0DF3-42BF-A2D7-C472E8D5C0A9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A4871461-4818-4066-9454-161C428A51A5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A6F8E6AB-42A6-464E-851F-B62B932C91A8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A70C9A12-4AC4-4568-96D6-8CDBD78ED286}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A71FCE49-6368-4013-B1D5-3973993611B0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A74A07AF-F5EC-4BA7-809B-CE3934CE5C8D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A8222F1C-2955-4FDA-A350-A89D1B003304}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A8A15B94-9C8D-432C-ACD4-B414C34FA6BD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A9E34E72-41D3-4646-BDD2-3015F70423E1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AA4E47C8-1384-4AD4-8535-23EDE2E2A2D3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AADFB505-CAE2-490A-AC05-0604F61DCE2A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AB320AD3-B7C6-42D6-BBE5-1840FAE8D847}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AB6DF812-AA6B-4B56-BC48-44DB453FCD98}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{ABA9DA80-51F4-4DF0-BDFC-CC3ACDDCDCB5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AC48CFC7-40E6-41F3-8C4A-99374B44CF8C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{ACCC85F9-FF11-40D5-9A45-0E4A9CF409C1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AE27E7D2-D1CE-4A1D-9276-FED46A54D8F8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AE8C0C41-6CD5-4D44-9911-406524B44B3C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AEDB795B-B43B-47A3-8A24-6B7C2DB2A98C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AEF9C83B-17E2-4F5E-A840-E0998E6825CB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B131D5BB-41CA-4794-89EA-9CE24574E303}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B1DF8AF1-9A36-421E-BAEF-1167CC5D3C18}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B28976F3-487B-45D7-B740-2EB4F5D6EAD1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B34D3A40-F703-4800-98E0-7F89D22966CD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B4B8CB48-F5F7-4EBF-BFF5-6E45D5DD08DA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B5F834EC-AC6A-4978-9D8B-522799F6F0B7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B6D09FDC-EEBD-4DF9-8C78-A35C6A724816}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B7B3A32A-3B4C-46C5-BC73-B3F4C4854A21}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B8D980B4-AA7D-4D89-897D-58C10FE32CB9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B92437BE-89A4-4743-BB89-5EF34134B3AE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA14B256-904D-455C-B6B7-4DA99E9D9BA8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA452966-9FEB-4218-8E20-9EFB4FA7CFD7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA6C8CE9-7616-4284-9484-E01A88C53651}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA72D936-9BFF-46EE-B557-01E28BCE1FE4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BB03CBEB-74B0-46DC-94BA-6882271B9FA9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BBEA3FBF-C2E8-41A4-96AD-2BB307548538}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BCA022BC-056E-4A3B-905F-715E49C2EB6D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BCD2D6DD-90B8-4756-A075-AEF651397EC2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BD1A87B3-B779-412B-8843-2E94ABDBC651}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BDCFC626-F232-4F49-92C9-64E8FFA9FA79}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BFE9E6F6-96B8-4EC2-A46D-E948047B928D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C12216CF-49EE-4D5E-903C-861E1D384C65}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C21BCF28-29B5-4CCD-82FB-5A19A184ED60}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C4A961F6-DB89-4BF1-B7A5-9502FF26361A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C4EBEAEF-C1D0-4AD8-A008-A1DBFEBD50CE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C716D444-6483-4952-8F10-DFC0E21EEC92}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C752DECD-4608-49C4-94F0-C65C3C82BB4C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C7FA1B01-8186-42F2-AC59-48A2DC5BC4DB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C81CE60A-8FED-47A7-99EC-CB0AA69F2F2E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C8D161EE-6401-4223-828D-23C3DA11D24C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C961B655-835E-4EC5-8BF3-819ABAC3536D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C979F3CF-1B53-4DAC-B483-7F8FBBA9F4F2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C97E45EA-4D39-49E0-93F1-7DC80135D2B1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CA7CA0AF-9FDF-4023-A431-8936843B0E7A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CADE826E-ED1C-4D52-95B0-BE90E881B095}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CB50912B-4E26-4952-9BC4-337B4963C526}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CBBF79D4-F763-49FB-8D58-DF5825B23FD7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CE5C15B0-21D8-46FB-8F91-3290ECE482C1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CF36AF32-8EE1-4AAC-8BF6-7009684492B0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CF8DC9E2-FA96-48B3-B08F-36CBC2380052}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CFF67602-F930-4FD9-9292-2AFE2E815E97}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D08D6F98-D0AC-4F7A-A832-F3162C956CA8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D1E649FC-F466-4597-803E-9303BF7044B6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D2ED5CD1-C2EF-46F4-B65D-B9EB9A44B6DB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D4125EA8-895C-4E33-8834-8E1DB17301F6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D4A859B7-1A65-48C3-9364-10A5404D3AA0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D5625DC4-F2ED-412E-A4C6-044A494FB473}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D6414171-E34A-4896-B424-68CF27C03D0C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D66207EC-2D84-473E-844D-1773EAAF75AC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D8AB553D-CB39-4E69-A30A-B00B8A362EA1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DB70F403-1DF6-493D-BE11-414607FE5258}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DC4A9952-CA75-431F-9218-6A6AE7BB311E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DD344C43-FF73-44C4-BFE8-859CAA1D4293}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DDC800D3-BD97-446C-A236-CDC23D4F0D68}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DE146BB4-3DF9-4BA2-BB34-2CFED7719C7E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DEA17635-8B81-4501-A9BB-936D65C55652}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E01411E5-7CF0-404C-910B-A5F2B65D29CB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E017E9FF-ADEF-499C-B3CE-F425B8D9949B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E1BCD3BE-0E6A-45B0-8A61-B64CF2BC49DB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E1D52C45-491F-4684-8211-4968F45EF4BF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E1D7C44A-E0DB-4933-970B-C7DFDCB206C7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E29778B0-2FB7-41F1-A789-4D3E04003C03}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E3F0CCC9-C53A-454C-AEA4-43D63EFBFB87}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E5340779-F5F0-4059-84A3-1E097E42EF5C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E56191C8-6E81-4E98-A2AD-15AE838812A0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E6509D7E-8C04-4CAA-83EF-9990B024DF1A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E6AAAD96-12A5-4D50-A10B-C382E64357A7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E7C13390-50BD-4AE8-B33D-60096325683C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E818EF9F-7160-4370-B2D7-450761C822F1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E9373DAF-2E42-47C4-89BC-F25A5033A048}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E94681FB-DC70-4B99-AF22-78B9F43F48C4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EB121EE4-BB45-4B64-8019-66FB119A0959}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EB54C328-4869-443A-92F6-13EE05933FF7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EDD08B35-B130-4387-B91A-F77357A3784C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EE2FD5D8-7430-4BD7-B6EE-629482B873CD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F03D47DA-CB62-48B5-B455-067315ABE581}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F04FAC81-6C82-4033-AB36-3200CA1C2A71}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F10142CE-7EC6-4EEE-B7EF-B0C0A1FC86B3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F2BED5A8-6E60-4A3C-8B2E-ABD619D828E4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F3D68BE8-072F-43B7-856B-CD2A3B0EED9A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F70B0917-C036-4AB6-910A-938C0A1C3163}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F778EDA0-5665-41C4-9482-77F26A7CD7D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F854CB2E-4E60-4DAF-9D82-15A8FA70002E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F88ACC60-AD28-434B-AFB6-C5B7CEB36F04}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F949DD2C-6267-4F2A-8DBE-85C8FFA7A44D}
~~~ FireFox
Successfully deleted the following from C:\Users\Henoch\AppData\Roaming\mozilla\firefox\profiles\5wimzc6q.default\prefs.js
user_pref("extensions.wajam.affiliate_id", "3553");
user_pref("extensions.wajam.firstrun", "false");
user_pref("extensions.wajam.log_send_info", "false");
user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/
user_pref("extensions.wajam.no_trace", "false");
user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM
user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_L
user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_
user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_L
user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: nu
user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
user_pref("extensions.wajam.user_current_mapping_version", "0");
user_pref("extensions.wajam.version", "1.26");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
user_pref("iminent.enabledAds", "false");
user_pref("iminent.registerToolbarEvent109", "1387712430303");
user_pref("iminent.registerToolbarEvent110", "1387712448132");
user_pref("iminent.registerToolbarEvent111", "1387712430307");
user_pref("iminent.registerToolbarEvent112", "1387712430369");
user_pref("iminent.registerToolbarEvent122", "1387712430312");
user_pref("iminent.version", "7.50.3.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
Emptied folder: C:\Users\Henoch\AppData\Roaming\mozilla\firefox\profiles\5wimzc6q.default\minidumps [9 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.12.2014 at 21:04:18,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Henoch (administrator) on HENOCH-VAIO on 04-12-2014 21:12:53
Running from C:\Users\Henoch\Downloads
Loaded Profiles: Henoch & Negede (Available profiles: Henoch & Negede)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Thisisu) C:\Users\Henoch\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-19] (Microsoft Corporation)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [LOLReplay Recorder] => "C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [wm] => C:\Users\Henoch\AppData\Local\Temp\wm.exe [5892096 2014-06-14] () <===== ATTENTION
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [15541 2014-12-04] ()
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-3995798047-183456226-2512991475-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-3995798047-183456226-2512991475-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
URLSearchHook: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {81DC31DA-8B77-49F8-8FEC-177610596CC0} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {96280204-BD24-4DE9-BDDC-7A031A59168E} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=
FF Homepage: hxxp://www.google.com
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3995798047-183456226-2512991475-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Henoch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\abs@avira.com [2014-08-17]
Chrome:
=======
CHR Profile: C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (AdBlock) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-10] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 21:12 - 2014-12-04 21:12 - 02117632 _____ (Farbar) C:\Users\Henoch\Downloads\FRST64.exe
2014-12-04 21:04 - 2014-12-04 21:04 - 00033734 _____ () C:\Users\Henoch\Desktop\JRT.txt
2014-12-04 20:59 - 2014-12-04 20:59 - 01707646 _____ (Thisisu) C:\Users\Henoch\Downloads\JRT.exe
2014-12-04 20:59 - 2014-12-04 20:59 - 00000000 ____D () C:\Windows\ERUNT
2014-12-04 20:50 - 2014-12-04 20:50 - 00000000 __SHD () C:\Users\Henoch\AppData\Local\EmieBrowserModeList
2014-12-04 20:42 - 2014-12-04 20:58 - 00000000 ____D () C:\AdwCleaner
2014-12-04 20:41 - 2014-12-04 20:41 - 02154496 _____ () C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
2014-12-04 20:40 - 2014-12-04 20:40 - 00004197 _____ () C:\Users\Henoch\Desktop\mbam.txt
2014-12-04 19:46 - 2014-12-04 20:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 19:45 - 2014-12-04 19:45 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-04 19:45 - 2014-12-04 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-04 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-04 19:44 - 2014-12-04 19:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Henoch\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-04 19:33 - 2014-12-04 19:33 - 00001264 _____ () C:\Users\Henoch\Desktop\Revo Uninstaller.lnk
2014-12-04 19:33 - 2014-12-04 19:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-04 19:32 - 2014-12-04 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Henoch\Downloads\revosetup95.exe
2014-12-04 17:21 - 2014-12-04 17:21 - 00045333 _____ () C:\Users\Henoch\Downloads\Addition.txt
2014-12-04 17:19 - 2014-12-04 21:12 - 00019546 _____ () C:\Users\Henoch\Downloads\FRST.txt
2014-12-04 17:19 - 2014-12-04 21:12 - 00000000 ____D () C:\FRST
2014-11-24 18:02 - 2014-11-24 18:02 - 00022528 _____ () C:\Users\Henoch\Downloads\(4) Uebung_SVerweis.xls
2014-11-22 18:43 - 2014-11-22 18:43 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth (1).rar
2014-11-22 18:37 - 2014-11-22 18:38 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth.rar
2014-11-20 08:42 - 2014-11-20 08:42 - 00930246 _____ () C:\Users\Negede\Downloads\sprache.html
2014-11-20 08:42 - 2014-11-20 08:42 - 00000000 ____D () C:\Users\Negede\Downloads\sprache_files
2014-11-19 10:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 10:45 - 2014-11-19 10:45 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-11-15 14:26 - 2014-11-15 14:26 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10 (1).exe
2014-11-15 14:26 - 2014-11-15 14:26 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-11-15 14:22 - 2014-12-04 20:58 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-15 14:21 - 2014-12-04 20:58 - 00000000 ____D () C:\ProgramData\Razer
2014-11-15 14:21 - 2014-12-04 20:57 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Razer
2014-11-15 14:20 - 2014-11-15 14:20 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10.exe
2014-11-12 16:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 16:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 16:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 10:23 - 2014-11-09 10:23 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\OpenOffice
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 21:00 - 2014-07-05 14:38 - 00000308 _____ () C:\Windows\Tasks\RegistryCleanerKit Maintenance.job
2014-12-04 20:57 - 2012-08-04 10:56 - 00126320 _____ () C:\Users\Henoch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 20:56 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:56 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:53 - 2012-08-04 10:54 - 01752161 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 20:48 - 2012-10-14 20:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 20:47 - 2014-07-05 14:38 - 00000302 _____ () C:\Windows\Tasks\RegistryCleanerKit Startup.job
2014-12-04 20:47 - 2010-11-21 04:47 - 01404478 _____ () C:\Windows\PFRO.log
2014-12-04 20:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 20:47 - 2009-07-14 05:51 - 00254352 _____ () C:\Windows\setupact.log
2014-12-04 20:44 - 2014-11-02 16:18 - 00000000 ____D () C:\Windows\system32\log
2014-12-04 20:37 - 2012-10-14 20:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 20:33 - 2013-06-15 07:15 - 00000000 ____D () C:\Users\Negede
2014-12-04 20:29 - 2012-04-23 05:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 19:45 - 2014-10-04 09:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-04 18:38 - 2012-08-04 10:56 - 00000000 ____D () C:\Users\Henoch
2014-12-04 18:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-04 12:57 - 2012-02-24 05:01 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-03 16:32 - 2012-08-07 19:06 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Skype
2014-12-03 16:13 - 2014-11-01 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 14:29 - 2012-04-23 05:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 14:29 - 2012-04-23 05:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 14:29 - 2012-04-23 05:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 16:40 - 2014-02-01 14:38 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 17:28 - 2014-08-18 10:14 - 00000000 ____D () C:\Program Files (x86)\CABAL Online (EU)
2014-11-22 20:48 - 2014-06-07 18:38 - 00000002 _____ () C:\Users\Henoch\Downloads\myFile.txt
2014-11-22 20:47 - 2014-06-07 18:38 - 00000757 _____ () C:\Users\Henoch\Downloads\serial.txt
2014-11-20 21:10 - 2014-03-24 15:25 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Battle.net
2014-11-20 20:37 - 2012-09-11 14:27 - 00000000 ____D () C:\Users\Henoch\AppData\Local\CrashDumps
2014-11-18 16:59 - 2013-10-26 12:14 - 00000000 ____D () C:\Users\Henoch\Desktop\Naruto
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2012-08-04 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-11-17 08:36 - 2013-06-15 07:17 - 00126768 _____ () C:\Users\Negede\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 14:52 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-15 18:18 - 2009-07-14 05:45 - 00488488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 11:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 14:32 - 2012-10-14 20:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 14:32 - 2012-10-14 20:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 15:56 - 2014-04-30 15:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 19:37 - 2013-08-14 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:28 - 2012-10-15 16:18 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:20 - 2014-04-08 17:24 - 00000000 ____D () C:\Users\Henoch\Desktop\LoL
2014-11-09 11:49 - 2014-01-25 11:40 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\SoftGrid Client
2014-11-09 10:32 - 2013-06-15 07:16 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Adobe
2014-11-08 09:37 - 2012-04-23 05:44 - 00000000 ____D () C:\Program Files\Sony
2014-11-08 09:09 - 2012-04-23 05:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\Henoch\AppData\Local\Temp\wm.exe
Some content of TEMP:
====================
C:\Users\Henoch\AppData\Local\Temp\7z920.exe
C:\Users\Henoch\AppData\Local\Temp\AskSLib.dll
C:\Users\Henoch\AppData\Local\Temp\avgnt.exe
C:\Users\Henoch\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Henoch\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Henoch\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel0.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel1.exe
C:\Users\Henoch\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Henoch\AppData\Local\Temp\sdapskill.exe
C:\Users\Henoch\AppData\Local\Temp\sdaspwn.exe
C:\Users\Henoch\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henoch\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Henoch\AppData\Local\Temp\sfextra.dll
C:\Users\Henoch\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Henoch\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Henoch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\Softonic_DE_1-5-10_DE-Production_10_CleanRelease.exe
C:\Users\Henoch\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2276.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2776.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-4292.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-5688.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8172.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8400.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-9100.exe
C:\Users\Henoch\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Henoch\AppData\Local\Temp\wm.exe
C:\Users\Negede\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-29 11:23
==================== End Of Log ============================
Danke Für die Hilfe |
|
04.12.2014, 21:15
| #4 |
| | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Hier: mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.12.2014 Suchlauf-Zeit: 19:47:32 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.04.08 Rootkit Datenbank: v2014.12.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Henoch Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 404768 Verstrichene Zeit: 43 Min, 48 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 3 PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jcdgjdiieiljkfkdcloehkohchhpekkn, , [17c11549dca0cb6b6d9289daf013c739], PUP.Optional.FindADeal.A, HKU\S-1-5-21-3995798047-183456226-2512991475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\find-a-deal-2, , [4d8bd48a205c70c65034e38f0cf7e41c], PUP.Optional.SystemK.A, HKU\S-1-5-21-3995798047-183456226-2512991475-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SystemK, , [ecec65f9f686d75f23ab97cf689b07f9], Registrierungswerte: 1 Trojan.Winminer, HKU\S-1-5-21-3995798047-183456226-2512991475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wm, C:\Users\Henoch\AppData\Local\Temp\wm.exe, , [0dcb0f4f9edea49249a3e7199e640af6] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 2 PUP.Optional.Conduit.A, C:\Users\Henoch\AppData\Local\Temp\TestIfExeExist\CT3312806, , [15c3f36bd9a314225bd1e03ba65dfa06], PUP.Optional.Conduit.A, C:\Users\Henoch\AppData\Local\Temp\TestIfExeExist\CT3312806\nativeMessaging, , [15c3f36bd9a314225bd1e03ba65dfa06], Dateien: 14 Trojan.Winminer, C:\Users\Henoch\AppData\Local\Temp\wm.exe, , [0dcb0f4f9edea49249a3e7199e640af6], PUP.Optional.Softonic.A, C:\Users\Henoch\AppData\Local\Temp\Softonic_DE_1-5-10_DE-Production_10_CleanRelease.exe, , [e8f0aeb073097db96e7b94287d848d73], Riskware.BitcoinMiner, C:\Users\Henoch\AppData\Local\Temp\32\wincpu.exe, , [f3e55fff116b77bf4c955c0108f921df], PUP.Optional.AztecMedia.A, C:\Users\Henoch\AppData\Local\Temp\nspCD70.tmp\Helper.dll, , [b42483dbf08ce84ef3903003cc3915eb], PUP.Optional.AztecMedia.A, C:\Users\Henoch\AppData\Local\Temp\nspCD70.tmp\Starter.exe, , [01d7cb933e3eb77f81f369cae124e11f], PUP.Optional.AztecMedia.A, C:\Users\Negede\AppData\Local\Temp\nsaC2B7.tmp\Helper.dll, , [61775a04cdaff145c8bba29117eeda26], PUP.Optional.AztecMedia.A, C:\Users\Negede\AppData\Local\Temp\nsaC2B7.tmp\Starter.exe, , [10c8025c4f2d201643319a9937ce13ed], PUP.Optional.Linkey.A, C:\Windows\Temp\61176dd6\SettingsManagerSetup.exe, , [74640658ccb0b97d7eb3386bf20fdb25], PUP.Optional.Linkey.A, C:\Windows\Temp\cd6075b9\SettingsManagerSetup.exe, , [fbdd4519d4a861d5929f7033b94809f7], PUP.Optional.Iminent.A, C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, , [5880cb93106c80b6c49f77f835ce29d7], PUP.Optional.Wajam.A, C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage, , [0dcb1b43aece91a54321a5ca6b98c53b], PUP.Optional.Wajam.A, C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal, , [8652b5a97705072f82e27df249ba946c], PUP.Optional.Conduit.A, C:\Users\Henoch\AppData\Local\Temp\TestIfExeExist\CT3312806\nativeMessaging\TBMessagingHost.exe, , [15c3f36bd9a314225bd1e03ba65dfa06], PUP.Optional.DefaultSearch.A, C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");), ,[2cacf16da4d8dc5ad0f20b8d0df84eb2] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 04/12/2014 um 20:42:49
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Henoch - HENOCH-VAIO
# Gestartet von : C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : iSafeKrnl
Dienst Gefunden : iSafeKrnlBoot
Dienst Gefunden : iSafeKrnlKit
Dienst Gefunden : iSafeKrnlR3
Dienst Gefunden : iSafeNetFilter
Dienst Gefunden : iSafeService
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
Datei Gefunden : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gefunden : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gefunden : C:\Users\Henoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
Datei Gefunden : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\user.js
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gefunden : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gefunden : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gefunden : C:\Windows\System32\log\iSafeKrnlCall.log
Ordner Gefunden : C:\Program Files (x86)\Elex-tech
Ordner Gefunden : C:\ProgramData\iolo
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
Ordner Gefunden : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Ordner Gefunden : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Ordner Gefunden : C:\Users\Henoch\AppData\Local\CrashRpt
Ordner Gefunden : C:\Users\Henoch\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\Elex-tech
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\iolo
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}
Ordner Gefunden : C:\Users\Negede\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gefunden : C:\Users\Negede\AppData\Roaming\Elex-tech
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2481020
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gefunden : HKLM\SOFTWARE\SweetIM
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v26.0 (de)
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.affiliate_id", "3553");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.firstrun", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.log_send_info", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/m[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.no_trace", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: null\n1387712401514 - onFla[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.version", "1.26");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.LayoutId", "1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.ShowThankyouPixel", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.enabledAds", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent109", "1387712430303");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent110", "1387712448132");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent111", "1387712430307");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent112", "1387712430369");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent122", "1387712430312");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.version", "7.50.3.1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
[5wimzc6q.default] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
-\\ Google Chrome v39.0.2171.71
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
-\\ Comodo Dragon v
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-05&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gefunden [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gefunden [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
*************************
AdwCleaner[R0].txt - [14251 octets] - [04/12/2014 20:42:49]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14312 octets] ##########
Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 04/12/2014 um 20:56:21
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Henoch - HENOCH-VAIO
# Gestartet von : C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : iSafeKrnl
Dienst Gefunden : iSafeKrnlBoot
Dienst Gefunden : iSafeKrnlKit
Dienst Gefunden : iSafeKrnlR3
Dienst Gefunden : iSafeNetFilter
Dienst Gefunden : iSafeService
***** [ Dateien / Ordner ] *****
Ordner Gefunden : C:\Program Files (x86)\Elex-tech
Ordner Gefunden : C:\Users\Henoch\AppData\Roaming\Elex-tech
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v26.0 (de)
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.affiliate_id", "3553");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.firstrun", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.log_send_info", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/m[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.no_trace", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: null\n1387712401514 - onFla[...]
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("extensions.wajam.version", "1.26");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.LayoutId", "1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.ShowThankyouPixel", "0");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.enabledAds", "false");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent109", "1387712430303");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent110", "1387712448132");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent111", "1387712430307");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent112", "1387712430369");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.registerToolbarEvent122", "1387712430312");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.version", "7.50.3.1");
[5wimzc6q.default] - Zeile gefunden : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
[5wimzc6q.default] - Zeile gefunden : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
-\\ Google Chrome v39.0.2171.71
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
-\\ Comodo Dragon v
*************************
AdwCleaner[R0].txt - [14509 octets] - [04/12/2014 20:42:49]
AdwCleaner[R1].txt - [4333 octets] - [04/12/2014 20:56:21]
AdwCleaner[S0].txt - [15541 octets] - [04/12/2014 20:44:24]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4454 octets] ##########
Code:
ATTFilter # AdwCleaner v4.103 - Bericht erstellt am 04/12/2014 um 20:44:24
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-03.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Henoch - HENOCH-VAIO
# Gestartet von : C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\iolo
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
[!] Ordner Gelöscht : C:\Program Files (x86)\Elex-tech
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gelöscht : C:\Users\Henoch\AppData\Roaming\Elex-tech
Ordner Gelöscht : C:\Users\Henoch\AppData\Roaming\iolo
Ordner Gelöscht : C:\Users\Negede\AppData\Local\Temp\iSafeRightKeyScan
Ordner Gelöscht : C:\Users\Negede\AppData\Roaming\Elex-tech
Ordner Gelöscht : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Ordner Gelöscht : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
Datei Gelöscht : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
Datei Gelöscht : C:\Windows\System32\log\iSafeKrnlCall.log
Datei Gelöscht : C:\Users\Henoch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
Datei Gelöscht : C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\user.js
Datei Gelöscht : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
Datei Gelöscht : C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2481020
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c3e85ee9-5892-4142-b537-bceb3dac4c3d}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v26.0 (de)
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "3553");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/m[...]
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: null\n1387712401514 - onFla[...]
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.version", "1.26");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.LayoutId", "1");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.enabledAds", "false");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent109", "1387712430303");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent110", "1387712448132");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent111", "1387712430307");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent112", "1387712430369");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.registerToolbarEvent122", "1387712430312");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.version", "7.50.3.1");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
[5wimzc6q.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
-\\ Google Chrome v39.0.2171.71
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-05&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
-\\ Comodo Dragon v
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://anisearch.de/?page=suche&mode=auswahl&qsearch={searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Negede\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-07-05&apn_dtid=%5ECMD011%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gelöscht [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Henoch\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Gelöscht [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
*************************
AdwCleaner[R0].txt - [14509 octets] - [04/12/2014 20:42:49]
AdwCleaner[S0].txt - [15283 octets] - [04/12/2014 20:44:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15344 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Henoch on 04.12.2014 at 20:59:53,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] isafekrnl
Failed to stop: [Service] isafekrnlkit
Failed to stop: [Service] isafekrnlr3
Failed to stop: [Service] isafenetfilter
Failed to stop: [Service] isafeservice
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Henoch\AppData\Roaming\elex-tech"
Successfully deleted: [Folder] "C:\Users\Henoch\appdata\local\cre"
Failed to delete: [Folder] "C:\Program Files (x86)\elex-tech"
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0068C03D-36F6-402A-AB87-5E701F97EC75}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{007EDC0C-DB4F-4D2A-8DF6-76EEE828205B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{008FE068-0C87-433C-8FD0-27F97E7D6828}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{00A7E966-ACAB-46BD-9889-588F7B63AF35}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{029E04E5-D466-40EF-B4C8-87E8BB22730B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03291152-3627-400F-8E37-8F6352A8C86F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03B36BA1-6F18-47E9-B07C-B3D67D2EA869}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03BE32F9-9DA8-4AD7-83F4-F0E8A4D28886}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{03F2D33C-3190-48A0-BC32-715BEEF4F5CE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{05280976-D492-4544-8FC2-58C3BAF2F9C6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0646A333-7AAB-41C8-815A-5403FF962A44}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{072F04ED-CD8A-4130-A442-FA4F765E080E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{076C4DA0-EB2D-49E9-A769-7E981FA12A07}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0820C272-4B47-493F-B2A7-3975B02D7649}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0AE8CE4A-AA16-474C-960E-66A9A1FA93FA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0D4A2B38-FEA7-4211-9FFA-D0C66074D5CF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0D78B923-F959-4FAE-9903-BDED29D6C9F6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{0F21EF93-7CED-41F9-8135-0BAB64C1726B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1304D21D-55F1-42B2-91F0-12BEE5CBFA37}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1396F8E7-DD7A-411C-92EF-F175A219F419}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{14F9CF85-B8CF-469E-809C-4C8509EDD69E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{156CA0EE-C325-4811-A639-5A52DBC41E11}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{162B0D47-F7B4-4706-B9A0-4B8BA8E6DA0F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1A662ED7-DAB2-4DCC-8D41-C625397B45A1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1AC3852C-ED0D-4D47-A3F9-A056742A0E14}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1B0F86F8-D4B9-47BE-9C68-9EEBF692A78A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1B7FDB59-DB25-4596-A240-EA9E8945D3BA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{1DD46B2D-95C4-4FDD-ADC9-3A7400B1835C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2112FF6B-25D7-4BA3-8EC6-29B805BA5B43}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2156F5EE-68D1-4088-A6A8-23D242981756}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{21FAC655-E77F-4680-9D38-2C464AE25E49}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{23D7603D-AF41-4CC4-AEA0-B4BA2F0054EA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{24B399B0-7349-46C4-BC56-128285CB525D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{25999472-CFFD-4E4B-BCF0-91FFB2B86987}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{25A53CA1-10B4-475E-BE8E-50D80CAAFAF0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{26A1840D-DE17-4311-9774-9B1E848D43F2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{26F25A2C-BEF2-48E3-8EEE-EE70BB9A6152}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{27D08A0A-7499-4615-A40C-5D2446272D03}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{288AB76E-FCFE-4B8D-A107-787632595918}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{28B0E844-D8C8-4498-B4FC-9670676B2C55}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{290C410C-30AB-4A80-9412-993EC877C0BD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2A132FDE-F325-4F32-824E-CD75FA69A6CF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2B31163D-455C-4453-B555-7757E8E85C54}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2B68A1B3-7F8C-4A44-879F-3B74217803B3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2B6DE6B5-E2E4-4712-B262-4D45390B39BB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2C7D1443-03E2-4539-A011-8441FE6D5B96}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2DF338BF-B144-43D9-A9AA-4FB5BDC366C0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2E6943E6-EF4B-4614-863C-DB17D8AB147E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2E775E92-33A1-41CC-9EF7-5242F90D62C0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2F07BE98-6E64-40E9-8689-FE1182CDECC1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2F9F433C-7EFF-49D1-80C9-E935AF8C4DE3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{2FF7BF88-2C4B-4666-8DA3-0A623704DBA8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3034A5CA-1A0D-45EB-B24F-499E9597A9CF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{307FC519-B38C-42C1-A09C-076FD85B3580}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{309638F8-1322-436A-AB4A-F56F64238AC0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{30A609A5-1CD0-41E7-9971-B8C74E4A4342}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3219B956-BE71-4356-8713-A8204C620954}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{33331B3C-B4A7-40C2-ACC7-B16FF8FD65E5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{35194F46-C59A-47C0-927E-1D8573088144}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3813CCA0-AEEB-43CB-92C2-6C48F6A795E2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{381412CF-511C-4394-BF82-849BD0CA5488}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3A1B53F9-A3FC-4DB4-980B-485C44CAD626}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3BC2D61D-50BE-484D-AC23-589B00C5F6D6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3D202CF6-BC43-41E5-B256-A41402178CC6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3EE2797A-C88A-4B6F-A81E-AC7B88CCEEF4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3FE4D78E-F896-4419-AB2A-4E1AE7E31A76}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{3FFCD665-1FC4-499E-871D-3313E6127B35}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4032AB76-AC91-470D-94FE-C50856654C12}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{40D45FB4-275A-4508-9F5A-A476E3C53029}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{414284CB-799D-4F1A-8E69-FC92E0EF5571}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{41549BDF-87EC-4361-9CAC-B5B0584B5797}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4494FAC2-5235-4749-B8CA-68C7033D04DF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{455529A7-9652-4F04-BB33-AF204E6BB1E1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{47EA59ED-D0F5-48BA-A0A3-09CEFDA23C93}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4817581D-D459-430A-AFDA-369A31114185}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{48F5B149-D2F4-4499-B0F4-F9C2D3E9D279}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4B880976-6AFF-4B45-90F8-537C82129916}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4C072626-30E2-462A-94A2-3E84614F96D6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4CBA5A24-662B-48B0-8294-76DE15115B61}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4E7224EA-297F-4748-B3CA-89B7166F648D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4E86FD0D-88D6-4C40-9F34-B06E46E75049}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4EA4FC5E-3B10-4F9F-8AB6-19A091951E3A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4EC81182-95E5-4733-A961-303E9C71C699}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{4F605D8E-7A59-4D0E-9EBC-343C7A5F9F19}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{506D1108-FDC8-41B3-8343-622168573F50}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{526B747A-5AA7-4377-8E87-DA77C6327F4A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{53405CE3-749A-48CE-ABBE-C40328408514}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{545181B2-D04F-4A10-8A97-43E132D79507}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{54C0BD6D-2B97-47A7-B321-FDB03B42E8F3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{54C16B38-6AE8-4DAF-86D0-FA51A5524252}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{55CC92D5-1052-4F21-B53F-96C6763DE378}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{57B7166E-F88B-4A2B-8677-78BB4889F336}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{586CB17C-4273-40EE-BF56-5D31FE4AD2D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{596D3A70-D348-49F9-9C93-AB67092BD457}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5A913224-AC74-47B7-B7C4-9FF076CC3617}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5AFA5739-F573-4073-B708-2DE5DD2D5ADC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5B05F23F-B8C0-4E12-80C1-F8AFA7CE4CE7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5C77BFE3-B863-4164-A9F0-BF1B34DA3633}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5CBD422C-94C9-414E-B80C-1AE11A1AD2B1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5D523A87-6C54-43E3-83EE-C57209631146}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5DBCA463-F23A-4F34-9020-B374D1B0EBED}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5E3B2DE1-1A92-4329-80B3-3FC0F682EE48}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5E4A5DF6-1E86-4E99-8769-B9F68F42C3BC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5F4081F5-C982-4D86-A667-0B5AF3C0CDFA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{5FBAB3EF-BCC6-43D2-AC86-6EE5CB3D891E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6039F03A-BD93-4C84-8EB7-4CBE80324EFD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{61F9A428-BDA2-4F42-9185-FC082B3F4197}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6357DDCC-172B-4E0F-B848-20CFEB02B3C5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{63939698-50C5-4954-8A76-0CB45D285FE7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6450F488-77EB-4C67-A247-3A89CDACF60F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{650654AA-3B39-41F9-8136-BB29659B2BA9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{650CAC75-644A-4077-97E7-6D8D9C9AAC43}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{65BFE0B9-5382-4078-9799-CF7A37A977AD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{66D1FE6A-3F09-4D93-BAB6-E8DD291267B9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6785D256-5A4C-4FE1-8EB2-AB40CADBC15D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{68EAEDCB-0234-4E50-BC35-26DFAD8F1839}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6B456ACC-8692-43F6-8309-D2AD5D715D4F}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6B7EBCE7-7C9C-4730-836B-79D351B5BDEB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6C6E6367-AA2E-42A5-B794-29B3F19C5724}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6C9C83FE-8DB6-48E5-AC1D-8D7699754556}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6D167E7A-5719-4651-9DD7-137A987548FA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6E00131E-CA2B-4A1C-9D23-BB97F1A83403}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6E4CDB92-2025-41B1-AD39-C294FA5533C2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6E65312D-E623-47BD-8A83-47FED260E1D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6F043944-835B-4F86-9353-905E27BD3D22}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{6FC9D17D-BA71-41D8-9DAB-70A40C8D8BBC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{715EF16E-1205-4F3C-839F-1C36E8DA5B02}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{719BFD13-7B21-4ED6-A147-29ABD8846CDA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{71AFF0D6-2F40-4F70-99DC-525C8B15D86B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{72BA4000-5A8C-4C90-B5B5-3C233EF307D3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{738BDCCF-B6F2-4E44-AE3E-1E1BCE900589}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{73DB4DD0-AC55-43C7-9649-14BC1545D4F3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{75F4DA71-1FE6-4EBD-B0DC-8E8801B9ABFC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{763F4BCE-D9BD-4E67-95B7-82227763AB0C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{764045C4-17CC-4F07-BAA0-9433EDADB831}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{79A38E85-8287-4DC0-A997-1E07E99CF9FC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{7A8A6CB0-A496-4B20-B4E0-A0AE60A397A4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{7E59B9AE-650A-464F-8FF8-44051944E903}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{81DCF8B8-3B9A-420C-846A-40C774600489}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{81EA7DD4-2741-4239-9CA3-08176805B900}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{82297B71-F32E-4618-8474-4BB1710E3012}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{82F709A8-D8C3-4A77-95A8-50398951724B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{84C6FCC9-4A08-4E1A-A4BF-F2A5FB60633A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{875AB168-A109-40C9-9586-1E6F2770ED80}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{87D8FB96-5D4A-4A90-A3DC-466111FA6EE1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{8B4C9694-F1C3-4F1C-9060-02AF562991F7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{8EEA2EA4-14BA-4878-AFD8-9C2B7BA20E3A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{8F8015F6-5CB2-4C9A-A400-BD512A68C166}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{90371118-E8C9-40A6-B129-74B88122C2E5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{903899E2-473A-4909-BADC-1501D7B416B3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{90A7FE95-C86F-4115-9D43-8E4AFDFB5BBB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9155A91D-9262-42D6-9612-AB6E8A37C6D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{92E8D8B9-08B6-412F-9AC3-CDB52D75543E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9334040C-5AA9-48A3-94A2-68707C61AC62}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{942A1A08-C5F5-4237-BE14-683D1DCC4052}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9559364B-05D5-474C-AE1B-877A855BFD1A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{962DFDDA-2223-4F9C-8833-D38F94BE612C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{96DF5501-6AF4-42A7-9D91-4B0C85CD5D33}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{984D6CD9-2ECD-4137-BB7D-CE6DBB6B14CE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9894DBB4-A384-4FD1-A2F6-C6D8BBC2EF32}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9897BF2E-E0E2-4F7C-9317-256E14FED612}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{99180701-8331-4CF7-9B5C-4F4B85853F51}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{992637D9-7522-4FB8-9E50-41AB75894219}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{996F5A4C-F38E-4BE6-B97A-B6CBCA6A240D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9B071422-CBD0-43A2-84D9-D795B8FBD47B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9CC81DEA-D446-42BB-87E8-E1E84424D9EF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9F40BD2A-58D6-4C74-8C53-564B30F378D9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{9FDD3EDF-8386-4ED7-898C-0575C664456A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A18AB588-5DA7-4DEC-95DA-35E38407EC07}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A255B98A-83F5-4310-9BDB-5631F424A358}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A3661B9B-0DF3-42BF-A2D7-C472E8D5C0A9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A4871461-4818-4066-9454-161C428A51A5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A6F8E6AB-42A6-464E-851F-B62B932C91A8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A70C9A12-4AC4-4568-96D6-8CDBD78ED286}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A71FCE49-6368-4013-B1D5-3973993611B0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A74A07AF-F5EC-4BA7-809B-CE3934CE5C8D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A8222F1C-2955-4FDA-A350-A89D1B003304}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A8A15B94-9C8D-432C-ACD4-B414C34FA6BD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{A9E34E72-41D3-4646-BDD2-3015F70423E1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AA4E47C8-1384-4AD4-8535-23EDE2E2A2D3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AADFB505-CAE2-490A-AC05-0604F61DCE2A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AB320AD3-B7C6-42D6-BBE5-1840FAE8D847}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AB6DF812-AA6B-4B56-BC48-44DB453FCD98}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{ABA9DA80-51F4-4DF0-BDFC-CC3ACDDCDCB5}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AC48CFC7-40E6-41F3-8C4A-99374B44CF8C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{ACCC85F9-FF11-40D5-9A45-0E4A9CF409C1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AE27E7D2-D1CE-4A1D-9276-FED46A54D8F8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AE8C0C41-6CD5-4D44-9911-406524B44B3C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AEDB795B-B43B-47A3-8A24-6B7C2DB2A98C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{AEF9C83B-17E2-4F5E-A840-E0998E6825CB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B131D5BB-41CA-4794-89EA-9CE24574E303}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B1DF8AF1-9A36-421E-BAEF-1167CC5D3C18}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B28976F3-487B-45D7-B740-2EB4F5D6EAD1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B34D3A40-F703-4800-98E0-7F89D22966CD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B4B8CB48-F5F7-4EBF-BFF5-6E45D5DD08DA}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B5F834EC-AC6A-4978-9D8B-522799F6F0B7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B6D09FDC-EEBD-4DF9-8C78-A35C6A724816}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B7B3A32A-3B4C-46C5-BC73-B3F4C4854A21}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B8D980B4-AA7D-4D89-897D-58C10FE32CB9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{B92437BE-89A4-4743-BB89-5EF34134B3AE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA14B256-904D-455C-B6B7-4DA99E9D9BA8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA452966-9FEB-4218-8E20-9EFB4FA7CFD7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA6C8CE9-7616-4284-9484-E01A88C53651}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BA72D936-9BFF-46EE-B557-01E28BCE1FE4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BB03CBEB-74B0-46DC-94BA-6882271B9FA9}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BBEA3FBF-C2E8-41A4-96AD-2BB307548538}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BCA022BC-056E-4A3B-905F-715E49C2EB6D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BCD2D6DD-90B8-4756-A075-AEF651397EC2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BD1A87B3-B779-412B-8843-2E94ABDBC651}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BDCFC626-F232-4F49-92C9-64E8FFA9FA79}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{BFE9E6F6-96B8-4EC2-A46D-E948047B928D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C12216CF-49EE-4D5E-903C-861E1D384C65}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C21BCF28-29B5-4CCD-82FB-5A19A184ED60}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C4A961F6-DB89-4BF1-B7A5-9502FF26361A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C4EBEAEF-C1D0-4AD8-A008-A1DBFEBD50CE}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C716D444-6483-4952-8F10-DFC0E21EEC92}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C752DECD-4608-49C4-94F0-C65C3C82BB4C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C7FA1B01-8186-42F2-AC59-48A2DC5BC4DB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C81CE60A-8FED-47A7-99EC-CB0AA69F2F2E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C8D161EE-6401-4223-828D-23C3DA11D24C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C961B655-835E-4EC5-8BF3-819ABAC3536D}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C979F3CF-1B53-4DAC-B483-7F8FBBA9F4F2}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{C97E45EA-4D39-49E0-93F1-7DC80135D2B1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CA7CA0AF-9FDF-4023-A431-8936843B0E7A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CADE826E-ED1C-4D52-95B0-BE90E881B095}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CB50912B-4E26-4952-9BC4-337B4963C526}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CBBF79D4-F763-49FB-8D58-DF5825B23FD7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CE5C15B0-21D8-46FB-8F91-3290ECE482C1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CF36AF32-8EE1-4AAC-8BF6-7009684492B0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CF8DC9E2-FA96-48B3-B08F-36CBC2380052}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{CFF67602-F930-4FD9-9292-2AFE2E815E97}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D08D6F98-D0AC-4F7A-A832-F3162C956CA8}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D1E649FC-F466-4597-803E-9303BF7044B6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D2ED5CD1-C2EF-46F4-B65D-B9EB9A44B6DB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D4125EA8-895C-4E33-8834-8E1DB17301F6}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D4A859B7-1A65-48C3-9364-10A5404D3AA0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D5625DC4-F2ED-412E-A4C6-044A494FB473}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D6414171-E34A-4896-B424-68CF27C03D0C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D66207EC-2D84-473E-844D-1773EAAF75AC}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{D8AB553D-CB39-4E69-A30A-B00B8A362EA1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DB70F403-1DF6-493D-BE11-414607FE5258}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DC4A9952-CA75-431F-9218-6A6AE7BB311E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DD344C43-FF73-44C4-BFE8-859CAA1D4293}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DDC800D3-BD97-446C-A236-CDC23D4F0D68}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DE146BB4-3DF9-4BA2-BB34-2CFED7719C7E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{DEA17635-8B81-4501-A9BB-936D65C55652}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E01411E5-7CF0-404C-910B-A5F2B65D29CB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E017E9FF-ADEF-499C-B3CE-F425B8D9949B}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E1BCD3BE-0E6A-45B0-8A61-B64CF2BC49DB}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E1D52C45-491F-4684-8211-4968F45EF4BF}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E1D7C44A-E0DB-4933-970B-C7DFDCB206C7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E29778B0-2FB7-41F1-A789-4D3E04003C03}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E3F0CCC9-C53A-454C-AEA4-43D63EFBFB87}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E5340779-F5F0-4059-84A3-1E097E42EF5C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E56191C8-6E81-4E98-A2AD-15AE838812A0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E6509D7E-8C04-4CAA-83EF-9990B024DF1A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E6AAAD96-12A5-4D50-A10B-C382E64357A7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E7C13390-50BD-4AE8-B33D-60096325683C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E818EF9F-7160-4370-B2D7-450761C822F1}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E9373DAF-2E42-47C4-89BC-F25A5033A048}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{E94681FB-DC70-4B99-AF22-78B9F43F48C4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EB121EE4-BB45-4B64-8019-66FB119A0959}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EB54C328-4869-443A-92F6-13EE05933FF7}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EDD08B35-B130-4387-B91A-F77357A3784C}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{EE2FD5D8-7430-4BD7-B6EE-629482B873CD}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F03D47DA-CB62-48B5-B455-067315ABE581}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F04FAC81-6C82-4033-AB36-3200CA1C2A71}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F10142CE-7EC6-4EEE-B7EF-B0C0A1FC86B3}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F2BED5A8-6E60-4A3C-8B2E-ABD619D828E4}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F3D68BE8-072F-43B7-856B-CD2A3B0EED9A}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F70B0917-C036-4AB6-910A-938C0A1C3163}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F778EDA0-5665-41C4-9482-77F26A7CD7D0}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F854CB2E-4E60-4DAF-9D82-15A8FA70002E}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F88ACC60-AD28-434B-AFB6-C5B7CEB36F04}
Successfully deleted: [Empty Folder] C:\Users\Henoch\appdata\local\{F949DD2C-6267-4F2A-8DBE-85C8FFA7A44D}
~~~ FireFox
Successfully deleted the following from C:\Users\Henoch\AppData\Roaming\mozilla\firefox\profiles\5wimzc6q.default\prefs.js
user_pref("extensions.wajam.affiliate_id", "3553");
user_pref("extensions.wajam.firstrun", "false");
user_pref("extensions.wajam.log_send_info", "false");
user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":919,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/
user_pref("extensions.wajam.no_trace", "false");
user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM
user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_L
user_pref("extensions.wajam.supported_sites.wajam_settings.wajam_utils", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_
user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_L
user_pref("extensions.wajam.trace_log", "1387712400312 - processInstallationUpgrade - version set to : 1.26\n1387712400312 - processBrowserLoad - Bad mappingListJsonString: nu
user_pref("extensions.wajam.unique_id", "F7F6B7E9228251FB3D6200B04F855D42");
user_pref("extensions.wajam.user_current_mapping_version", "0");
user_pref("extensions.wajam.version", "1.26");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.adapters", "{\"facebook\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387712427052259200\"}}");
user_pref("iminent.enabledAds", "false");
user_pref("iminent.registerToolbarEvent109", "1387712430303");
user_pref("iminent.registerToolbarEvent110", "1387712448132");
user_pref("iminent.registerToolbarEvent111", "1387712430307");
user_pref("iminent.registerToolbarEvent112", "1387712430369");
user_pref("iminent.registerToolbarEvent122", "1387712430312");
user_pref("iminent.version", "7.50.3.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.50.3.1\",\"InstallEventCTime\":1387712399836,\"InstallEvent\":\"True\"}");
user_pref("keyword.URL", "hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=");
Emptied folder: C:\Users\Henoch\AppData\Roaming\mozilla\firefox\profiles\5wimzc6q.default\minidumps [9 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.12.2014 at 21:04:18,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Henoch (administrator) on HENOCH-VAIO on 04-12-2014 21:12:53
Running from C:\Users\Henoch\Downloads
Loaded Profiles: Henoch & Negede (Available profiles: Henoch & Negede)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Thisisu) C:\Users\Henoch\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-19] (Microsoft Corporation)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [LOLReplay Recorder] => "C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [wm] => C:\Users\Henoch\AppData\Local\Temp\wm.exe [5892096 2014-06-14] () <===== ATTENTION
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [15541 2014-12-04] ()
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-3995798047-183456226-2512991475-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
HKU\S-1-5-21-3995798047-183456226-2512991475-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
URLSearchHook: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {81DC31DA-8B77-49F8-8FEC-177610596CC0} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {96280204-BD24-4DE9-BDDC-7A031A59168E} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12521&tm=319&src=ds&p={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3995798047-183456226-2512991475-1003 -> No Name - {5786D022-540E-4699-B350-B4BE0AE94B79} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=
FF Homepage: hxxp://www.google.com
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3995798047-183456226-2512991475-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Henoch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\abs@avira.com [2014-08-17]
Chrome:
=======
CHR Profile: C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (AdBlock) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-17]
CHR Extension: (Google Wallet) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-10] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 21:12 - 2014-12-04 21:12 - 02117632 _____ (Farbar) C:\Users\Henoch\Downloads\FRST64.exe
2014-12-04 21:04 - 2014-12-04 21:04 - 00033734 _____ () C:\Users\Henoch\Desktop\JRT.txt
2014-12-04 20:59 - 2014-12-04 20:59 - 01707646 _____ (Thisisu) C:\Users\Henoch\Downloads\JRT.exe
2014-12-04 20:59 - 2014-12-04 20:59 - 00000000 ____D () C:\Windows\ERUNT
2014-12-04 20:50 - 2014-12-04 20:50 - 00000000 __SHD () C:\Users\Henoch\AppData\Local\EmieBrowserModeList
2014-12-04 20:42 - 2014-12-04 20:58 - 00000000 ____D () C:\AdwCleaner
2014-12-04 20:41 - 2014-12-04 20:41 - 02154496 _____ () C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
2014-12-04 20:40 - 2014-12-04 20:40 - 00004197 _____ () C:\Users\Henoch\Desktop\mbam.txt
2014-12-04 19:46 - 2014-12-04 20:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 19:45 - 2014-12-04 19:45 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-04 19:45 - 2014-12-04 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-04 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-04 19:44 - 2014-12-04 19:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Henoch\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-04 19:33 - 2014-12-04 19:33 - 00001264 _____ () C:\Users\Henoch\Desktop\Revo Uninstaller.lnk
2014-12-04 19:33 - 2014-12-04 19:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-04 19:32 - 2014-12-04 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Henoch\Downloads\revosetup95.exe
2014-12-04 17:21 - 2014-12-04 17:21 - 00045333 _____ () C:\Users\Henoch\Downloads\Addition.txt
2014-12-04 17:19 - 2014-12-04 21:12 - 00019546 _____ () C:\Users\Henoch\Downloads\FRST.txt
2014-12-04 17:19 - 2014-12-04 21:12 - 00000000 ____D () C:\FRST
2014-11-24 18:02 - 2014-11-24 18:02 - 00022528 _____ () C:\Users\Henoch\Downloads\(4) Uebung_SVerweis.xls
2014-11-22 18:43 - 2014-11-22 18:43 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth (1).rar
2014-11-22 18:37 - 2014-11-22 18:38 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth.rar
2014-11-20 08:42 - 2014-11-20 08:42 - 00930246 _____ () C:\Users\Negede\Downloads\sprache.html
2014-11-20 08:42 - 2014-11-20 08:42 - 00000000 ____D () C:\Users\Negede\Downloads\sprache_files
2014-11-19 10:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 10:45 - 2014-11-19 10:45 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-11-15 14:26 - 2014-11-15 14:26 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10 (1).exe
2014-11-15 14:26 - 2014-11-15 14:26 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-11-15 14:22 - 2014-12-04 20:58 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-15 14:21 - 2014-12-04 20:58 - 00000000 ____D () C:\ProgramData\Razer
2014-11-15 14:21 - 2014-12-04 20:57 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Razer
2014-11-15 14:20 - 2014-11-15 14:20 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10.exe
2014-11-12 16:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 16:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 16:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 10:23 - 2014-11-09 10:23 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\OpenOffice
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-04 21:00 - 2014-07-05 14:38 - 00000308 _____ () C:\Windows\Tasks\RegistryCleanerKit Maintenance.job
2014-12-04 20:57 - 2012-08-04 10:56 - 00126320 _____ () C:\Users\Henoch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 20:56 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:56 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 20:53 - 2012-08-04 10:54 - 01752161 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 20:48 - 2012-10-14 20:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 20:47 - 2014-07-05 14:38 - 00000302 _____ () C:\Windows\Tasks\RegistryCleanerKit Startup.job
2014-12-04 20:47 - 2010-11-21 04:47 - 01404478 _____ () C:\Windows\PFRO.log
2014-12-04 20:47 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-04 20:47 - 2009-07-14 05:51 - 00254352 _____ () C:\Windows\setupact.log
2014-12-04 20:44 - 2014-11-02 16:18 - 00000000 ____D () C:\Windows\system32\log
2014-12-04 20:37 - 2012-10-14 20:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 20:33 - 2013-06-15 07:15 - 00000000 ____D () C:\Users\Negede
2014-12-04 20:29 - 2012-04-23 05:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-04 19:45 - 2014-10-04 09:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-04 18:38 - 2012-08-04 10:56 - 00000000 ____D () C:\Users\Henoch
2014-12-04 18:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-04 12:57 - 2012-02-24 05:01 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-03 16:32 - 2012-08-07 19:06 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Skype
2014-12-03 16:13 - 2014-11-01 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-28 14:29 - 2012-04-23 05:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 14:29 - 2012-04-23 05:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 14:29 - 2012-04-23 05:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 16:40 - 2014-02-01 14:38 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 17:28 - 2014-08-18 10:14 - 00000000 ____D () C:\Program Files (x86)\CABAL Online (EU)
2014-11-22 20:48 - 2014-06-07 18:38 - 00000002 _____ () C:\Users\Henoch\Downloads\myFile.txt
2014-11-22 20:47 - 2014-06-07 18:38 - 00000757 _____ () C:\Users\Henoch\Downloads\serial.txt
2014-11-20 21:10 - 2014-03-24 15:25 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Battle.net
2014-11-20 20:37 - 2012-09-11 14:27 - 00000000 ____D () C:\Users\Henoch\AppData\Local\CrashDumps
2014-11-18 16:59 - 2013-10-26 12:14 - 00000000 ____D () C:\Users\Henoch\Desktop\Naruto
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2012-08-04 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-11-17 08:36 - 2013-06-15 07:17 - 00126768 _____ () C:\Users\Negede\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-16 14:52 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-15 18:18 - 2009-07-14 05:45 - 00488488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 11:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 14:32 - 2012-10-14 20:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 14:32 - 2012-10-14 20:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 15:56 - 2014-04-30 15:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 19:37 - 2013-08-14 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:28 - 2012-10-15 16:18 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:20 - 2014-04-08 17:24 - 00000000 ____D () C:\Users\Henoch\Desktop\LoL
2014-11-09 11:49 - 2014-01-25 11:40 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\SoftGrid Client
2014-11-09 10:32 - 2013-06-15 07:16 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Adobe
2014-11-08 09:37 - 2012-04-23 05:44 - 00000000 ____D () C:\Program Files\Sony
2014-11-08 09:09 - 2012-04-23 05:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Files to move or delete:
====================
C:\Users\Henoch\AppData\Local\Temp\wm.exe
Some content of TEMP:
====================
C:\Users\Henoch\AppData\Local\Temp\7z920.exe
C:\Users\Henoch\AppData\Local\Temp\AskSLib.dll
C:\Users\Henoch\AppData\Local\Temp\avgnt.exe
C:\Users\Henoch\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Henoch\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Henoch\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel0.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel1.exe
C:\Users\Henoch\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Henoch\AppData\Local\Temp\sdapskill.exe
C:\Users\Henoch\AppData\Local\Temp\sdaspwn.exe
C:\Users\Henoch\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henoch\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Henoch\AppData\Local\Temp\sfextra.dll
C:\Users\Henoch\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Henoch\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Henoch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\Softonic_DE_1-5-10_DE-Production_10_CleanRelease.exe
C:\Users\Henoch\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2276.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2776.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-4292.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-5688.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8172.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8400.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-9100.exe
C:\Users\Henoch\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Henoch\AppData\Local\Temp\wm.exe
C:\Users\Negede\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-29 11:23
==================== End Of Log ============================
Danke Für die Hilfe  |
|
05.12.2014, 17:11
| #5 |
| /// the machine /// TB-Ausbilder | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2014, 23:36
| #6 |
| | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Eset Log : Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=36da67d234a07e49b7c8e64012793b5b
# engine=21410
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-05 07:09:15
# local_time=2014-12-05 08:09:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 37533 283229845 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 9946 169436405 0 0
# scanned=270398
# found=62
# cleaned=0
# scan_time=9316
sh=F98FF661F688BD6F189859C2A78DBF6FCCF82AB9 ft=1 fh=3c245da402a56afe vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF10.dll"
sh=5AC84545928A543100162747573A2FC21A0F7FE9 ft=1 fh=97a7c4f97b8a424f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF11.dll"
sh=2C3F31F96AB81F79980D43706CF1563EE6D4003F ft=1 fh=dffa755347eabdc4 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF12.dll"
sh=2F2325AF9BD15CD4FD4478FC58656D65ED57BADB ft=1 fh=a7603299d719567f vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF13.dll"
sh=E2D3478615A2CE17029C1A7617756055DF28A3A4 ft=1 fh=1905ee0c2f27972c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF14.dll"
sh=526C185C213E90BC211C071DDC86386919A7E5C8 ft=1 fh=457840f59897b453 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF15.dll"
sh=7C2AAF865964FB063D9BDA5755445A78A336A83A ft=1 fh=a9705feca25dc0a2 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF16.dll"
sh=6605CC36937DC9A936B672A0C648A93D64FD7388 ft=1 fh=b42e5d115161fc7d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF17.dll"
sh=6DB28F00C804D1EE45A309858A3ACF56549F8230 ft=1 fh=fb9f0a7967faf4e8 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF18.dll"
sh=36130FFE3E3E9D3986675422E60256AED977C7AD ft=1 fh=b9dec59615116f53 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF19.dll"
sh=EE37C191CC84278A6FE513A9D32CDADA25C7CC3B ft=1 fh=6cd31d0033b6bba3 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF2.dll"
sh=B779F957A0B61C3F1FE8F2637E7D2865CEBE84D4 ft=1 fh=1d3a5ef665c59aa5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF20.dll"
sh=CF5E4EE03FC512AF7A7AD177EA967500D4E9BD5F ft=1 fh=7ff9df504bed4e37 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF21.dll"
sh=AAA8E83421D950082154883CADBD9BDBC892673E ft=1 fh=b5368ac0aaa9c198 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF22.dll"
sh=411B3904312945F6DC1DA2B640E83FF8AA2BB5CA ft=1 fh=0db430101a8640a3 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF23.dll"
sh=45EE235AB41563199A06176ECFAC91C57381FE5E ft=1 fh=3a66d4a6c16f0f6d vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF24.dll"
sh=C1A07783C043BD6AE547D431FF399E89A5D1FD52 ft=1 fh=f703fd5738c36679 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF25.dll"
sh=93F4EC00540BD4BB266528F56989C60551B1EC78 ft=1 fh=161dbc8c73c2898c vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF26.dll"
sh=A845ECC82397EE95D492BA3A87AE97BC29505FD1 ft=1 fh=a4d4ffb4f65bed06 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF27.dll"
sh=E7E0CD1C99DA287103F6CE9E08EE2711B5993E66 ft=1 fh=67f7062f656626ef vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF28.dll"
sh=02BDF10B123D2B329B87328A09D740F8C0214F51 ft=1 fh=d2c3f8c8a36e4e94 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF29.dll"
sh=F19E46E90C4F2B59699C930598B42D62DDEBB798 ft=1 fh=aebab918b46d0177 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF4.dll"
sh=094D50ADE95ED6A4C6F8FF4901158DA474EE166A ft=1 fh=c1a6a33dc66292d5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF5.dll"
sh=6479C7E628AB5170178C5CA73A58634643C337DF ft=1 fh=741e7d64dc3bd2b5 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF6.dll"
sh=C5C13B3455F8254F3E99593CD4D7847AE72A248D ft=1 fh=243127f4590a6a06 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF7.dll"
sh=5289B30273EEBE3ECB6BC5B8D9C4AC1019CC0BB6 ft=1 fh=e93a294cab38fa42 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF8.dll"
sh=7AB8092A1021279F6F5C56D57A3ABDC4186FFA4B ft=1 fh=0a8122557f3ca4eb vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}\components\SystemKHlpFF9.dll"
sh=84BA7CE9BB5349FE07C51570C18BDEFE4E1B7B49 ft=1 fh=0daff4bfd69a016e vn="Variante von Win32/ELEX.AS evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elex-tech\YAC\update\0\yac.exe"
sh=D5A9CA69C22CC3637B40A97C1552A4B818DBF612 ft=1 fh=ec572568c8ca44cb vn="Win32/Somoto.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=67CDCC380A61E1A1B58BDBA8AB61BE15B3C8F306 ft=1 fh=59d610fc05b436f2 vn="Win32/Somoto.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001"
sh=184A8C16B04DF0D124BF1D71AF1DC6AC83148CF5 ft=1 fh=86d0cf42261809ff vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMB2G1E3\sdpupdater[1].exe"
sh=F72BD859EFB3A5412744CB6CE3556591AD788A9A ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Temp\EE32.tmp"
sh=F3C848B67FD2914516F83FB65B204F61768C4EFB ft=1 fh=b7e14907d3f07c71 vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Temp\UpdateCheckerSetup.exe"
sh=C7BC64ABAB651C8EE70E8AC718C845694C918252 ft=1 fh=7a4a681236cc92d6 vn="Variante von MSIL/CoinMiner.LX Trojaner" ac=I fn="C:\Users\Henoch\AppData\Local\Temp\wm.exe"
sh=8992F72873D09212597E582A16F8D9BC60E6A22A ft=1 fh=e21391a34e842ffc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Temp\is-VLKJM.tmp\ConduitInstaller.exe"
sh=3AD68F48C4DD78E8DE3F13C2094EC1156E66C100 ft=1 fh=3fc6f4f46e3969bf vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Temp\nspCD70.tmp\Helper.dll"
sh=A16040B7A677927850D1197F7309571668606172 ft=1 fh=9e76c0a9b20fde3a vn="Variante von Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Temp\nspCD70.tmp\Starter.exe"
sh=7FE8D5A128ADB5FD2A64F0007BDE50CAC7A47D2A ft=1 fh=87c2ef1442b79444 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\AppData\Local\Temp\TestIfExeExist\CT3312806\nativeMessaging\TBMessagingHost.exe"
sh=E441CAA5F2ACDCB307262B3C093698D8B0BDEEBF ft=1 fh=a7c3ffa22a32a3f2 vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\dffsetup-sdl.exe"
sh=F37B8A6497FFCD2BA6CCA13596D548CE3D474BD0 ft=1 fh=c15d0b786ff2072c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\FileConverter_1_3.exe"
sh=C085221EC58B8B0E7D0282A9DB09073DBF968085 ft=1 fh=46450c78a89fd884 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\FreeEasyCDDVDBurnerSetup-r101-w.exe"
sh=6672D150583987FEAF35E3D2FB9C20F738DD922D ft=1 fh=b8327f03a9053238 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe"
sh=E9341FAC28CC8904E4CCCDD9F322782C00B8240C ft=1 fh=beb19d50bcebd4bb vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\Microsoft-Word-2010-Setup.exe"
sh=F34836B3E88FF22A963AEDC2AE2AE253EE5F5918 ft=1 fh=56ac6279bcebd4bb vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\Microsoft-Word-2013-Setup.exe"
sh=895827882D8F842FDE226ED76D44BD2ACD78D458 ft=1 fh=5d6bf3922e922e0b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\OpenOffice - CHIP-Installer.exe"
sh=CD59ECB0C890356C24E644F8696294794862A4A5 ft=1 fh=380e55fe3ea9272c vn="Variante von Win32/ELEX.AS evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\yet_another_cleaner_sk.exe"
sh=CD59ECB0C890356C24E644F8696294794862A4A5 ft=1 fh=380e55fe3ea9272c vn="Variante von Win32/ELEX.AS evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Henoch\Downloads\yet_another_cleaner_sk_95082.exe"
sh=70E94C3740C0A11D19CB4D5D71D4B92F4C742571 ft=1 fh=9e7fba2aaf4b3dbf vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Negede\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FM0C0D1F\tbedrs[1].dll"
sh=782D08A2CCB01B6C1C392B59439FE10854A7CA61 ft=1 fh=1946932e991d6526 vn="Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Negede\AppData\Local\Temp\nsaC2B7.tmp\Helper.dll"
sh=E6C216FB24253BDC4B60CAF51A2DF8E5E392C75E ft=1 fh=f3d6cb12a8c9e906 vn="Variante von Win32/Toolbar.SearchSuite.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Negede\AppData\Local\Temp\nsaC2B7.tmp\Starter.exe"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Negede\AppData\LocalLow\Ashampoo_DE\ldrtbAsha.dll"
sh=70E94C3740C0A11D19CB4D5D71D4B92F4C742571 ft=1 fh=9e7fba2aaf4b3dbf vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Negede\AppData\LocalLow\Ashampoo_DE\tbAsh1.dll"
sh=186610DDE8D5C8C57516974E04E3ABC141D652A4 ft=1 fh=35a7f7204b1f9b57 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Negede\AppData\LocalLow\Ashampoo_DE\tbAsha.dll"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Negede\AppData\LocalLow\Ashampoo_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll"
sh=1904960C691534B7B08866F9EB467426B28DE60B ft=1 fh=68b53c82e2280fe5 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\61176dd6\SettingsManagerSetup.exe"
sh=A26604323B0E16FA02F36CD10E818AE200FF98EE ft=1 fh=591fe432f701ea93 vn="Variante von Win32/Toolbar.SearchSuite.U evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\cd6075b9\SettingsManagerSetup.exe"
sh=9F9CF6762E257F68F6623E8B86E62819BB182C87 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\scoped_dir_5496_27341\SweetNT.crx"
sh=DE893A81A6198A160DBFB6991B00FD1CC4311382 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\scoped_dir_5496_30076\iokhogohoamdhejdbenjbjkhjmjlggab.crx"
sh=F205AF462E34D6980666FA8D8CCA69AE4650BDA2 ft=1 fh=b87f4d75e98f69a0 vn="Variante von Win32/Toolbar.Conduit.AA evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\scoped_dir_5496_30076\CRX_INSTALL\TBHostSupport\TBHostSupport.dll"
sh=95ADC7925C2BB20FACE637E7031972F8E208FA33 ft=0 fh=0000000000000000 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Temp\scoped_dir_5496_3585\SweetFB.crx"
sh=1914A670055A82F4C52AC3663D34DD228E8A330E ft=1 fh=cab9054f9094966b vn="MSIL/CoinMiner.LX Trojaner" ac=I fn="C:\wm\update.exe"
sh=7257593717488C44CB6F31E877968A341751D505 ft=1 fh=962d13fafa6da322 vn="MSIL/CoinMiner.LX Trojaner" ac=I fn="C:\wm\wm.exe"
checkup.txt : Code:
ATTFilter Results of screen317's Security Check version 0.99.91
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
YAC(Yet Another Cleaner!)
Java(TM) 7 Update 1
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.239
Adobe Reader XI
Mozilla Firefox 26.0 Firefox out of Date!
Google Chrome 38.0.2125.111 Google Chrome out of date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Log : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Henoch (administrator) on HENOCH-VAIO on 05-12-2014 23:25:10
Running from C:\Users\Henoch\Downloads
Loaded Profile: Henoch (Available profiles: Henoch & Negede)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Henoch\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\bugreport.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-19] (Microsoft Corporation)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [LOLReplay Recorder] => "C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [wm] => C:\Users\Henoch\AppData\Local\Temp\wm.exe [5892096 2014-06-14] () <===== ATTENTION
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [15541 2014-12-04] ()
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {81DC31DA-8B77-49F8-8FEC-177610596CC0} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=
FF Homepage: hxxp://www.google.com
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3995798047-183456226-2512991475-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Henoch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\abs@avira.com [2014-08-17]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (Adblock Plus) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-12-04] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-10] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-04] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participações Ltda)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-05 23:19 - 2014-12-05 23:19 - 00852490 _____ () C:\Users\Henoch\Desktop\SecurityCheck.exe
2014-12-05 17:29 - 2014-12-05 23:18 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-05 17:18 - 2014-12-05 17:18 - 02347384 _____ (ESET) C:\Users\Henoch\Downloads\esetsmartinstaller_deu.exe
2014-12-05 15:19 - 2014-12-05 15:19 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Elex-tech
2014-12-05 14:01 - 2014-12-05 14:01 - 324813198 _____ () C:\Users\Henoch\Downloads\The Binding Of Isaac Rebirth FULL GAME.rar
2014-12-05 13:25 - 2014-12-05 13:25 - 00000196 _____ () C:\Users\Henoch\Downloads\ea280f43-e3a0-4ccd-89af-032f239e9da8.htm
2014-12-05 13:25 - 2014-12-05 13:25 - 00000196 _____ () C:\Users\Henoch\Downloads\ea280f43-e3a0-4ccd-89af-032f239e9da8 (2).htm
2014-12-05 13:25 - 2014-12-05 13:25 - 00000196 _____ () C:\Users\Henoch\Downloads\ea280f43-e3a0-4ccd-89af-032f239e9da8 (1).htm
2014-12-05 09:40 - 2014-12-04 10:12 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-12-04 21:43 - 2014-12-04 21:43 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Elex-tech
2014-12-04 21:12 - 2014-12-04 21:12 - 02117632 _____ (Farbar) C:\Users\Henoch\Downloads\FRST64.exe
2014-12-04 21:04 - 2014-12-04 21:04 - 00033734 _____ () C:\Users\Henoch\Desktop\JRT.txt
2014-12-04 20:59 - 2014-12-04 20:59 - 01707646 _____ (Thisisu) C:\Users\Henoch\Downloads\JRT.exe
2014-12-04 20:59 - 2014-12-04 20:59 - 00000000 ____D () C:\Windows\ERUNT
2014-12-04 20:50 - 2014-12-04 20:50 - 00000000 __SHD () C:\Users\Henoch\AppData\Local\EmieBrowserModeList
2014-12-04 20:42 - 2014-12-04 20:58 - 00000000 ____D () C:\AdwCleaner
2014-12-04 20:41 - 2014-12-04 20:41 - 02154496 _____ () C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
2014-12-04 20:40 - 2014-12-04 20:40 - 00004197 _____ () C:\Users\Henoch\Desktop\mbam.txt
2014-12-04 19:46 - 2014-12-04 20:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 19:45 - 2014-12-04 19:45 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-04 19:45 - 2014-12-04 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-04 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-04 19:44 - 2014-12-04 19:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Henoch\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-04 19:33 - 2014-12-04 19:33 - 00001264 _____ () C:\Users\Henoch\Desktop\Revo Uninstaller.lnk
2014-12-04 19:33 - 2014-12-04 19:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-04 19:32 - 2014-12-04 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Henoch\Downloads\revosetup95.exe
2014-12-04 17:21 - 2014-12-04 17:21 - 00045333 _____ () C:\Users\Henoch\Downloads\Addition.txt
2014-12-04 17:19 - 2014-12-05 23:25 - 00018310 _____ () C:\Users\Henoch\Downloads\FRST.txt
2014-12-04 17:19 - 2014-12-05 23:25 - 00000000 ____D () C:\FRST
2014-11-24 18:02 - 2014-11-24 18:02 - 00022528 _____ () C:\Users\Henoch\Downloads\(4) Uebung_SVerweis.xls
2014-11-22 18:43 - 2014-11-22 18:43 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth (1).rar
2014-11-22 18:37 - 2014-11-22 18:38 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth.rar
2014-11-20 08:42 - 2014-11-20 08:42 - 00930246 _____ () C:\Users\Negede\Downloads\sprache.html
2014-11-20 08:42 - 2014-11-20 08:42 - 00000000 ____D () C:\Users\Negede\Downloads\sprache_files
2014-11-19 10:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 10:45 - 2014-11-19 10:45 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-11-15 14:26 - 2014-11-15 14:26 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10 (1).exe
2014-11-15 14:26 - 2014-11-15 14:26 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-11-15 14:22 - 2014-12-04 20:58 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-15 14:21 - 2014-12-04 20:58 - 00000000 ____D () C:\ProgramData\Razer
2014-11-15 14:21 - 2014-12-04 20:57 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Razer
2014-11-15 14:20 - 2014-11-15 14:20 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10.exe
2014-11-12 16:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 16:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 16:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 10:23 - 2014-11-09 10:23 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\OpenOffice
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-05 23:29 - 2012-04-23 05:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 23:00 - 2014-07-05 14:38 - 00000308 _____ () C:\Windows\Tasks\RegistryCleanerKit Maintenance.job
2014-12-05 22:37 - 2012-10-14 20:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 19:37 - 2012-08-04 10:54 - 01817951 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 17:33 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 17:33 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-05 17:24 - 2014-07-05 14:38 - 00000302 _____ () C:\Windows\Tasks\RegistryCleanerKit Startup.job
2014-12-05 17:24 - 2012-10-14 20:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 17:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 17:24 - 2009-07-14 05:51 - 00255528 _____ () C:\Windows\setupact.log
2014-12-05 16:50 - 2012-08-07 19:06 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Skype
2014-12-05 16:13 - 2014-11-01 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-05 16:10 - 2014-09-19 18:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-05 16:10 - 2012-04-23 05:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-05 15:19 - 2013-06-15 07:17 - 00126320 _____ () C:\Users\Negede\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 15:18 - 2010-11-21 04:47 - 01424716 _____ () C:\Windows\PFRO.log
2014-12-05 09:40 - 2014-11-02 16:18 - 00000000 ____D () C:\Windows\system32\log
2014-12-04 21:42 - 2009-07-14 05:45 - 00491136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-04 20:57 - 2012-08-04 10:56 - 00126320 _____ () C:\Users\Henoch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 20:33 - 2013-06-15 07:15 - 00000000 ____D () C:\Users\Negede
2014-12-04 19:45 - 2014-10-04 09:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-04 18:38 - 2012-08-04 10:56 - 00000000 ____D () C:\Users\Henoch
2014-12-04 18:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-04 12:57 - 2012-02-24 05:01 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-28 14:29 - 2012-04-23 05:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 14:29 - 2012-04-23 05:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 14:29 - 2012-04-23 05:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 16:40 - 2014-02-01 14:38 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 17:28 - 2014-08-18 10:14 - 00000000 ____D () C:\Program Files (x86)\CABAL Online (EU)
2014-11-22 20:48 - 2014-06-07 18:38 - 00000002 _____ () C:\Users\Henoch\Downloads\myFile.txt
2014-11-22 20:47 - 2014-06-07 18:38 - 00000757 _____ () C:\Users\Henoch\Downloads\serial.txt
2014-11-20 21:10 - 2014-03-24 15:25 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Battle.net
2014-11-20 20:37 - 2012-09-11 14:27 - 00000000 ____D () C:\Users\Henoch\AppData\Local\CrashDumps
2014-11-18 16:59 - 2013-10-26 12:14 - 00000000 ____D () C:\Users\Henoch\Desktop\Naruto
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2012-08-04 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-11-16 14:52 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-15 11:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 14:32 - 2012-10-14 20:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 14:32 - 2012-10-14 20:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 15:56 - 2014-04-30 15:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 19:37 - 2013-08-14 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:28 - 2012-10-15 16:18 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:20 - 2014-04-08 17:24 - 00000000 ____D () C:\Users\Henoch\Desktop\LoL
2014-11-09 11:49 - 2014-01-25 11:40 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\SoftGrid Client
2014-11-09 10:32 - 2013-06-15 07:16 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Adobe
2014-11-08 09:37 - 2012-04-23 05:44 - 00000000 ____D () C:\Program Files\Sony
2014-11-08 09:09 - 2012-04-23 05:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
Files to move or delete:
====================
C:\Users\Henoch\AppData\Local\Temp\wm.exe
Some content of TEMP:
====================
C:\Users\Henoch\AppData\Local\Temp\7z920.exe
C:\Users\Henoch\AppData\Local\Temp\AskSLib.dll
C:\Users\Henoch\AppData\Local\Temp\avgnt.exe
C:\Users\Henoch\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\Henoch\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Henoch\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel0.exe
C:\Users\Henoch\AppData\Local\Temp\i4jdel1.exe
C:\Users\Henoch\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Henoch\AppData\Local\Temp\sdapskill.exe
C:\Users\Henoch\AppData\Local\Temp\sdaspwn.exe
C:\Users\Henoch\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Henoch\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Henoch\AppData\Local\Temp\sfextra.dll
C:\Users\Henoch\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Henoch\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Henoch\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Henoch\AppData\Local\Temp\Softonic_DE_1-5-10_DE-Production_10_CleanRelease.exe
C:\Users\Henoch\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Henoch\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2276.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-2776.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-4292.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-5688.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8172.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-8400.exe
C:\Users\Henoch\AppData\Local\Temp\Uninstaller-9100.exe
C:\Users\Henoch\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Henoch\AppData\Local\Temp\wm.exe
C:\Users\Negede\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 20:34
==================== End Of Log ============================
--- --- --- hi, Naja ich hab meine pc neu gestartet aber der Bildschirm ist immernoch schwarz... noch irgendwelche Ideen um das Problem zu lösen ? |
|
06.12.2014, 21:58
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Java, Firefox und Chrome updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\extensions
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [wm] => C:\Users\Henoch\AppData\Local\Temp\wm.exe [5892096 2014-06-14] () <===== ATTENTION
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-04] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participações Ltda)
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.12.2014, 23:39
| #8 |
| | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 02
Ran by Henoch at 2014-12-06 23:20:58 Run:1
Running from C:\Users\Henoch\Desktop
Loaded Profile: Henoch (Available profiles: Henoch & Negede)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\extensions
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [wm] => C:\Users\Henoch\AppData\Local\Temp\wm.exe [5892096 2014-06-14] () <===== ATTENTION
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-04] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participações Ltda)
Emptytemp:
*****************
C:\extensions => Moved successfully.
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wm => value deleted successfully.
iSafeKrnl => Unable to stop service
iSafeKrnl => Error deleting Service
iSafeKrnlBoot => Error deleting Service
iSafeKrnlKit => Unable to stop service
iSafeKrnlKit => Error deleting Service
iSafeKrnlR3 => Unable to stop service
iSafeKrnlR3 => Error deleting Service
iSafeNetFilter => Unable to stop service
iSafeNetFilter => Error deleting Service
EmptyTemp: => Removed 6.1 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
|
|
07.12.2014, 21:04
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Bitte mal den Rechner neu starten falls noch nicht geschehen und ein frisches FRST log posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.12.2014, 21:48
| #10 |
| | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen FRST LOG : FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Henoch (administrator) on HENOCH-VAIO on 07-12-2014 21:45:01
Running from C:\Users\Henoch\Desktop
Loaded Profile: Henoch (Available profiles: Henoch & Negede)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2014-08-19] (Microsoft Corporation)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Run: [LOLReplay Recorder] => "C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [15541 2014-12-04] ()
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3995798047-183456226-2512991475-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3995798047-183456226-2512991475-1001 -> {81DC31DA-8B77-49F8-8FEC-177610596CC0} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default
FF Keyword.URL: hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=
FF Homepage: hxxp://www.google.com
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3995798047-183456226-2512991475-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Henoch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\Extensions\abs@avira.com [2014-08-17]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (Adblock Plus) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\Henoch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fkjoiggkbepedjmjjbhhecjiimlckcga] - C:\Users\Henoch\AppData\Local\CRE\fkjoiggkbepedjmjjbhhecjiimlckcga.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iokhogohoamdhejdbenjbjkhjmjlggab] - C:\Users\Henoch\AppData\Local\CRE\iokhogohoamdhejdbenjbjkhjmjlggab.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-23] (Atheros Commnucations) [File not signed]
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [112256 2012-03-21] (Atheros Communication Inc.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-13] ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-12-04] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-03-13] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5284208 2013-10-30] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-10] ()
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-23] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [421664 2012-02-23] (Atheros)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-04] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-04] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participações Ltda)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [36128 2012-02-23] (Atheros)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-03-13] (Synaptics Incorporated)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-07 21:45 - 2014-12-07 21:45 - 00017459 _____ () C:\Users\Henoch\Desktop\FRST.txt
2014-12-06 23:20 - 2014-12-07 21:44 - 00000000 ____D () C:\Users\Henoch\Desktop\FRST-OlderVersion
2014-12-06 23:16 - 2014-12-06 23:15 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-06 23:15 - 2014-12-06 23:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-06 23:15 - 2014-12-06 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-06 23:14 - 2014-12-06 23:14 - 00638888 _____ (Oracle Corporation) C:\Users\Henoch\Downloads\chromeinstall-8u25.exe
2014-12-06 22:49 - 2014-12-06 23:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-05 23:19 - 2014-12-05 23:19 - 00852490 _____ () C:\Users\Henoch\Desktop\SecurityCheck.exe
2014-12-05 17:18 - 2014-12-05 17:18 - 02347384 _____ (ESET) C:\Users\Henoch\Downloads\esetsmartinstaller_deu.exe
2014-12-05 15:19 - 2014-12-05 15:19 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Elex-tech
2014-12-05 14:01 - 2014-12-05 14:01 - 324813198 _____ () C:\Users\Henoch\Downloads\The Binding Of Isaac Rebirth FULL GAME.rar
2014-12-05 13:25 - 2014-12-05 13:25 - 00000196 _____ () C:\Users\Henoch\Downloads\ea280f43-e3a0-4ccd-89af-032f239e9da8.htm
2014-12-05 13:25 - 2014-12-05 13:25 - 00000196 _____ () C:\Users\Henoch\Downloads\ea280f43-e3a0-4ccd-89af-032f239e9da8 (2).htm
2014-12-05 13:25 - 2014-12-05 13:25 - 00000196 _____ () C:\Users\Henoch\Downloads\ea280f43-e3a0-4ccd-89af-032f239e9da8 (1).htm
2014-12-05 09:40 - 2014-12-04 10:12 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-12-04 21:43 - 2014-12-05 23:42 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Elex-tech
2014-12-04 21:12 - 2014-12-07 21:44 - 02119680 _____ (Farbar) C:\Users\Henoch\Desktop\FRST64.exe
2014-12-04 21:04 - 2014-12-04 21:04 - 00033734 _____ () C:\Users\Henoch\Desktop\JRT.txt
2014-12-04 20:59 - 2014-12-04 20:59 - 01707646 _____ (Thisisu) C:\Users\Henoch\Downloads\JRT.exe
2014-12-04 20:59 - 2014-12-04 20:59 - 00000000 ____D () C:\Windows\ERUNT
2014-12-04 20:50 - 2014-12-04 20:50 - 00000000 __SHD () C:\Users\Henoch\AppData\Local\EmieBrowserModeList
2014-12-04 20:42 - 2014-12-04 20:58 - 00000000 ____D () C:\AdwCleaner
2014-12-04 20:41 - 2014-12-04 20:41 - 02154496 _____ () C:\Users\Henoch\Downloads\AdwCleaner_4.103.exe
2014-12-04 20:40 - 2014-12-04 20:40 - 00004197 _____ () C:\Users\Henoch\Desktop\mbam.txt
2014-12-04 19:46 - 2014-12-04 20:38 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-04 19:45 - 2014-12-04 19:45 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-04 19:45 - 2014-12-04 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-04 19:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-04 19:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-04 19:44 - 2014-12-04 19:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Henoch\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-04 19:33 - 2014-12-04 19:33 - 00001264 _____ () C:\Users\Henoch\Desktop\Revo Uninstaller.lnk
2014-12-04 19:33 - 2014-12-04 19:33 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-04 19:32 - 2014-12-04 19:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Henoch\Downloads\revosetup95.exe
2014-12-04 17:21 - 2014-12-04 17:21 - 00045333 _____ () C:\Users\Henoch\Downloads\Addition.txt
2014-12-04 17:19 - 2014-12-07 21:45 - 00000000 ____D () C:\FRST
2014-12-04 17:19 - 2014-12-05 23:31 - 00043074 _____ () C:\Users\Henoch\Downloads\FRST.txt
2014-11-24 18:02 - 2014-11-24 18:02 - 00022528 _____ () C:\Users\Henoch\Downloads\(4) Uebung_SVerweis.xls
2014-11-22 18:43 - 2014-11-22 18:43 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth (1).rar
2014-11-22 18:37 - 2014-11-22 18:38 - 01159216 _____ () C:\Users\Henoch\Downloads\The Binding of Isaac Rebirth.rar
2014-11-20 08:42 - 2014-11-20 08:42 - 00930246 _____ () C:\Users\Negede\Downloads\sprache.html
2014-11-20 08:42 - 2014-11-20 08:42 - 00000000 ____D () C:\Users\Negede\Downloads\sprache_files
2014-11-19 10:50 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:50 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:50 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 10:45 - 2014-11-19 10:45 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-11-15 14:26 - 2014-11-15 14:26 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10 (1).exe
2014-11-15 14:26 - 2014-11-15 14:26 - 00000000 ____D () C:\ProgramData\RzMaelstromVAD_1.1.58.1854
2014-11-15 14:22 - 2014-12-04 20:58 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-15 14:21 - 2014-12-04 20:58 - 00000000 ____D () C:\ProgramData\Razer
2014-11-15 14:21 - 2014-12-04 20:57 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Razer
2014-11-15 14:20 - 2014-11-15 14:20 - 01725304 _____ (Razer Inc.) C:\Users\Henoch\Downloads\RazerSurroundInstaller_v2.00.10.exe
2014-11-12 16:18 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:18 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:18 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:18 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 16:18 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:18 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 16:18 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:18 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 16:18 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:18 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:18 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:18 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:18 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:18 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:18 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:18 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:18 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:18 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:18 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:18 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:18 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:18 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:18 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:18 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:18 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:18 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:18 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 16:18 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:18 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:18 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:18 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:18 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:18 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:18 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 16:18 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 16:18 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 16:18 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:18 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 16:18 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:18 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:18 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:18 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 16:18 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 16:18 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:18 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:17 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:17 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:17 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:17 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:17 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 16:17 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 16:17 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:17 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:17 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:17 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 16:17 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 16:17 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 16:17 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:17 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 16:17 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 16:17 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-09 10:23 - 2014-11-09 10:23 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\OpenOffice
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-07 21:43 - 2014-07-05 14:38 - 00000302 _____ () C:\Windows\Tasks\RegistryCleanerKit Startup.job
2014-12-07 21:43 - 2012-10-14 20:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 21:40 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 21:40 - 2009-07-14 05:45 - 00028576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 21:37 - 2012-10-14 20:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 21:36 - 2012-08-04 10:54 - 01891260 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 21:32 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 21:32 - 2009-07-14 05:51 - 00257152 _____ () C:\Windows\setupact.log
2014-12-07 21:29 - 2012-04-23 05:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 21:00 - 2014-07-05 14:38 - 00000308 _____ () C:\Windows\Tasks\RegistryCleanerKit Maintenance.job
2014-12-06 23:29 - 2013-11-27 17:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-06 23:17 - 2012-04-23 05:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-06 23:15 - 2012-04-23 05:14 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-06 23:15 - 2012-04-23 05:14 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-06 23:15 - 2012-04-23 05:14 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-06 22:42 - 2012-08-07 19:06 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Skype
2014-12-05 23:33 - 2010-11-21 04:47 - 01425354 _____ () C:\Windows\PFRO.log
2014-12-05 16:13 - 2014-11-01 17:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-05 16:10 - 2014-09-19 18:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-05 16:10 - 2012-04-23 05:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-05 15:19 - 2013-06-15 07:17 - 00126320 _____ () C:\Users\Negede\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 09:40 - 2014-11-02 16:18 - 00000000 ____D () C:\Windows\system32\log
2014-12-04 21:42 - 2009-07-14 05:45 - 00491136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-04 20:57 - 2012-08-04 10:56 - 00126320 _____ () C:\Users\Henoch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-04 20:33 - 2013-06-15 07:15 - 00000000 ____D () C:\Users\Negede
2014-12-04 19:45 - 2014-10-04 09:03 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-04 18:38 - 2014-11-02 14:11 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-12-04 18:38 - 2012-08-04 10:56 - 00000000 ____D () C:\Users\Henoch
2014-12-04 18:38 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-12-04 12:57 - 2012-02-24 05:01 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-28 14:29 - 2012-04-23 05:35 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-28 14:29 - 2012-04-23 05:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-28 14:29 - 2012-04-23 05:35 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 16:40 - 2014-02-01 14:38 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 17:28 - 2014-08-18 10:14 - 00000000 ____D () C:\Program Files (x86)\CABAL Online (EU)
2014-11-22 20:48 - 2014-06-07 18:38 - 00000002 _____ () C:\Users\Henoch\Downloads\myFile.txt
2014-11-22 20:47 - 2014-06-07 18:38 - 00000757 _____ () C:\Users\Henoch\Downloads\serial.txt
2014-11-20 21:10 - 2014-03-24 15:25 - 00000000 ____D () C:\Users\Henoch\AppData\Local\Battle.net
2014-11-20 20:37 - 2012-09-11 14:27 - 00000000 ____D () C:\Users\Henoch\AppData\Local\CrashDumps
2014-11-18 16:59 - 2013-10-26 12:14 - 00000000 ____D () C:\Users\Henoch\Desktop\Naruto
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\Users\Henoch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2013-06-27 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 16:59 - 2012-08-04 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-11-16 14:52 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-15 11:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-14 14:32 - 2012-10-14 20:12 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 14:32 - 2012-10-14 20:12 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 13:45 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-13 15:56 - 2014-04-30 15:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 19:37 - 2013-08-14 10:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 19:28 - 2012-10-15 16:18 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 17:20 - 2014-04-08 17:24 - 00000000 ____D () C:\Users\Henoch\Desktop\LoL
2014-11-09 11:49 - 2014-01-25 11:40 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\SoftGrid Client
2014-11-09 10:32 - 2013-06-15 07:16 - 00000000 ____D () C:\Users\Negede\AppData\Roaming\Adobe
2014-11-08 09:37 - 2012-04-23 05:44 - 00000000 ____D () C:\Program Files\Sony
2014-11-08 09:09 - 2012-04-23 05:11 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-05 20:34
==================== End Of Log ============================
Addation: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by Henoch at 2014-12-07 21:45:49
Running from C:\Users\Henoch\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19460 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{EBF1529E-D2D5-47CF-97EC-7D90CEF0FE04}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.485 - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.125 - Atheros)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7971 - DsNET Corp)
Avira (HKLM-x32\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Interactive Limited)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CABAL Online (EU) (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\CabalOnline(EU)) (Version: - )
CABAL Online Patch 652 (HKLM-x32\...\CABAL Online Patch 652_is1) (Version: - )
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online Live (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\SOE-DC Universe Online Live PSG) (Version: - Sony Online Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Doplnok programu Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hitman: Contracts (HKLM-x32\...\Hitman: Contracts) (Version: - )
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}) (Version: 2.0.317 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Assistent (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger kísérő (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger-kumppani (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.1.01.14210 - Sony Corporation)
PlayStation(R)Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.5.15.13232 - Sony Computer Entertainment Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pomocnik Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PYV_x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.1 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6564 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.91 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation(R)3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Spremljevalec Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Hidden Object Game Show (x32 Version: 2.2.0.97 - WildTangent) Hidden
The Sims 4 Deluxe Edition version 1.0 Update 1 (HKLM-x32\...\The Sims 4 Deluxe Edition_is1) (Version: 1.0 Update 1 - GMT-MAX.ORG)
TrackID(TM) with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
Unity Web Player (HKU\S-1-5-21-3995798047-183456226-2512991475-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.21090 - Sony Corporation)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - TrackID™ mit BRAVIA (HKLM-x32\...\{2F41EF61-A066-4EBF-84F8-21C1B317A780}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.1.15070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.9.0.13190 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.5.2.02090 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 1.0.0.12300 - Sony Corporation)
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.3.0.12280 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.11.1.15220 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.3.0.12300 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.7.0.02231 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WildTangent Games App (x32 Version: 4.0.10.2 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent sony Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (HKLM-x32\...\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Помощник на Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Рупор Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
18-11-2014 08:18:21 Windows Update
19-11-2014 10:30:21 Windows Update
21-11-2014 15:01:58 Windows Update
25-11-2014 15:16:00 Windows Update
02-12-2014 16:01:43 Windows Update
03-12-2014 19:09:50 Removed Razer Synapse 2.0.
04-12-2014 18:39:40 Revo Uninstaller's restore point - YAC(Yet Another Cleaner!)
04-12-2014 19:55:54 Removed Razer Synapse 2.0.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0093ACB4-5FF9-46AD-9F9C-25F2E82768D5} - System32\Tasks\RegistryCleanerKit Maintenance => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
Task: {0168EB42-78BA-4261-ADBF-0C534A04E37F} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {0557300D-60CC-4079-8D78-0957B7E32539} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {06068ABB-5530-4BA1-8C66-685CC94229DD} - System32\Tasks\RealCreateProcessScheduledTask4424968S-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealPlayer\Update\RealOneMessageCenter.exe
Task: {0E1C2318-B4C4-41A4-A1ED-C4B7EE0F208B} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {4134B0AC-5DD2-4FF3-8EC6-0BE5618BC0BD} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {450A2176-A799-43C0-AAB9-EAA6DE78B2C7} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {46DE0AD6-969D-4EA7-B99A-05B8F25E290E} - System32\Tasks\{BE1279AB-AAF8-45F2-A5E7-71E64C073AE7} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.116&LastError=12002
Task: {47529513-BFE5-4FD5-AFEF-F316BFA7DDE9} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {4A67B55E-FDB1-46CC-BA29-9352507763E6} - System32\Tasks\{6A2B7D17-8446-4EA7-95E9-3B66627EBCC5} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.73.104.456/de/abandoninstall?page=tsProgressBar
Task: {5460B8D2-BD33-4F34-B1BA-CE7B4652EED4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {5ED1F88B-0E4A-4200-9C73-53607DC42D4C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-03-07] (Sony Corporation)
Task: {5FE6B8D0-1AEB-4E5C-AAF1-7A61CA30747A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {63F2F0B4-278C-4ED2-A5D1-B8F879A4DB5B} - System32\Tasks\RealCreateProcessScheduledTask4424905S-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
Task: {64AA05F3-04FD-496B-8F80-53A98F4C71A0} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {74F06F81-5947-4D8A-97BE-E0C9712F990D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14] (Google Inc.)
Task: {778C8B2A-6771-4D50-8C32-736F21706EE9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {79B192AE-FC56-4F02-B342-8FA4110D1392} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {8009F53D-FA56-407C-9B24-D7AE0C0FE44F} - System32\Tasks\Sony Corporation\VAIO Update\VUSU Trigger Task => C:\Program Files\Sony\VAIO Update\VUSUTrigger.exe [2014-02-28] (Sony Corporation)
Task: {9B87EE33-B5CE-4ACC-8BD6-2FA515A9D2BE} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {AD181D42-4800-4149-9EC2-FBF8FA6917DC} - System32\Tasks\{09CC1933-F898-4547-AA0A-72E4D359D205} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.60.105/de/abandoninstall?page=tsBing
Task: {AEF6F980-41E2-4762-92B6-BEEA4D9412C2} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {B4A71C93-B822-4514-820C-B3E10DE0555A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {BB2DA099-C181-465B-A313-15FD9F84734E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C0D9EE0F-E046-4471-959A-73270ECADBA6} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {C30EF8A8-8646-4F4D-8652-5CBDB6F10FB4} - System32\Tasks\{77A7005F-AE93-435F-A43F-382438C520CE} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.60.105/de/abandoninstall?page=tsProgressBar
Task: {D22DB6CB-4CB3-4782-9052-3A9DD3DE2D0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-28] (Adobe Systems Incorporated)
Task: {D9A999F9-FA5B-4F59-AD4F-FEEF2B9C174D} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {DB1E8C6E-30C8-4C08-BED7-F8FFF6B5EAB4} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {E828EF16-3574-4748-AE53-A0EDED779520} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {F275EB3E-DC86-4DF7-91DA-74AA71F0D578} - System32\Tasks\{EB4C17FB-B842-41F8-9D3B-4D2541ACB94B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.60.105/de/abandoninstall?page=tsPlugin
Task: {F83AF91F-D650-4F65-ADA8-A74F80916947} - System32\Tasks\RegistryCleanerKit Startup => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
Task: {F9D696F3-41FC-4309-8CA1-FE19DC396A0C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3995798047-183456226-2512991475-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FABA3BE7-77A3-4B25-AAD1-D4BBA776CB99} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegistryCleanerKit Maintenance.job => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
Task: C:\Windows\Tasks\RegistryCleanerKit Startup.job => C:\Program Files (x86)\Uniblue\RegistryCleanerKit\registrycleanerkit.exe
==================== Loaded Modules (whitelisted) =============
2012-04-23 05:07 - 2012-03-13 17:01 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-03-27 21:40 - 2014-07-10 11:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-02 16:18 - 2014-12-04 10:08 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-11-02 16:18 - 2014-12-04 10:08 - 00092320 _____ () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-12-05 09:40 - 2014-12-04 10:08 - 01105408 _____ () C:\Program Files (x86)\Elex-tech\YAC\isafechlp.dll
2014-11-02 16:18 - 2014-10-27 04:02 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-11-02 16:18 - 2014-10-27 04:02 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2012-04-23 05:29 - 2012-03-07 17:57 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2014-10-17 18:17 - 2014-10-17 18:17 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2012-04-23 05:08 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-04-23 05:07 - 2012-03-13 17:02 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-11-02 16:18 - 2014-12-04 10:08 - 00185640 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-27 16:40 - 2014-11-25 07:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:B606BA34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3995798047-183456226-2512991475-500 - Administrator - Disabled)
Gast (S-1-5-21-3995798047-183456226-2512991475-501 - Limited - Disabled)
Henoch (S-1-5-21-3995798047-183456226-2512991475-1001 - Administrator - Enabled) => C:\Users\Henoch
HomeGroupUser$ (S-1-5-21-3995798047-183456226-2512991475-1002 - Limited - Enabled)
Negede (S-1-5-21-3995798047-183456226-2512991475-1003 - Administrator - Enabled) => C:\Users\Negede
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/07/2014 09:33:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 04:22:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 10:14:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 11:31:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 10:47:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 07:40:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 09:09:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 11:35:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 11:24:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/05/2014 11:15:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (12/05/2014 11:38:37 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet.
Error: (12/05/2014 05:23:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iSafeService erreicht.
Error: (12/05/2014 05:22:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iSafeService erreicht.
Error: (12/05/2014 05:01:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iSafeService erreicht.
Error: (12/05/2014 05:01:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iSafeService erreicht.
Error: (12/05/2014 09:42:09 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet.
Microsoft Office Sessions:
=========================
Error: (12/07/2014 09:33:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 04:22:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/07/2014 10:14:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 11:31:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 10:47:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 07:40:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 09:09:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 11:35:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/05/2014 11:24:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Henoch\Downloads\esetsmartinstaller_deu.exe
Error: (12/05/2014 11:15:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 6114.36 MB
Available physical RAM: 3951.99 MB
Total Pagefile: 12226.9 MB
Available Pagefile: 9725 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:681.64 GB) (Free:552.67 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BA624956)
Partition 1: (Not Active) - (Size=16.7 GB) - (Type=27)
Partition 2: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=681.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.12.2014, 20:22
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.12.2014, 20:54
| #12 |
| | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Hey, beim Scan gibt es ein kleines Problem. Es scannt erstmal paar Sekunden und dann hält es auf einmal bei "Scanning FireFox settings..." an und daraufhin stürtz OTL ab und gibt keine Rückmeldung. Was soll ich tun ? |
|
09.12.2014, 16:14
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Ein wenig nervig das Ganze Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.12.2014, 17:27
| #14 |
| | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Ja sry... ich weis halt in dem Bereich echt null.. aber nach dem Scan ist mein Desktop und Taskleiste erschienen Vielen Danke für die Hilfe :PCode:
ATTFilter ComboFix 14-12-08.01 - Henoch 09.12.2014 17:08:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6114.3386 [GMT 1:00]
ausgeführt von:: c:\users\Henoch\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-09 bis 2014-12-09 ))))))))))))))))))))))))))))))
.
.
2014-12-09 16:16 . 2014-12-09 16:16 -------- d-----w- c:\users\Negede\AppData\Local\temp
2014-12-09 16:16 . 2014-12-09 16:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-09 16:11 . 2014-12-09 16:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEE8CA4B-9BC7-4D91-97A1-B06ED0CA1F4A}\offreg.dll
2014-12-09 15:06 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEE8CA4B-9BC7-4D91-97A1-B06ED0CA1F4A}\mpengine.dll
2014-12-06 22:16 . 2014-12-06 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-12-06 22:16 . 2014-12-06 22:15 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-06 22:15 . 2014-12-06 22:15 -------- d-----w- c:\programdata\Oracle
2014-12-05 14:19 . 2014-12-05 14:19 -------- d-----w- c:\users\Negede\AppData\Roaming\Elex-tech
2014-12-05 08:40 . 2014-12-04 09:12 45224 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-12-04 20:43 . 2014-12-05 22:42 -------- d-----w- c:\users\Henoch\AppData\Roaming\Elex-tech
2014-12-04 19:59 . 2014-12-04 19:59 -------- d-----w- c:\windows\ERUNT
2014-12-04 19:50 . 2014-12-04 19:50 -------- d-sh--w- c:\users\Henoch\AppData\Local\EmieBrowserModeList
2014-12-04 19:42 . 2014-12-04 19:58 -------- d-----w- C:\AdwCleaner
2014-12-04 18:46 . 2014-12-04 19:38 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-04 18:45 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-04 18:45 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-04 18:45 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-04 18:33 . 2014-12-04 18:33 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-12-04 16:19 . 2014-12-07 20:46 -------- d-----w- C:\FRST
2014-11-21 15:03 . 2014-11-21 15:03 -------- d-----w- c:\windows\SysWow64\Wat
2014-11-21 15:03 . 2014-11-21 15:03 -------- d-----w- c:\windows\system32\Wat
2014-11-19 09:50 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 09:50 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 09:50 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 09:50 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-15 13:26 . 2014-11-15 13:26 -------- d-----w- c:\programdata\RzMaelstromVAD_1.1.58.1854
2014-11-15 13:22 . 2014-12-04 19:58 -------- d-----w- c:\program files (x86)\Razer
2014-11-15 13:21 . 2014-12-04 19:57 -------- d-----w- c:\users\Henoch\AppData\Local\Razer
2014-11-15 13:21 . 2014-12-04 19:58 -------- d-----w- c:\programdata\Razer
2014-11-12 15:17 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-28 13:29 . 2012-04-23 04:35 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-28 13:29 . 2012-04-23 04:35 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 18:28 . 2012-10-15 15:18 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-04 13:30 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-03 09:04 . 2014-11-02 15:18 49320 ----a-w- c:\windows\system32\drivers\iSafeNetFilter.sys
2014-10-09 14:19 . 2013-05-02 09:37 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-09 14:19 . 2013-03-27 09:55 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-09 14:19 . 2013-03-27 09:55 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-09-25 02:08 . 2014-10-01 15:59 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 15:59 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-11-18 703736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys;c:\windows\SYSNATIVE\drivers\btath_vdp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys;c:\windows\SYSNATIVE\drivers\leath_hid.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeNetFilter.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 iSafeService;YAC Service;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-27 15:40 1087304 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 13:29]
.
2014-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 19:12]
.
2014-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 19:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*Restore"="c:\windows\system32\rstrui.exe" [2014-08-19 296960]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Henoch\AppData\Roaming\Mozilla\Firefox\Profiles\5wimzc6q.default\
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=476&aid=122&itype=a&ver=12692&tm=319&src=ds&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-LOLReplay Recorder - c:\program files (x86)\LOLReplay\LOLRecorder.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-09 17:25:04
ComboFix-quarantined-files.txt 2014-12-09 16:25
.
Vor Suchlauf: 22 Verzeichnis(se), 611.051.966.464 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 610.649.116.672 Bytes frei
.
- - End Of File - - 4A654EDD89D3764D7F92053C45D8966E
|
|
10.12.2014, 13:45
| #15 |
| /// the machine /// TB-Ausbilder | Windows 7: Nach Hochfahren schwarzer Bildschirm und das Fenster " Computer" offen Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter: BleepingComputer.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter Driver::
iSafeKrnlBoot
iSafeKrnl
iSafeKrnlKit
iSafeKrnlR3
iSafeNetFilter
File::
c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys
c:\windows\system32\DRIVERS\iSafeNetFilter.sys
Folder::
c:\program files (x86)\Elex-tech
Wichtig:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
