| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop: Bildschirm wird plötzlich weißWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.12.2014, 22:52
| #1 |
| |  Laptop: Bildschirm wird plötzlich weiß Hallo Leute, Ich habe ein Problem mit meinem Acer Aspire 5742G. Wenn ich im Internet bin kommt es seit neusten oft vor, dass der Bildschirm plötzlich weiß wird.Manchmal bekomme ich diesen weg wenn ich strg,alt und entfernen drücke.Oft muss ich ihn aber auch vom Strom trennen um ihn auszukriegen. Seit 3 Tagen erscheint dieser weiße Bildschirm aber auch beim hochfahren sofort. Mit viel Geduld und Knöpfe drücken verschwindet dieser dann irgendwann wieder.Nun ist meine Frage ob dies ein Virus sein kann oder ob es an der Hardware liegt. Was mich aber halt wundern würde weil der weiße Bildschirm ja auch wieder verschwindet. Schon einmal vielen Dank im voraus  |
|
05.12.2014, 08:03
| #2 |
| /// the machine /// TB-Ausbilder    | Laptop: Bildschirm wird plötzlich weiß hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
07.12.2014, 20:51
| #3 |
| | Laptop: Bildschirm wird plötzlich weißFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Luc (administrator) on LUC-PC on 07-12-2014 20:39:51
Running from C:\Users\Luc\Downloads
Loaded Profile: Luc (Available profiles: Luc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Spotify Ltd) C:\Users\Luc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2662424 2014-10-27] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Run: [Google Update] => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-13] (Google Inc.)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Run: [Spotify Web Helper] => C:\Users\Luc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-16] (Spotify Ltd)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\MountPoints2: {46c21dbf-70ab-11e0-9614-1c750810636b} - E:\autorun.exe
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\MountPoints2: {7a062b58-012f-11e4-ab72-1c750810636b} - E:\autorun.exe
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\MountPoints2: {9f5db382-9ea8-11e2-8110-1c750810636b} - G:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\wi3c8a~1\datamngr\datamngr.dll => "c:\progra~2\wi3c8a~1\datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32: c:\progra~2\wi3c8a~1\datamngr\iebho.dll => "c:\progra~2\wi3c8a~1\datamngr\iebho.dll" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.avg.com?cid={2E64020E-85CA-4788-9DC3-5609475022A7}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-05 19:43:48&v=18.1.7.598&pid=safeguard&sg=&sap=hp
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&ts=1393442248&type=default&q={searchTerms}
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&ts=1393442248&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 - (No Name) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://do-search.com/?type=sc&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652635212
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012
SearchScopes: HKLM-x32 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652635212
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8EBBA265-F754-41B8-AE94-F8E4FE586F4C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8EBBA265-F754-41B8-AE94-F8E4FE586F4C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {46D467CD-032F-47DF-9DAC-5D0FE2C592D8} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=6D387D47-A494-4547-ABD4-441AA9FE7E1C&apn_sauid=E3AB94EF-9500-4E2A-8DF7-11B6C994BA32
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE428
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {8A96AF9E-4074-43b7-BEA3-87217BDA7406} URL = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={2E64020E-85CA-4788-9DC3-5609475022A7}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-05 19:43:48&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652635212
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {c99fdc39-a1ae-4b24-8d71-e5274f8d7c54} URL = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: UrlHelper Class -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: No Name -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: UrlHelper Class -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM-x32 - No Name - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\..\Interfaces\{E3BCE6C7-32F6-477E-ABB8-62991C54252F}: [NameServer] 194.95.0.3 194.95.0.19
FireFox:
========
FF ProfilePath: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M5FF68787-0C73-449C-A0F1-0F36A09B042E&SearchSource=55&CUI=&UM=6&UP=SP8EBBA265-F754-41B8-AE94-F8E4FE586F4C&SSPV=
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-583997862-3316777395-3397561109-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-583997862-3316777395-3397561109-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-583997862-3316777395-3397561109-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF user.js: detected! => C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\user.js
FF SearchPlugin: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\Funmoods.xml
FF SearchPlugin: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml
FF Extension: Babylon - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\ffxtlbr@babylon.com [2011-12-05]
FF Extension: softonic.com - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\ffxtlbra@softonic.com [2012-10-19]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\ich@maltegoetz.de [2013-12-18]
FF Extension: Quick Start - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\quick_start@gmail.com [2014-02-26]
FF Extension: BittorrentBar_DE - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2013-12-12]
FF Extension: iMacros for Firefox - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-18]
FF Extension: Veoh Web Player - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2013-12-12]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-16]
FF Extension: Movie2kDownloader - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-22]
FF Extension: Adblock Plus - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-16]
FF Extension: Greasemonkey - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-01]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-09-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\extensions\quick_start@gmail.com
Chrome:
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.15&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "https://mysearch.avg.com?cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.15&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> https://mysearch.avg.com/search?cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.14&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.14&pid=wtu&sg=
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (Funmoods Chat) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [2012-11-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24]
CHR Extension: (Office Mini Golf) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnecahfomcahannbpejkkalmmoeeihbg [2012-10-19]
CHR Extension: (Adblock Plus) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-12]
CHR Extension: (Funmoods) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2012-11-20]
CHR Extension: (Google-Suche) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-24]
CHR Extension: (Battlefield Play4Free) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei [2012-07-12]
CHR Extension: (AdBlock) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-27]
CHR Extension: (SweetIM for Facebook) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-09-24]
CHR Extension: (Classic Popup Blocker) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2012-07-24]
CHR Extension: (Happy Wheels) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp [2012-10-19]
CHR Extension: (Click to activate/deactivate ProxTube) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko [2012-02-13]
CHR Extension: (Google Wallet) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (YouTube Unblocker) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2013-12-04]
CHR Extension: (Extended Protection) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-02-26]
CHR Extension: (Google Mail) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-24]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Luc\AppData\Local\funmoods.crx [2012-11-20]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Luc\AppData\Local\funmoods-speeddial_sf.crx [2012-11-20]
CHR HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Luc\AppData\Local\funmoods.crx [2012-11-20]
CHR HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Luc\AppData\Local\funmoods-speeddial_sf.crx [2012-11-20]
CHR HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - No Path
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Luc\AppData\Local\funmoods.crx [2012-11-20]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Luc\AppData\Local\funmoods-speeddial_sf.crx [2012-11-20]
CHR HKLM-x32\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\Luc\AppData\Local\Temp\ccex.crx [2012-03-07]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-09-24]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26]
CHR StartMenuInternet: Google Chrome - C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-23] (Avira GmbH)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-11-07] (AVG Technologies CZ, s.r.o.)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4182496 2011-05-26] (INCA Internet Co., Ltd.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts)
R2 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-03] (AVG Secure Search)
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [675936 2012-08-27] (Wellbia.com Co., Ltd.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-05] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-23] (Avira GmbH)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-03] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-23] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-01] (Disc Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-05] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 dump_wmimmc; \??\c:\users\luc\desktop\l4d\left 4 dead 2\bin\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 X6va005; \??\C:\Users\Luc\AppData\Local\Temp\0058D9F.tmp [X]
S3 X6va006; \??\C:\Users\Luc\AppData\Local\Temp\00677E2.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-07 20:39 - 2014-12-07 20:41 - 00037303 _____ () C:\Users\Luc\Downloads\FRST.txt
2014-12-07 20:39 - 2014-12-07 20:40 - 00000000 ____D () C:\FRST
2014-12-07 20:39 - 2014-12-07 20:39 - 02119680 _____ (Farbar) C:\Users\Luc\Downloads\FRST64.exe
2014-12-07 18:28 - 2014-12-07 18:28 - 00000000 _____ () C:\Users\Luc\Desktop\d.txt
2014-12-04 23:54 - 2014-12-04 23:54 - 00000000 __SHD () C:\found.004
2014-12-04 15:02 - 2014-12-04 15:02 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-12-02 19:37 - 2014-12-02 19:37 - 17777241 _____ () C:\Users\Luc\Downloads\savethedate-1.0-win.zip
2014-12-02 19:06 - 2014-12-02 19:06 - 00000785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-12-02 19:06 - 2014-12-02 19:06 - 00000777 _____ () C:\Users\Luc\Desktop\Toribash.lnk
2014-12-02 19:04 - 2014-12-02 19:04 - 60478158 _____ (Nabi Studios Pte Ltd ) C:\Users\Luc\Downloads\Toribash-4.92-Setup.exe
2014-12-01 14:55 - 2014-12-01 23:43 - 00000000 ____D () C:\Users\Luc\Documents\FIFA 14
2014-11-28 02:00 - 2014-11-28 02:06 - 00001670 _____ () C:\Users\Luc\Documents\Englisch.lm
2014-11-28 01:58 - 2014-11-28 01:58 - 00001134 _____ () C:\Users\Luc\Desktop\ADVANCED.lnk
2014-11-28 01:57 - 2014-11-28 01:57 - 00000000 ____D () C:\Users\Luc\Documents\ADVANCED Vokabeltrainer
2014-11-28 01:57 - 2014-11-28 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADVANCED - Der Vokabeltrainer
2014-11-28 01:57 - 2014-11-28 01:57 - 00000000 ____D () C:\Program Files (x86)\ADVANCED Vokabeltrainer
2014-11-28 01:56 - 2014-11-28 01:56 - 03402582 _____ ( ) C:\Users\Luc\Downloads\advanced_1_12_setup.exe
2014-11-27 14:09 - 2014-11-27 14:09 - 00000222 _____ () C:\Users\Luc\Desktop\Don't Starve.url
2014-11-27 14:09 - 2014-11-27 14:09 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-26 12:00 - 2014-11-26 12:00 - 05561513 _____ () C:\Users\Luc\Downloads\paderborn-einführungsvorlesung-3-WS2014-15-ergänzung.pptx
2014-11-20 22:41 - 2014-11-20 22:41 - 00008930 _____ () C:\Users\Luc\Downloads\smime.p7s
2014-11-19 10:09 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:09 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:09 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:09 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 09:58 - 2014-11-19 09:58 - 00000000 ____D () C:\Users\Luc\AppData\Local\Avg
2014-11-17 11:40 - 2014-11-17 11:39 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-17 11:40 - 2014-11-17 11:39 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-17 01:18 - 2014-11-17 01:31 - 00000000 ____D () C:\LetsPlay
2014-11-14 09:01 - 2014-11-14 09:01 - 00000000 _____ () C:\Users\Luc\Desktop\DeLuca.txt
2014-11-13 08:03 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 08:03 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 08:03 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 08:03 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 08:03 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 08:03 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 08:03 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 08:03 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 08:03 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 08:03 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 08:03 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 08:03 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 08:03 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 08:03 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 08:03 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 08:03 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 08:03 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 08:03 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 08:03 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 08:03 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 08:03 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 08:03 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 08:03 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 08:03 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 08:03 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 08:03 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 08:03 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 08:03 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 08:03 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 08:03 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 08:03 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 08:03 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 08:03 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 08:03 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 08:03 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 08:03 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 08:03 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 08:03 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 08:03 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 08:03 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 08:03 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 08:03 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 08:03 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 08:03 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 08:03 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 08:03 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 08:03 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 08:03 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 08:03 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 08:03 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 08:03 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 08:03 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 08:03 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 08:03 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 08:03 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 08:03 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 08:03 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-13 08:03 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-13 08:03 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-13 08:03 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 08:03 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-13 08:03 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 08:03 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 08:03 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 08:03 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-13 08:03 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-13 08:03 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 08:03 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 08:03 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 08:03 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-13 08:03 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 08:03 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-13 08:02 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 08:02 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-13 08:02 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-13 07:44 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 07:44 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 07:44 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 07:44 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 07:44 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 07:44 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 07:44 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 07:44 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 07:44 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 07:44 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 07:41 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 07:41 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 07:41 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 07:41 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-13 07:41 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-13 07:41 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-13 07:41 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-13 07:41 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-13 07:41 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-13 07:41 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 07:41 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-13 07:41 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-13 07:41 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-13 07:41 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-13 07:39 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 07:39 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-07 20:31 - 2011-04-20 14:18 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-07 20:06 - 2011-12-24 11:30 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001UA.job
2014-12-07 20:06 - 2011-12-24 11:30 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001Core.job
2014-12-07 19:43 - 2012-10-15 13:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 19:31 - 2011-04-20 14:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-07 18:20 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 18:20 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 18:18 - 2010-10-10 00:35 - 01113977 _____ () C:\Windows\WindowsUpdate.log
2014-12-07 18:15 - 2014-05-04 12:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-07 18:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-12-07 18:09 - 2014-10-14 21:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-07 18:09 - 2012-08-26 19:29 - 00070749 _____ () C:\Windows\setupact.log
2014-12-07 18:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 02:52 - 2012-04-11 20:13 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\Spotify
2014-12-03 00:23 - 2012-04-11 20:13 - 00000000 ____D () C:\Users\Luc\AppData\Local\Spotify
2014-12-02 19:04 - 2012-03-31 14:11 - 00000000 ____D () C:\Games
2014-12-02 00:06 - 2013-09-13 17:32 - 00000000 ____D () C:\ProgramData\Origin
2014-12-01 23:00 - 2014-07-01 16:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-01 16:18 - 2013-08-12 18:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 14:54 - 2014-07-29 23:42 - 00000000 ____D () C:\Users\Luc\AppData\Local\Origin
2014-12-01 14:49 - 2012-10-19 11:45 - 00305375 _____ () C:\Windows\DirectX.log
2014-12-01 14:49 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-01 14:06 - 2013-09-13 17:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-27 08:10 - 2012-10-15 13:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 08:09 - 2012-09-15 14:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 08:09 - 2011-05-26 13:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-26 21:15 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-26 16:30 - 2012-11-11 18:31 - 00000444 ____H () C:\Windows\Tasks\Norton Security Scan for Luc.job
2014-11-19 17:37 - 2012-08-27 15:58 - 00402802 _____ () C:\Windows\PFRO.log
2014-11-19 10:03 - 2014-05-04 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-18 15:47 - 2013-11-27 21:07 - 00000000 ____D () C:\Users\Luc\Desktop\Dokumente
2014-11-17 16:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-17 11:44 - 2011-04-20 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-17 11:41 - 2014-05-29 16:08 - 00000000 ____D () C:\Program Files\Java
2014-11-17 11:39 - 2014-07-01 13:19 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-17 11:39 - 2014-05-29 16:08 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-17 11:37 - 2014-07-01 13:19 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-17 11:37 - 2014-05-29 16:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-17 11:37 - 2014-05-29 16:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-17 11:37 - 2014-05-29 16:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-17 11:37 - 2013-11-03 21:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-16 23:01 - 2013-09-22 22:01 - 00000162 _____ () C:\Users\Luc\AppData\Roaming\WB.CFG
2014-11-16 20:01 - 2011-12-24 11:30 - 00004078 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001UA
2014-11-16 20:01 - 2011-12-24 11:30 - 00003682 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001Core
2014-11-16 19:26 - 2011-04-20 14:18 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 19:26 - 2011-04-20 14:18 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 13:03 - 2010-10-10 10:26 - 00711204 _____ () C:\Windows\system32\perfh007.dat
2014-11-13 13:03 - 2010-10-10 10:26 - 00155244 _____ () C:\Windows\system32\perfc007.dat
2014-11-13 13:03 - 2009-07-14 06:13 - 01653366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 13:01 - 2011-04-20 13:49 - 00085296 _____ () C:\Users\Luc\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 12:56 - 2009-07-14 05:45 - 00357712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 09:05 - 2014-05-06 21:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 09:05 - 2013-03-03 16:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 02:02 - 2013-07-18 06:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 01:40 - 2011-05-12 19:12 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\hash.dat
C:\Users\Luc\jagex_runescape_preferences.dat
C:\Users\Luc\jagex_runescape_preferences2.dat
Some content of TEMP:
====================
C:\Users\Luc\AppData\Local\Temp\AF-HSS.exe
C:\Users\Luc\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Luc\AppData\Local\Temp\atl.exe
C:\Users\Luc\AppData\Local\Temp\AutoRun.exe
C:\Users\Luc\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Luc\AppData\Local\Temp\bdfilters.dll
C:\Users\Luc\AppData\Local\Temp\CCLauncherSelfUpdater.EXE
C:\Users\Luc\AppData\Local\Temp\CH.dll
C:\Users\Luc\AppData\Local\Temp\CleanSchedule.exe
C:\Users\Luc\AppData\Local\Temp\CmdLineExt.dll
C:\Users\Luc\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Luc\AppData\Local\Temp\ConduitEngine.dll
C:\Users\Luc\AppData\Local\Temp\CT2653012.exe
C:\Users\Luc\AppData\Local\Temp\dc2425fef522236cc15a19cb2b595ee3.dll
C:\Users\Luc\AppData\Local\Temp\eauninstall.exe
C:\Users\Luc\AppData\Local\Temp\fileutil.dll
C:\Users\Luc\AppData\Local\Temp\GFWLUpdate.dll
C:\Users\Luc\AppData\Local\Temp\htmlayout.dll
C:\Users\Luc\AppData\Local\Temp\i4jdel0.exe
C:\Users\Luc\AppData\Local\Temp\iet7583.tmp.exe
C:\Users\Luc\AppData\Local\Temp\installhelper.dll
C:\Users\Luc\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Luc\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\Luc\AppData\Local\Temp\kpinstaller.exe
C:\Users\Luc\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Luc\AppData\Local\Temp\mgxfonts.exe
C:\Users\Luc\AppData\Local\Temp\MgxVistaTools.dll
C:\Users\Luc\AppData\Local\Temp\mirc734.exe
C:\Users\Luc\AppData\Local\Temp\Montiera_softonic_ggl_1.6.7.4.exe
C:\Users\Luc\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Luc\AppData\Local\Temp\MyBabylonTB_google_20120807.exe
C:\Users\Luc\AppData\Local\Temp\Nexus%20Mod%20Manager-0.19.0.exe
C:\Users\Luc\AppData\Local\Temp\NGM.exe
C:\Users\Luc\AppData\Local\Temp\NGMDll.dll
C:\Users\Luc\AppData\Local\Temp\NGMResource.dll
C:\Users\Luc\AppData\Local\Temp\NGMSetup.exe
C:\Users\Luc\AppData\Local\Temp\nsh286B.exe
C:\Users\Luc\AppData\Local\Temp\nsj9083.exe
C:\Users\Luc\AppData\Local\Temp\nsjD175.exe
C:\Users\Luc\AppData\Local\Temp\nsjD3E6.exe
C:\Users\Luc\AppData\Local\Temp\nsjFD0B.exe
C:\Users\Luc\AppData\Local\Temp\nsnF4ED.exe
C:\Users\Luc\AppData\Local\Temp\nso8C5D.exe
C:\Users\Luc\AppData\Local\Temp\nsoF5CF.exe
C:\Users\Luc\AppData\Local\Temp\nst86B1.exe
C:\Users\Luc\AppData\Local\Temp\nsuD696.exe
C:\Users\Luc\AppData\Local\Temp\nsuFF6D.exe
C:\Users\Luc\AppData\Local\Temp\nsz23F.exe
C:\Users\Luc\AppData\Local\Temp\nszE9DD.exe
C:\Users\Luc\AppData\Local\Temp\nszFAAA.exe
C:\Users\Luc\AppData\Local\Temp\oi_{77A8C4B4-2B5C-4283-89DA-C7AEF6E5BE44}.exe
C:\Users\Luc\AppData\Local\Temp\radBF8A7.tmp_update.exe
C:\Users\Luc\AppData\Local\Temp\Second Life Setup.exe
C:\Users\Luc\AppData\Local\Temp\setup.exe
C:\Users\Luc\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Luc\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Luc\AppData\Local\Temp\sfareca00002.dll
C:\Users\Luc\AppData\Local\Temp\sfextra.dll
C:\Users\Luc\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Luc\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Luc\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Luc\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Luc\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Luc\AppData\Local\Temp\tbBit2.dll
C:\Users\Luc\AppData\Local\Temp\tbVeoh.dll
C:\Users\Luc\AppData\Local\Temp\TB_C139.exe
C:\Users\Luc\AppData\Local\Temp\toolbar2380637.exe
C:\Users\Luc\AppData\Local\Temp\ubi38D1.tmp.exe
C:\Users\Luc\AppData\Local\Temp\ubi5B59.tmp.exe
C:\Users\Luc\AppData\Local\Temp\unicows.dll
C:\Users\Luc\AppData\Local\Temp\uninstall.exe
C:\Users\Luc\AppData\Local\Temp\uninstall15125841.exe
C:\Users\Luc\AppData\Local\Temp\uninstall15138555.exe
C:\Users\Luc\AppData\Local\Temp\uninstall15138602.exe
C:\Users\Luc\AppData\Local\Temp\Uninstaller-5992.exe
C:\Users\Luc\AppData\Local\Temp\unwise.exe
C:\Users\Luc\AppData\Local\Temp\update3.2.2.exe
C:\Users\Luc\AppData\Local\Temp\uttE538.tmp.exe
C:\Users\Luc\AppData\Local\Temp\VidSaver_1.exe
C:\Users\Luc\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Luc\AppData\Local\Temp\wd3pak4c.dll
C:\Users\Luc\AppData\Local\Temp\wmaudio.exe
C:\Users\Luc\AppData\Local\Temp\wmf9.exe
C:\Users\Luc\AppData\Local\Temp\wmpcdcs8.exe
C:\Users\Luc\AppData\Local\Temp\_unps.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-26 16:32
==================== End Of Log ============================
Und die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 01
Ran by Luc at 2014-12-07 20:42:47
Running from C:\Users\Luc\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: AntiVir Desktop (Disabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Disabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer Crystal Eye Webcam Video Class Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.31.500-1.0 - Suyin)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5 (HKLM-x32\...\{C79312BD-3E76-4474-A10C-1435D1856A4B}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{E52432C6-87E3-4F21-8F6A-AF43224220D1}) (Version: 12.1.2.152 - Adobe Systems, Inc)
ADVANCED Version 1.12 (HKLM-x32\...\ADVANCED_is1) (Version: 1.12 - )
AION Free-To-Play (HKLM-x32\...\InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}) (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (x32 Version: 2.70.0000 - Gameforge) Hidden
AION Free-to-Play Version 1.0 (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: 1.0 - Gameforge)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
AMD Catalyst Install Manager (HKLM\...\{78E9970B-4395-61A6-B912-1CC406174773}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{75104836-CAC7-444E-A39E-3F54151942F5}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.4.35882 - Ask.com) <==== ATTENTION
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4794 - AVG Technologies)
AVG 2014 (Version: 14.0.4235 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4794 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Avira AntiVir Personal - Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 10.2.0.719 - Avira GmbH)
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Battle for Wesnoth 1.11.16 (HKLM-x32\...\Battle for Wesnoth 1.11.16) (Version: 1.11.16 - )
Beyond Good & Evil (HKLM-x32\...\{6BF81CE7-3D5A-497F-8912-2A65A0253E1B}) (Version: 1.01.000 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
calibre (HKLM-x32\...\{75770886-B51A-4FE9-B1D4-14F8E5C63741}) (Version: 0.8.26 - Kovid Goyal)
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series Benutzerregistrierung (HKLM-x32\...\Canon MG3500 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
Championship Manager 01-02 (HKLM-x32\...\Championship Manager 01-02) (Version: - )
CPUID HWMonitor 1.19 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2829.50 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Drakensang - Am Fluss der Zeit (HKLM-x32\...\Drakensang_TRoT_is1) (Version: - dtp)
Dynasty Warriors 4 Hyper (HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}) (Version: - )
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Façade (HKLM-x32\...\{24E34264-D483-477C-A9A0-4E53F69834CF}) (Version: 1.1.2 - Procedural Arts)
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 2 (HKLM-x32\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.12 - GOG.com)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
FIFA 07 (HKLM-x32\...\{4DECFC9F-2310-4C02-009A-B6758306EF00}) (Version: - )
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Fotostory 3 für Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.15 - Microsoft Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Funmoods (HKLM-x32\...\funmoods) (Version: - ) <==== ATTENTION
Gameforge Live 1.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.1.1724 - Gameforge)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Google Chrome (HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grandia2 (HKLM-x32\...\{51A128D8-3F9E-48D6-A916-4E28184A15EC}) (Version: - )
Half-Life 2 (HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Half-Life 2) (Version: - )
Hard Time (HKLM-x32\...\Hard Time) (Version: - MDickie)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{A7096369-9332-466C-8357-08770CDCE277}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}) (Version: 10.5.1.42 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.300 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Knights Of Honor (HKLM-x32\...\{7911C404-9AFA-4BB2-B9B7-E47423D87528}) (Version: 1.00 - )
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.12 - Acer Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.362 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.362 - LogMeIn, Inc.) Hidden
Loong Dragonblood (HKLM-x32\...\{E89B9AFF-A444-40DD-B7F4-80B463F5ADD5}) (Version: 2.5.25 - gamigo)
MaintenanceService-Funmoods (HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Funmoods) (Version: - ) <==== ATTENTION
MegaTrainer eXperience V1.0.1.8d (HKLM-x32\...\MegaTrainer eXperience_is1) (Version: - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
NC Launcher (GameForge) (HKLM-x32\...\NCLauncher_GameForge) (Version: - NCsoft)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Paranormal - CLOSED BETA 7.0 (HKLM\...\UDK-e797feea-5969-4ceb-a65b-87499a57c579) (Version: - Epic Games, Inc.)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Postal 2 (HKLM-x32\...\Postal 2) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
resident evil 4 (HKLM-x32\...\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}) (Version: 1.00.0000 - CAPCOM)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version: - Trion Worlds, Inc.)
RPG Maker 2000 1.07b (HKLM-x32\...\RPG Maker 2000 1.07b) (Version: - )
RPG MAKER VX Ace (HKLM-x32\...\RPGVXAce_E_is1) (Version: 1.01a - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spider-Man(TM) - Web of Shadows (x32 Version: 1.0 - Activision) Hidden
SpongeBob Schwammkopf - Der Film (HKLM-x32\...\{E81A7285-8CA6-4430-B6C0-5F719E4D40D9}) (Version: 1.0 - )
Spotify (HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 6 (HKLM-x32\...\TeamViewer 6) (Version: 6.0.10722 - TeamViewer GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
Under Development (HKLM-x32\...\Under Development) (Version: - MDickie)
Vampires Dawn: Reign of Blood (HKLM-x32\...\{CF55095E-07AA-432E-8376-CEF71D70746A}_is1) (Version: Vampires Dawn: Reign of Blood 1.31 - Brianum)
VLC media player 2.0.2 (HKLM-x32\...\VLC media player) (Version: 2.0.2 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3002 - Acer Incorporated)
Windows iLivid Toolbar (HKLM-x32\...\Searchqu 406 MediaBar) (Version: 2.5.0.103268 - Bandoo Media, Inc) <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.29 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
Wrestling MPire Remix (Career) (HKLM-x32\...\Wrestling MPire Remix (Career)) (Version: - MDickie)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-583997862-3316777395-3397561109-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-583997862-3316777395-3397561109-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-583997862-3316777395-3397561109-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-583997862-3316777395-3397561109-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-583997862-3316777395-3397561109-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-583997862-3316777395-3397561109-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
19-11-2014 09:57:12 Windows Update
26-11-2014 15:39:36 Geplanter Prüfpunkt
27-11-2014 13:12:43 DirectX wurde installiert
01-12-2014 13:45:22 DirectX wurde installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {113A8AA3-AC66-40EB-8635-E291884BF4E5} - System32\Tasks\Funmoods => C:\Users\Luc\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {1C7CAE86-E6F0-4FC7-9C66-EA4C59CF574C} - System32\Tasks\{12FDF581-913E-455D-B7AD-0B34A3F5923B} => C:\Dead Island\deadislandgame.exe
Task: {1EB578AC-6C55-4044-ACC1-B8CA6DEE9229} - System32\Tasks\{D9597389-33B8-40AE-8672-338A8FEAE8E0} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsMain
Task: {29EC84AB-182A-4314-97A9-09152C5EF8E3} - System32\Tasks\{FE082869-E5C3-4A74-8528-DDCCC6A6CA14} => C:\Users\Luc\Desktop\Terr\Terraria.exe
Task: {30013244-2D11-467E-85BF-8B70C7D49E16} - System32\Tasks\{C72AE37E-D3FD-4C3D-965C-9ACFE3CD8B5F} => C:\Program Files (x86)\Origin\Origin.exe [2014-12-01] (Electronic Arts)
Task: {30FB384D-935C-4DF9-B9E7-EC80A1625E4E} - System32\Tasks\{57573AC1-84F5-4085-8362-C1B217EDD83C} => C:\Program Files (x86)\Origin\Origin.exe [2014-12-01] (Electronic Arts)
Task: {32D448BE-B869-4263-856F-C955B5E7482A} - System32\Tasks\{D794B0C8-6FBB-4F93-8394-D540D86D1D77} => E:\Installer.exe
Task: {34AD0773-2CD5-4D25-BBBF-1D55235861E4} - System32\Tasks\Norton Security Scan for Luc => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
Task: {34C53F4C-9FC9-4714-875D-32E1CB80A5FF} - System32\Tasks\{EEE34996-B689-4BBA-B0CE-9FA4946FE6E0} => C:\Valve\Condition Zero\czero.exe [2004-03-20] (Valve)
Task: {366C7E91-C15B-4F0C-9CEB-20DE10E2BE05} - System32\Tasks\{AC7E61C8-46F8-405C-9E91-967DEFDF9C62} => C:\Program Files (x86)\Steam\Steam.exe [2014-11-18] (Valve Corporation)
Task: {44B7F939-FF99-4934-B62B-C10928B3C174} - System32\Tasks\{C4D33066-66BD-496F-AE4D-D431B2B850AB} => msiexec.exe /package "C:\Users\Luc\Desktop\Setup.msi"
Task: {44BD5624-C8C2-41C2-B2EC-8F107F898E85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
Task: {4E83C3B4-1D50-43A9-8A78-11C0C9C76774} - System32\Tasks\{8B2976BF-B46A-4F35-80D5-0CA455A86C24} => C:\Users\Luc\Downloads\vcredist_x86.exe
Task: {5A3794BA-EE9D-423B-A3FC-A049A29040C3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5B9CF966-00C4-4C5B-8C0D-5756D0EDF024} - System32\Tasks\{949D0098-03FF-409F-BBC4-B7DAE4B4D231} => C:\GOG Games\Fallout 2\RZRF2TRN.EXE
Task: {5EC78FB2-DF86-4788-9F21-850CCCEE1969} - System32\Tasks\{AA4780BC-68AD-4960-897D-121F48B523B6} => C:\Users\Luc\Desktop\mw2mp\Call of Duty 6 Launcher.exe
Task: {6C65F4B6-F1DF-42BB-92DE-9EDB329EA239} - System32\Tasks\{5A1E06C9-19A7-4007-8DF1-BD6CCD574749} => C:\Program Files (x86)\Origin\Origin.exe [2014-12-01] (Electronic Arts)
Task: {6E9875E9-A2D7-4625-BCC9-67E13505C32B} - System32\Tasks\{4E21B1F0-91C4-49B2-91A9-7AE5165564B1} => C:\Program Files (x86)\Runes of Magic\Runes of Magic.exe
Task: {76E6C2A7-A34D-4B84-A76C-C35DD8CC4EB1} - System32\Tasks\{32C6406F-5278-426A-AAB3-8C3A60F1B470} => msiexec.exe /package "C:\Users\Luc\Desktop\Setup.msi"
Task: {78AEE501-52AE-4B19-B6EF-E5834B976A9B} - System32\Tasks\{AB62AA58-D5A3-42DB-96EE-0F7C432225F1} => C:\Users\Luc\Desktop\pizza\PC.EXE
Task: {7AD092BC-F1CA-4061-A40F-16353B3631FE} - System32\Tasks\{2489DAC9-B2A8-4BC1-AB0F-836AD89FE7C4} => C:\Program Files (x86)\Origin\Origin.exe [2014-12-01] (Electronic Arts)
Task: {8827BBF3-0B7E-49C5-9B0C-C177ECB2F652} - System32\Tasks\{CB4DD76B-1DE9-4AAE-95D4-21DB7CE33A3A} => C:\Program Files (x86)\U2bviews\U2bviews Software\U2bviews Software.exe
Task: {99031E1D-0626-4367-8B8C-C98C783D7FC5} - System32\Tasks\{924F9887-59FD-4BD2-AB1C-C9B60ABB3991} => C:\Users\Luc\Desktop\PIZZA\PT.EXE
Task: {A2DEAA3C-8972-4E7E-82BF-01A5757F22EF} - System32\Tasks\{E8805646-B7CC-4F7C-88B9-9AF4383C316C} => C:\Program Files (x86)\U2bviews Software.exe
Task: {ABEEFA52-204D-4F37-82A0-4F2D5DA8C768} - System32\Tasks\{70637153-1A40-4C1E-A5D7-E9AB22BF9BDF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {AC1E1EF1-FBE1-4D71-9A6A-14C04EF7ED49} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001Core => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {ACE48C35-67DD-4076-A35A-22845B5B568A} - System32\Tasks\{FD8A78F9-4080-4D87-BCA5-DE86F26EF73F} => C:\Dead Island\deadislandgame.exe
Task: {AD2514E3-4001-4DD6-9AD3-1D889375F50B} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {AE6D446F-E6C4-4B68-8FD8-861CDA8E4703} - System32\Tasks\{F3DE2776-7689-4E4D-8493-CD2E780EBA58} => C:\Program Files (x86)\Origin\Origin.exe [2014-12-01] (Electronic Arts)
Task: {BD3BBFE8-8C84-48EF-B043-63182872BA6F} - System32\Tasks\{A7C876E4-68C6-4692-BC02-4D098D1C2601} => C:\Users\Luc\Desktop\Game\L4D\Left 4 Dead 2\bin\SmartSteam.exe
Task: {C9CA81A5-1E8C-4C93-ABCC-78D482BEAB67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {CADED718-7696-44D6-95FA-534B4957C8D9} - System32\Tasks\{74802C6E-6F71-4D6B-AB9F-F3C01283244F} => E:\Installer.exe
Task: {CD535DAD-A727-42F3-A41E-03E65D045B38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {D7AAE18A-3B3B-43D9-92B6-498A89343EA1} - System32\Tasks\{1386AD9F-47AC-4679-B128-AF05FA31B027} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {D9653DC0-B352-4250-AEE3-AC5E1B2789EF} - System32\Tasks\{D28E92DD-DFFB-492D-8E7A-7955D3967F80} => C:\AeriaGames\AVA-DE\aeria_launcher.exe
Task: {D9E3F1D7-D474-4A5A-9C27-B85AE3DA70DC} - System32\Tasks\{DAFCD6A7-E06F-40AD-A93E-DE38AEA175A8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?source=lightinstaller&page=tsMain
Task: {DA7AE369-7E5A-4303-9177-250E6A4D937B} - System32\Tasks\{D83DD929-058A-44C0-B777-3239D43220E4} => C:\Program Files (x86)\Origin\Origin.exe [2014-12-01] (Electronic Arts)
Task: {E43EABB6-DA64-4626-858E-C52197B428CB} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {E4F76104-9FFF-4D32-936D-0219782F08BB} - System32\Tasks\{B8C9D562-4A85-4EA0-AD09-9100B4C7FC28} => msiexec.exe /package "C:\Users\Luc\Desktop\Setup.msi"
Task: {F1FF43FC-F23D-44DA-B197-341A7594020A} - System32\Tasks\{E227654C-849E-4BB9-A8C9-4FE20E67BB55} => C:\Users\Luc\Downloads\Hamachi-2.0.1.66.exe
Task: {F6A547D7-165B-42F2-AFA7-E59D59B641AF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001UA => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001Core.job => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001UA.job => C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Luc.job => C:\PROGRA~2\NORTON~2\Engine\372~1.5\Nss.exe
==================== Loaded Modules (whitelisted) =============
2014-09-03 09:56 - 2014-09-03 09:56 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
2010-10-10 00:51 - 2010-06-09 17:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-09-03 09:56 - 2014-10-27 08:33 - 02662424 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2010-06-28 14:20 - 2010-06-28 14:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-28 14:12 - 2010-06-28 14:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-09-03 09:56 - 2014-09-03 09:56 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
2010-07-25 07:10 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-10-29 09:51 - 2014-10-29 09:51 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\89753abff3827095ec7f3d3fb79f744a\IsdiInterop.ni.dll
2010-07-13 12:32 - 2010-04-13 17:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-11-26 22:08 - 2014-11-25 07:39 - 01077064 _____ () C:\Users\Luc\AppData\Local\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 22:08 - 2014-11-25 07:39 - 00211272 _____ () C:\Users\Luc\AppData\Local\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 22:08 - 2014-11-25 07:39 - 09009480 _____ () C:\Users\Luc\AppData\Local\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 22:08 - 2014-11-25 07:39 - 01677128 _____ () C:\Users\Luc\AppData\Local\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\Users\Luc\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Luc\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DynDNS Updater => 2
MSCONFIG\Services: Giraffic => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: OMSI download service => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer6 => 2
MSCONFIG\Services: TunngleService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DynDNS Updater Tray Icon.lnk => C:\Windows\pss\DynDNS Updater Tray Icon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^phase-6 Reminder.lnk => C:\Windows\pss\phase-6 Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 11-Registrierung.lnk => C:\Windows\pss\FIFA 11-Registrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Luc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Luc\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BitTorrent => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Desura => C:\Program Files (x86)\Desura\desura.exe -autostart
MSCONFIG\startupreg: DriverScanner => "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_B6F39745B3A4F961D3A08D8F9BC78B2D => "C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PLFSetL => C:\Windows\\PLFSetL.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
MSCONFIG\startupreg: Spotify => "C:\Users\Luc\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: VeohPlugin => "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-583997862-3316777395-3397561109-500 - Administrator - Disabled)
Gast (S-1-5-21-583997862-3316777395-3397561109-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-583997862-3316777395-3397561109-1002 - Limited - Enabled)
Luc (S-1-5-21-583997862-3316777395-3397561109-1001 - Administrator - Enabled) => C:\Users\Luc
==================== Faulty Device Manager Devices =============
Name: 1.3M WebCam
Description: USB-Videogerät
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/07/2014 06:11:55 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=12B8}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 2460420A-40002EE7).
Error: (12/07/2014 06:11:55 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=12B8}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.4763.1000.sft' herstellen (Rückgabecode 2460420A-40002EE7, ursprünglicher Rückgabecode 2460420A-40002EE7).
Error: (12/07/2014 06:09:41 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (12/04/2014 10:25:05 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=7E8}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 2460420A-40002EE2).
Error: (12/04/2014 10:25:05 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=7E8}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.4763.1000.sft' herstellen (Rückgabecode 2460420A-40002EE2, ursprünglicher Rückgabecode 2460420A-40002EE2).
Error: (12/04/2014 10:21:10 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (12/04/2014 09:57:53 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=624}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 2460420A-40002EE2).
Error: (12/04/2014 09:57:53 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=624}
Application Virtualization Client konnte keine Verbindung mit der Datenstrom-URL 'hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.4763.1000.sft' herstellen (Rückgabecode 2460420A-40002EE2, ursprünglicher Rückgabecode 2460420A-40002EE2).
Error: (12/04/2014 09:54:15 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (12/04/2014 05:07:44 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=1294}
Der Client konnte keine Verbindung mit Application Virtualization Server herstellen (Rückgabecode 2460420A-40002EE2).
System errors:
=============
Error: (12/07/2014 07:16:19 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.3.34.206
registriert werden. Der Computer mit IP-Adresse 10.3.34.135 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (12/04/2014 10:21:02 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.12.2014 um 22:18:40 unerwartet heruntergefahren.
Error: (12/04/2014 03:01:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.
Error: (12/04/2014 03:00:31 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst cvhsvc erreicht.
Error: (12/04/2014 03:00:00 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst AVGIDSAgent konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/04/2014 02:58:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst avgwd erreicht.
Error: (12/04/2014 02:57:57 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (12/04/2014 02:57:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 04.12.2014 um 14:47:27 unerwartet heruntergefahren.
Error: (12/03/2014 07:21:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/03/2014 07:21:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Rapid Storage Technology erreicht.
Microsoft Office Sessions:
=========================
Error: (12/07/2014 06:11:55 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=12B8}
2460420A-40002EE7
Error: (12/07/2014 06:11:55 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=12B8}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.4763.1000.sft2460420A-40002EE72460420A-40002EE7
Error: (12/07/2014 06:09:41 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (12/04/2014 10:25:05 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=7E8}
2460420A-40002EE2
Error: (12/04/2014 10:25:05 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=7E8}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.4763.1000.sft2460420A-40002EE22460420A-40002EE2
Error: (12/04/2014 10:21:10 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (12/04/2014 09:57:53 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=624}
2460420A-40002EE2
Error: (12/04/2014 09:57:53 PM) (Source: Application Virtualization Client) (EventID: 5009) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=624}
hxxp://c2r.microsoft.com/ConsumerC2R/de-de/14.0.4763.1000/ConsumerC2R.de-de_14.0.4763.1000.sft2460420A-40002EE22460420A-40002EE2
Error: (12/04/2014 09:54:15 PM) (Source: Avira AntiVir) (EventID: 4122) (User: NT-AUTORITÄT)
Description: AVPREF.DLL0x45a
Error: (12/04/2014 05:07:44 PM) (Source: Application Virtualization Client) (EventID: 3008) (User: )
Description: {hap=11:app=OfficeVirt 9014006604070000:tid=1294}
2460420A-40002EE2
CodeIntegrity Errors:
===================================
Date: 2013-07-19 13:40:23.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\a87813528f7f1c1dee\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-19 13:40:09.123
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\a87813528f7f1c1dee\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-19 13:39:56.703
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\a87813528f7f1c1dee\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-10 22:59:50.990
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-10 22:59:50.888
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-10 22:49:38.143
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-08-10 22:49:38.006
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-03-16 11:26:13.454
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-03-16 11:26:13.360
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\atikmpag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-09-10 20:21:55.907
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\hamachi.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 3958.71 MB
Available physical RAM: 1870.21 MB
Total Pagefile: 7915.6 MB
Available Pagefile: 5513.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:19.48 GB) NTFS
Drive e: (CM0102) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 12BFDFAE)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.12.2014, 19:58
| #4 |
| /// the machine /// TB-Ausbilder | Laptop: Bildschirm wird plötzlich weiß Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.12.2014, 00:27
| #5 |
| | Laptop: Bildschirm wird plötzlich weiß Combofix: Code:
ATTFilter ComboFix 14-12-08.01 - Luc 08.12.2014 23:57:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2359 [GMT 1:00]
ausgeführt von:: c:\users\Luc\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG update module *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Luc\Documents\~WRL0003.tmp
c:\users\Luc\Documents\~WRL3866.tmp
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-11-08 bis 2014-12-08 ))))))))))))))))))))))))))))))
.
.
2014-12-08 23:15 . 2014-12-08 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-08 22:54 . 2014-12-08 22:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BD3D1B9-39DE-464E-B42B-5802DC29F9F4}\offreg.dll
2014-12-08 21:20 . 2014-12-08 21:20 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-12-07 19:39 . 2014-12-07 19:43 -------- d-----w- C:\FRST
2014-12-04 22:54 . 2014-12-04 22:54 -------- d-----w- C:\found.004
2014-11-28 00:57 . 2014-11-28 00:57 -------- d-----w- c:\program files (x86)\ADVANCED Vokabeltrainer
2014-11-19 09:09 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 09:09 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 09:09 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-19 09:09 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 08:58 . 2014-11-19 08:58 -------- d-----w- c:\users\Luc\AppData\Local\Avg
2014-11-17 10:40 . 2014-11-17 10:39 191400 ----a-w- c:\windows\system32\javaw.exe
2014-11-17 10:40 . 2014-11-17 10:39 190888 ----a-w- c:\windows\system32\java.exe
2014-11-17 10:40 . 2014-11-17 10:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-11-17 00:18 . 2014-11-17 00:31 -------- d-----w- C:\LetsPlay
2014-11-13 07:02 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-11-13 07:02 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 07:02 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-13 06:44 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 06:44 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2014-11-13 06:44 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 06:44 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 06:44 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 06:44 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll
2014-11-13 06:44 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2014-11-13 06:44 . 2014-10-03 01:44 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2014-11-13 06:44 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-13 06:44 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-13 06:39 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 06:39 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-27 07:09 . 2012-09-15 13:16 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-27 07:09 . 2011-05-26 12:08 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-17 10:39 . 2014-05-29 15:08 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-11-17 10:39 . 2014-07-01 12:19 320936 ----a-w- c:\windows\system32\javaws.exe
2014-11-17 10:37 . 2014-05-29 15:06 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-11-13 00:40 . 2011-05-12 18:12 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-09-30 19:12 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 19:12 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"Spotify Web Helper"="c:\users\Luc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-16 1514040]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2014-10-27 2662424]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2013-02-19 453736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 07:09]
.
2014-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 22:13]
.
2014-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-20 22:13]
.
2014-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001Core.job
- c:\users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 20:55]
.
2014-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001UA.job
- c:\users\Luc\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mysearch.avg.com?cid={2E64020E-85CA-4788-9DC3-5609475022A7}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-05 19:43&v=18.1.7.598&pid=safeguard&sg=&sap=hp
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&ts=1393442248&type=default&q={searchTerms}
mDefault_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{E3BCE6C7-32F6-477E-ABB8-62991C54252F}: NameServer = 194.95.0.3 194.95.0.19
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M5FF68787-0C73-449C-A0F1-0F36A09B042E&SearchSource=55&CUI=&UM=6&UP=SP8EBBA265-F754-41B8-AE94-F8E4FE586F4C&SSPV=
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2014-10-16 15:32; firefox-hotfix@mozilla.org; c:\users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\extensions\firefox-hotfix@mozilla.org.xpi
FF - ExtSQL: !HIDDEN! 2014-02-26 20:19; quick_start@gmail.com; c:\users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\extensions\quick_start@gmail.com
FF - user.js: extensions.BabylonToolbar_i.id - 262b56760000000000004c0f6e95ab17
FF - user.js: extensions.BabylonToolbar_i.hardId - 262b56760000000000004c0f6e95ab17
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15313
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:44
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101287
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00181/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 262b56760000000000004c0f6e95ab17
FF - user.js: extensions.Softonic.instlDay - 15632
FF - user.js: extensions.Softonic.vrsn - 1.6.7.4
FF - user.js: extensions.Softonic.vrsni - 1.6.7.4
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.419:13
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00181
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652635212
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652635212
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652635212&q=
FF - user.js: extensions.funmoods.id - 7A7905ED6C275676
FF - user.js: extensions.funmoods.instlDay - 15664
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2223:43
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (Wert nicht festgelegt)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Glyph - c:\program files (x86)\Glyph\glyphuninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Luc\AppData\Local\Temp\0058D9F.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Luc\AppData\Local\Temp\00677E2.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-583997862-3316777395-3397561109-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,e7,cb,33,2f,21,d1,4a,01,87,1b,03,9c,35,b4,4e,e6,7d,ac,08,b4,59,ef,
66,f4,26,4f,c9,61,66,93,f5,63,ff,9d,5a,77,cd,36,4a,9a,51,57,2f,15,38,0b,cd,\
"??"=hex:aa,21,66,4e,5a,18,ac,38,ac,35,59,61,e2,c3,5d,88
.
[HKEY_USERS\S-1-5-21-583997862-3316777395-3397561109-1001\Software\SecuROM\License information*]
"datasecu"=hex:51,80,58,d2,e4,f4,b5,b8,a0,d0,56,02,75,49,a0,12,f8,bb,79,9d,3c,
bc,24,2d,26,35,2d,ff,da,73,bf,38,b3,21,8b,5a,58,32,e0,eb,f9,64,91,fb,76,20,\
"rkeysecu"=hex:6a,35,2f,de,eb,a7,35,f9,5a,5f,42,70,53,94,84,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-09 00:21:28
ComboFix-quarantined-files.txt 2014-12-08 23:21
.
Vor Suchlauf: 38 Verzeichnis(se), 89.576.349.696 Bytes frei
Nach Suchlauf: 51 Verzeichnis(se), 99.836.129.280 Bytes frei
.
- - End Of File - - 1AA23FB301FEA630D80FD9A678D75A92
|
|
09.12.2014, 16:34
| #6 |
| /// the machine /// TB-Ausbilder | Laptop: Bildschirm wird plötzlich weiß Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Laptop: Bildschirm wird plötzlich weiß |
|
10.12.2014, 00:25
| #7 |
| | Laptop: Bildschirm wird plötzlich weiß mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.12.2014 Suchlauf-Zeit: 23:51:05 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2014.12.09.08 Rootkit Datenbank: v2014.12.08.03 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Luc Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 360190 Verstrichene Zeit: 21 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 09/12/2014 um 23:14:55
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Luc - LUC-PC
# Gestartet von : C:\Users\Luc\Downloads\AdwCleaner_4.105.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : vToolbarUpdater3.2.0
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml
Datei Gefunden : C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gefunden : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gefunden : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\foxydeal.sqlite
Datei Gefunden : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\invalidprefs.js
Datei Gefunden : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\user.js
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden : C:\hotspot shield
Ordner Gefunden : C:\Program Files (x86)\AVG SafeGuard toolbar
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro
Ordner Gefunden : C:\Program Files (x86)\WinZipper
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Security Toolbar
Ordner Gefunden : C:\ProgramData\eSafe
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Uniblue
Ordner Gefunden : C:\ProgramData\Uniblue\DriverScanner
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\Luc\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Luc\AppData\Local\CrashRpt
Ordner Gefunden : C:\Users\Luc\AppData\Local\eSupport.com
Ordner Gefunden : C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
Ordner Gefunden : C:\Users\Luc\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Luc\AppData\Local\PutLockerDownloader
Ordner Gefunden : C:\Users\Luc\AppData\Local\webplayer
Ordner Gefunden : C:\Users\Luc\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Luc\AppData\LocalLow\Softonic
Ordner Gefunden : C:\Users\Luc\AppData\Roaming\ExpressFiles
Ordner Gefunden : C:\Users\Luc\AppData\Roaming\Funmoods
Ordner Gefunden : C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gefunden : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
Ordner Gefunden : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Ordner Gefunden : C:\Users\Luc\AppData\Roaming\WinZipper
Ordner Gefunden : C:\Users\Luc\Documents\Optimizer Pro
***** [ Tasks ] *****
Task Gefunden : Express FilesUpdate
Task Gefunden : Funmoods
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Smartbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\eSupport.com
Schlüssel Gefunden : HKCU\Software\ExpressFiles
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gefunden : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46D467CD-032F-47DF-9DAC-5D0FE2C592D8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Mozilla\Extends
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\BI
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\eSupport.com
Schlüssel Gefunden : [x64] HKCU\Software\ExpressFiles
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46D467CD-032F-47DF-9DAC-5D0FE2C592D8}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\dlQUE
Schlüssel Gefunden : HKLM\SOFTWARE\ExpressFiles
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gefunden : HKLM\SOFTWARE\hdcode
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\SearchquMediabarTb
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue
Schlüssel Gefunden : HKLM\SOFTWARE\Uniblue\DriverScanner
Schlüssel Gefunden : HKLM\SOFTWARE\V9
Schlüssel Gefunden : HKLM\SOFTWARE\winzipersvc
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://do-search.com/web/?type=ds&ts=1384891609&from=smt&uid=WDCXWD3200BPVT-22ZEST0_WD-WXC1A70V5540V5540&q={searchTerms}
-\\ Mozilla Firefox v25.0.1 (de)
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012..clientLogIsEnabled", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.AppTrackingLastCheckTime", "Sat Sep 17 2011 18:48:16 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129780839977253423", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129780841964128425", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129780842340847176", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.BrowserCompStateIsOpen_129876823373323936", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.CTID", "CT2653012");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.CurrentServerDate", "25-9-2012");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.DialogsAlignMode", "LTR");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.DialogsGetterLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.DownloadReferralCookieData", "");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.FirstServerDate", "27-5-2011");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.FirstTime", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.FirstTimeFF3", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.FixParvices.conduit.com/");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.HasUserGlobalKeys", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.HomePageProtectorEnabled", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.Initialize", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.InitializeCommonPrefs", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.InstallationId", "CT2653012_Veoh.exe");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.InstallationType", "ConduitIntegration");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.InstalledDate", "Fri May 27 2011 20:29:41 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.InvalidateCache", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.IsAlertDBUpdated", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.IsGrouping", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.IsMulticommunity", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.IsOpenThankYouPage", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.IsOpenUninstallPage", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LanguagePackLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LastLogin_3.13.0.6", "Thu Jul 26 2012 17:19:15 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LastLogin_3.14.1.0", "Sun Aug 26 2012 14:41:50 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LastLogin_3.15.1.0", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LastLogin_3.3.3.2", "Mon Aug 15 2011 16:05:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Sep 27 2011 16:07:54 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LastLogin_3.7.0.6", "Sun Nov 06 2011 11:46:59 GMT+0100");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.LatestVersion", "3.14.1.0");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.Locale", "en");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.MCDetectTooltipHeight", "83");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.MCDetectTooltipWidth", "295");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioIsPodcast", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioLastCheckTime", "Sat Nov 05 2011 20:10:36 GMT+0100");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioMediaID", "21806912");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioMediaType", "Media Player");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioShrinkedFromSetup", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SavedHomepage", "hxxp://www.searchqu.com/406");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchEngineBeforeUnload", "Ask.com");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchInNewTabEnabled", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 17:51:13 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchProtectorEnabled", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SearchProtectorToolbarDisabled", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.ServiceMapLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SettingsLastCheckTime", "Tue Sep 25 2012 17:51:13 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.SettingsLastUpdate", "1348495115");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Tue Oct 25 2011 20:49:02 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.UserID", "UN97722223813956184");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.ValidationData_Toolbar", 2);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.alertChannelId", "1045667");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.approveUntrustedApps", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.backendstorage.ct2653012ads1", "253742253232616473253232253341253542253742253232616964253232253341253232333639312532322532432532327469746C652532322533412532324665726E736568656E253[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.backendstorage.ct2653012current_term", "");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.backendstorage.ct2653012sdate", "2D31");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.backendstorage.facebook_mode", "32");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.backendstorage.facebook_user_locale", "6465");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Sun Nov 06 2011 11:46:59 GMT+0100");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.initDone", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.isAppTrackingManagerOn", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.isFirstRadioInstallation", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.myStuffEnabled", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,111,129518362214439676,129234227786178949,129221945086194357,1000082,129523391987349046,129514968327663878,129514973829994437,[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.revertSettingsEnabled", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.searchProtectorEnableByLogin", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.testingCtid", "");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Tue Oct 25 2011 15:47:06 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2653012.usagesFlag", 2);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855..clientLogIsEnabled", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.us
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.AppTrackingLastCheckTime", "Mon Apr 16 2012 21:18:03 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.CTID", "CT2849855");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.CurrentServerDate", "25-9-2012");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.DSInstall", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.DialogsAlignMode", "LTR");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.DialogsGetterLastCheckTime", "Tue Sep 25 2012 17:51:22 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.DownloadReferralCookieData", "");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.EMailNotifierPollDate", "Tue Sep 18 2012 18:33:33 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedLastCount129349796701375473", 501);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313974171006416", "Tue Sep 18 2012 18:33:33 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313975698350231", "Tue Sep 18 2012 18:33:33 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313976370850190", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313976648818968", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313977444757117", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313980389131455", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313980655381977", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313980886163259", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313981234756535", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313983226631720", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedPollDate129313983607725691", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedTTL129313974171006416", 10);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedTTL129313977444757117", 15);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedTTL129313980655381977", 5);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FeedTTL129313981234756535", 5);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FirstServerDate", "12-4-2012");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FirstTime", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FirstTimeFF3", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.FixPageNotFoundErrors", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.HPInstall", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.HasUserGlobalKeys", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.HomePageProtectorEnabled", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.HomepageBeforeUnload", "hxxp://www.searchqu.com/406");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.Initialize", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.InitializeCommonPrefs", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.InstallationId", "ConduitXPEIntegration");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.InstallationType", "ConduitXPEIntegration");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.InstalledDate", "Tue Apr 10 2012 13:11:56 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.IsAlertDBUpdated", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.IsGrouping", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.IsInitSetupIni", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.IsMulticommunity", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.IsOpenThankYouPage", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.IsOpenUninstallPage", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LanguagePackLastCheckTime", "Tue Sep 25 2012 17:51:22 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LastLogin_3.10.0.1", "Sun Apr 29 2012 22:31:27 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LastLogin_3.12.2.3", "Thu Jun 07 2012 19:03:11 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LastLogin_3.13.0.6", "Thu Jul 26 2012 17:19:20 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LastLogin_3.14.1.0", "Mon Aug 27 2012 18:36:25 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LastLogin_3.15.1.0", "Tue Sep 25 2012 17:51:22 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.LatestVersion", "3.14.1.0");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.Locale", "de");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.MCDetectTooltipHeight", "83");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.MCDetectTooltipWidth", "295");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.OriginalFirstVersion", "3.10.0.1");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchCaption", "BittorrentBar_DE Customized Web Search");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchEngineBeforeUnload", "Ask.com");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchInNewTabEnabled", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 17:51:21 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchProtectorEnabled", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SendProtectorDataViaLogin", true);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.ServiceMapLastCheckTime", "Tue Sep 25 2012 17:51:21 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SettingsLastCheckTime", "Tue Sep 25 2012 17:51:20 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.SettingsLastUpdate", "1348495115");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Mon Sep 17 2012 23:37:25 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.UserID", "UN45279660439462016");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.ValidationData_Toolbar", 1);
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.WeatherNetwork", "");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.WeatherPollDate", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.WeatherUnit", "C");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.alertChannelId", "1241896");
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT2849855.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
[afwn3n27.default] - Zeile gefunden : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101287");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.id", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15313");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:44:27");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.aflt", "SD");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.autoRvrt", "false");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.cntry", "DE");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.cv", "cv5");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.dfltLng", "");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.dfltlng", "en");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.dfltsrch", "false");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.envrmnt", "production");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.excTlbr", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.hdrMd5", "EB5C2793B3576342AEE54CF644DFC0C4");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.hmpg", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.hrdid", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.id", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.instlDay", "15632");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.instlRef", "MON00181");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.instlday", "15632");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.instlref", "MON00181");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.isdcmntcmplt", "false");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.keywordurl", "");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.419:13:05");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.monitorreport", true);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.newTab", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.newtab", "false");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.newtaburl", "");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.prdct", "Softonic");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.prtnrId", "softonic");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.prtnrid", "softonic");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1069\",\"name\":\"ORS Rom?ntica en espa?ol\",\"url\":\"hxxp://www.orsradio.com/oldies56k.asx\",\"streamType\":\"mp\"},{\"id\":\"1213\",\"na[...]
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.savedVrsnTs", "1");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.sg", "az");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.smplGrp", "none");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.smplgrp", "none");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.srch", "");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.srchprvdr", "");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.storage\\storage\\mpvinpagemutex", "e3e2890b723c908a718ea3682f19a24c@@@Fri Mar 21 2014 07:05:49 GMT+0100");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.tlbrId", "base");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.tlbrid", "base");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00181/tb_v1?SearchSource=1&cc=&q=");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.vrsnTs", "1.6.7.419:13:05");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic.vrsnts", "1.6.7.419:13:05");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic_i.newTab", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic_i.smplGrp", "none");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.419:13:05");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12,ich%40maltegoetz.de:1.5.5,%7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.6.0,quick_st[...]
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.aflt", "download");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.autoRvrt", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.dfltLng", "");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.dfltSrch", true);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.dnsErr", true);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.envrmnt", "production");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.excTlbr", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.hmpg", true);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=65263[...]
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.id", "7A7905ED6C275676");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.instlDay", "15664");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.instlRef", "download");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652[...]
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.srchPrvdr", "Search");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.tlbrId", "base");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=6[...]
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods_i.newTab", true);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:43:14");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.quick_start.enable_search1", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.affiliate_id", "6447");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.firstrun", "false");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.log_send_info", "false");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":1262,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.no_trace", "false");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.trace_log", "1390173017787 - processInstallationUpgrade - version set to : 1.25\n1390173017788 - processBrowserLoad - Bad mappingListJsonString: null\n1390173021206 - onFla[...]
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.unique_id", "9F1AE5FEF824776419E76F095794BA52");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.user_current_mapping_version", "0");
[afwn3n27.default] - Zeile gefunden : user_pref("extensions.wajam.version", "1.25");
-\\ Google Chrome v
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [55580 octets] - [09/12/2014 23:14:55]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [55641 octets] ##########
Code:
ATTFilter # AdwCleaner v4.105 - Bericht erstellt am 09/12/2014 um 23:32:41
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-08.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Luc - LUC-PC
# Gestartet von : C:\Users\Luc\Downloads\AdwCleaner_4.105.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : vToolbarUpdater3.2.0
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\hotspot shield
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Users\Luc\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Luc\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\Luc\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Luc\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Luc\AppData\Local\webplayer
Ordner Gelöscht : C:\Users\Luc\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Luc\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Luc\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Luc\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Luc\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\Luc\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Luc\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}
[!] Ordner Gelöscht : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Ordner Gelöscht : C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl
Datei Gelöscht : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\invalidprefs.js
Datei Gelöscht : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\delta-homes.xml
Datei Gelöscht : C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\user.js
Datei Gelöscht : C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
***** [ Tasks ] *****
Task Gelöscht : Express FilesUpdate
Task Gelöscht : Funmoods
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{46D467CD-032F-47DF-9DAC-5D0FE2C592D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\dlQUE
Schlüssel Gelöscht : HKLM\SOFTWARE\ExpressFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\V9
Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\9EC6D81181F59F2459A84176A626F9ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v25.0.1 (de)
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012..clientLogIsEnabled", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.AppTrackingLastCheckTime", "Sat Sep 17 2011 18:48:16 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129780839977253423", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129780841964128425", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129780842340847176", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.BrowserCompStateIsOpen_129876823373323936", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.CTID", "CT2653012");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.CurrentServerDate", "25-9-2012");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.DialogsAlignMode", "LTR");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.DialogsGetterLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.DownloadReferralCookieData", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.FirstServerDate", "27-5-2011");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.FirstTime", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.FirstTimeFF3", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.FixParvices.conduit.com/");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.HasUserGlobalKeys", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.HomePageProtectorEnabled", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.Initialize", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.InitializeCommonPrefs", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.InstallationId", "CT2653012_Veoh.exe");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.InstallationType", "ConduitIntegration");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.InstalledDate", "Fri May 27 2011 20:29:41 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.InvalidateCache", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.IsAlertDBUpdated", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.IsGrouping", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.IsMulticommunity", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.IsOpenThankYouPage", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.IsOpenUninstallPage", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LanguagePackLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LastLogin_3.13.0.6", "Thu Jul 26 2012 17:19:15 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LastLogin_3.14.1.0", "Sun Aug 26 2012 14:41:50 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LastLogin_3.15.1.0", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LastLogin_3.3.3.2", "Mon Aug 15 2011 16:05:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Sep 27 2011 16:07:54 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LastLogin_3.7.0.6", "Sun Nov 06 2011 11:46:59 GMT+0100");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.LatestVersion", "3.14.1.0");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.Locale", "en");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.MCDetectTooltipHeight", "83");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.MCDetectTooltipWidth", "295");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioIsPodcast", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioLastCheckTime", "Sat Nov 05 2011 20:10:36 GMT+0100");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioMediaID", "21806912");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioMediaType", "Media Player");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioShrinkedFromSetup", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SavedHomepage", "hxxp://www.searchqu.com/406");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchEngineBeforeUnload", "Ask.com");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchInNewTabEnabled", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 17:51:13 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchProtectorEnabled", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SearchProtectorToolbarDisabled", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.ServiceMapLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SettingsLastCheckTime", "Tue Sep 25 2012 17:51:13 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.SettingsLastUpdate", "1348495115");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Tue Oct 25 2011 20:49:02 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.UserID", "UN97722223813956184");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.ValidationData_Toolbar", 2);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.alertChannelId", "1045667");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.approveUntrustedApps", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.backendstorage.ct2653012ads1", "253742253232616473253232253341253542253742253232616964253232253341253232333639312532322532432532327469746C652532322533412532324665726E736568656E253[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.backendstorage.ct2653012current_term", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.backendstorage.ct2653012sdate", "2D31");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.backendstorage.facebook_mode", "32");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.backendstorage.facebook_user_locale", "6465");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Sun Nov 06 2011 11:46:59 GMT+0100");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.initDone", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.isAppTrackingManagerOn", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.isFirstRadioInstallation", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.myStuffEnabled", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,111,129518362214439676,129234227786178949,129221945086194357,1000082,129523391987349046,129514968327663878,129514973829994437,[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.revertSettingsEnabled", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.searchProtectorEnableByLogin", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.testingCtid", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 17:51:14 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Tue Oct 25 2011 15:47:06 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2653012.usagesFlag", 2);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855..clientLogIsEnabled", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.us
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.AppTrackingLastCheckTime", "Mon Apr 16 2012 21:18:03 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.CTID", "CT2849855");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.CurrentServerDate", "25-9-2012");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.DSInstall", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.DialogsAlignMode", "LTR");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.DialogsGetterLastCheckTime", "Tue Sep 25 2012 17:51:22 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.DownloadReferralCookieData", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.EMailNotifierPollDate", "Tue Sep 18 2012 18:33:33 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedLastCount129349796701375473", 501);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313974171006416", "Tue Sep 18 2012 18:33:33 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313975698350231", "Tue Sep 18 2012 18:33:33 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313976370850190", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313976648818968", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313977444757117", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980389131455", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980655381977", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313980886163259", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313981234756535", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313983226631720", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedPollDate129313983607725691", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedTTL129313974171006416", 10);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedTTL129313977444757117", 15);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedTTL129313980655381977", 5);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FeedTTL129313981234756535", 5);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FirstServerDate", "12-4-2012");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FirstTime", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FirstTimeFF3", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.FixPageNotFoundErrors", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.HPInstall", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.HasUserGlobalKeys", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.HomePageProtectorEnabled", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.HomepageBeforeUnload", "hxxp://www.searchqu.com/406");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.Initialize", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.InitializeCommonPrefs", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.InstallationId", "ConduitXPEIntegration");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.InstallationType", "ConduitXPEIntegration");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.InstalledDate", "Tue Apr 10 2012 13:11:56 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.IsAlertDBUpdated", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.IsGrouping", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.IsInitSetupIni", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.IsMulticommunity", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.IsOpenThankYouPage", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.IsOpenUninstallPage", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LanguagePackLastCheckTime", "Tue Sep 25 2012 17:51:22 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LastLogin_3.10.0.1", "Sun Apr 29 2012 22:31:27 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LastLogin_3.12.2.3", "Thu Jun 07 2012 19:03:11 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LastLogin_3.13.0.6", "Thu Jul 26 2012 17:19:20 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LastLogin_3.14.1.0", "Mon Aug 27 2012 18:36:25 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LastLogin_3.15.1.0", "Tue Sep 25 2012 17:51:22 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.LatestVersion", "3.14.1.0");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.Locale", "de");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipHeight", "83");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.MCDetectTooltipWidth", "295");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.OriginalFirstVersion", "3.10.0.1");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchCaption", "BittorrentBar_DE Customized Web Search");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchEngineBeforeUnload", "Ask.com");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=2&q=");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchInNewTabEnabled", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 17:51:21 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchProtectorEnabled", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SendProtectorDataViaLogin", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.ServiceMapLastCheckTime", "Tue Sep 25 2012 17:51:21 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SettingsLastCheckTime", "Tue Sep 25 2012 17:51:20 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.SettingsLastUpdate", "1348495115");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Mon Sep 17 2012 23:37:25 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1331806000");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.UserID", "UN45279660439462016");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.ValidationData_Toolbar", 1);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.WeatherNetwork", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.WeatherPollDate", "Tue Sep 18 2012 18:33:34 GMT+0200");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.WeatherUnit", "C");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.alertChannelId", "1241896");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B445D4B4C504A6259646C787A2[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT2849855.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D705D465F4D4E534D645B66705[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("CT3309350.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101287");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15313");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:44:27");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.aflt", "SD");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.cntry", "DE");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.cv", "cv5");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dfltlng", "en");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.dfltsrch", "false");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.envrmnt", "production");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.hdrMd5", "EB5C2793B3576342AEE54CF644DFC0C4");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.hmpg", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.hrdid", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.id", "262b56760000000000004c0f6e95ab17");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "15632");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MON00181");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlday", "15632");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.instlref", "MON00181");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", "false");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.keywordurl", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.419:13:05");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.monitorreport", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.newTab", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.newtab", "false");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.newtaburl", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.radiomystations", "[{\"id\":\"1069\",\"name\":\"ORS Rom?ntica en espa?ol\",\"url\":\"hxxp://www.orsradio.com/oldies56k.asx\",\"streamType\":\"mp\"},{\"id\":\"1213\",\"na[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.savedVrsnTs", "1");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.sg", "az");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.smplgrp", "none");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.srch", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.srchprvdr", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.storage\\storage\\mpvinpagemutex", "e3e2890b723c908a718ea3682f19a24c@@@Fri Mar 21 2014 07:05:49 GMT+0100");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "base");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.tlbrid", "base");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00181/tb_v1?SearchSource=1&cc=&q=");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.7.419:13:05");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.419:13:05");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic_i.newTab", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.419:13:05");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.12,ich%40maltegoetz.de:1.5.5,%7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.6.0,quick_st[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.aflt", "download");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.dfltLng", "");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.dnsErr", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.excTlbr", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.hmpg", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=65263[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.id", "7A7905ED6C275676");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.instlDay", "15664");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.instlRef", "download");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=652[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDyD0E0DyC0CtByByDyCyByCtN0D0Tzu0CtAtByDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=6[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods_i.newTab", true);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2223:43:14");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.affiliate_id", "6447");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.firstrun", "false");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.log_send_info", "false");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21088\",\"update_interval\":1262,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.no_trace", "false");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21088");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.trace_log", "1390173017787 - processInstallationUpgrade - version set to : 1.25\n1390173017788 - processBrowserLoad - Bad mappingListJsonString: null\n1390173021206 - onFla[...]
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.unique_id", "9F1AE5FEF824776419E76F095794BA52");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
[afwn3n27.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wajam.version", "1.25");
-\\ Google Chrome v
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [55978 octets] - [09/12/2014 23:14:55]
AdwCleaner[S0].txt - [57263 octets] - [09/12/2014 23:32:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [57324 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Luc on 09.12.2014 at 23:41:34,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-583997862-3316777395-3397561109-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Failed to delete: [Folder] C:\Users\Luc\AppData\Roaming\mozilla\firefox\profiles\afwn3n27.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Luc\AppData\Roaming\mozilla\firefox\profiles\afwn3n27.default\sweetpackstoolbardata
Emptied folder: C:\Users\Luc\AppData\Roaming\mozilla\firefox\profiles\afwn3n27.default\minidumps [322 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.12.2014 at 23:47:25,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
10.12.2014, 19:15
| #8 |
| /// the machine /// TB-Ausbilder | Laptop: Bildschirm wird plötzlich weißESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2014, 20:07
| #9 |
| | Laptop: Bildschirm wird plötzlich weißCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8af26f3d3ce6024abb6301f8d5fa3ddd
# engine=21494
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-11 12:45:38
# local_time=2014-12-11 01:45:38 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AntiVir Desktop'
# compatibility_mode=1797 16775166 100 89 52056834 154790582 52803489 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 85250 169888588 0 0
# scanned=484524
# found=16
# cleaned=14
# scan_time=12594
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe"
sh=7F3123F9486AB1DB721227C96D34C13AF7DC96BD ft=1 fh=1390f562c049107b vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].exe"
sh=37824D4B366B35F9C84237C48E66DF9687EEDEC6 ft=1 fh=c570259d3a36278d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\Plugins\npConduitFirefoxPlugin.dll.vir"
sh=D4B66D63BDB5B1E3B008FCEC0339D4EFEF9ACBC3 ft=1 fh=b8d78b984d4f7d1a vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=1EFF205D7D0D82BAF841A98C176D700114E13FE6 ft=1 fh=b22528247c19a550 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Avira\AntiVir Desktop\ApnIC.dll"
sh=1A99D3266CE87FB2164E1153B4FD5815AC71DEDC ft=1 fh=70872bf696bd64be vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Avira\AntiVir Desktop\ApnStub.exe"
sh=F03442B504B5CE723ABE855CB805DABEF4E78F1E ft=1 fh=5c1d6bdce6f6a178 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung (gelöscht (nach dem nächsten Neustart) - in Quarantäne kopiert)" ac=C fn="C:\Program Files (x86)\Avira\AntiVir Desktop\ApnToolbarInstaller.exe"
sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\Plugins\npConduitFirefoxPlugin.dll"
sh=3F20DC68A6AAC23C4702D16C8A5388DCFE591AEA ft=1 fh=e5e2264a283a7f45 vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Luc\Desktop\blablabla dreckdreckdreck\all\MyBabylonTB.exe"
sh=926F769ABBEA911867B52E9569D36DCDEFA87ADC ft=1 fh=59fbe9116d412162 vn="Variante von Win32/GameHack.F potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Luc\Desktop\blablabla dreckdreckdreck\all\KOEI\Warriors Orochi Trainer.exe"
sh=A3DF2EA7122137AE317D777D753A649F9CCF0018 ft=1 fh=8481c68e8dbc9b65 vn="Variante von Generik.CLMVYDU Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Luc\Desktop\blablabla dreckdreckdreck\all\KOEI\WARRIORS_OROCHI\WarriorOrochi_WinXP.exe"
sh=BDF120E321DC1DA840B2055189317099C089B332 ft=1 fh=7386a36f1c8fc713 vn="Variante von Win32/GameHack.EH potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Luc\Desktop\blablabla dreckdreckdreck\all\SLOT\re4eu110trn10\asx-re4_eu110.exe"
sh=4748A40F27661AA420F4F56F62051A1841B006FB ft=1 fh=1ab9e4cbae018669 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Luc\Downloads\Microsoft NET Framework 4 5 2 - CHIP-Installer.exe"
sh=90A8A1543C5824343825D17AD63759D57F32DC40 ft=1 fh=580f0ecd7cd173d8 vn="Variante von Win32/RemoteAdmin.RemoteExec.AA potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Luc\SIWPortable\SIWPortable.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 11\gt.exe"
sh=7F3123F9486AB1DB721227C96D34C13AF7DC96BD ft=1 fh=1390f562c049107b vn="Variante von Win32/Wajam.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\wajam_update[1].exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.91
Windows 7 Service Pack 1 x64
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2015
AntiVir Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
AVG Web TuneUp
JavaFX 2.1.1
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Java 7 Update 51
Java 8 Update 25
Java version 32-bit out of Date!
Adobe Flash Player 15.0.0.239
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 25.0.1 Firefox out of Date!
Google Chrome (39.0.2171.65)
Google Chrome (39.0.2171.71)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Luc (administrator) on LUC-PC on 14-12-2014 20:03:05
Running from C:\Users\Luc\Downloads
Loaded Profile: Luc (Available profiles: Luc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Spotify Ltd) C:\Users\Luc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [968272 2010-06-22] (Dritek System Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-07-13] (Google Inc.)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Run: [Spotify Web Helper] => C:\Users\Luc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-583997862-3316777395-3397561109-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE428
BHO: avast! WebRep -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-583997862-3316777395-3397561109-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.3.0.10 10.3.0.130
Tcpip\..\Interfaces\{E3BCE6C7-32F6-477E-ABB8-62991C54252F}: [NameServer] 194.95.0.3 194.95.0.19
FireFox:
========
FF ProfilePath: C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31010.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-583997862-3316777395-3397561109-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-583997862-3316777395-3397561109-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Luc\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-583997862-3316777395-3397561109-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: ProxTube - Unblock YouTube - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\ich@maltegoetz.de [2013-12-18]
FF Extension: iMacros for Firefox - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013-12-18]
FF Extension: Veoh Web Player - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2013-12-12]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-10-16]
FF Extension: Adblock Plus - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-16]
FF Extension: Greasemonkey - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\extensions\ffxtlbra@softonic.com [Not Found]
FF Extension: No Name - C:\Users\Luc\AppData\Roaming\Mozilla\Firefox\Profiles\afwn3n27.default\extensions\quick_start@gmail.com [Not Found]
Chrome:
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.15&pid=wtu&sg=&sap=hp
CHR StartupUrls: Default -> "https://mysearch.avg.com?cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.15&pid=wtu&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default -> https://mysearch.avg.com/search?cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.14&pid=wtu&sg=&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={FE9D593E-440D-4BE6-8D78-34B7B82405FD}&mid=c201e84c49a147d3b63fcd3c4ef48a98-0a3116110c5b953eb06cfdd5b0c2f31cc3c42424&lang=de&ds=AVG&pr=fr&d=2014-09-03 10:56:40&v=3.2.0.14&pid=wtu&sg=
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24]
CHR Extension: (Office Mini Golf) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnecahfomcahannbpejkkalmmoeeihbg [2012-10-19]
CHR Extension: (Adblock Plus) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-12]
CHR Extension: (Google-Suche) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-24]
CHR Extension: (Battlefield Play4Free) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei [2012-07-12]
CHR Extension: (AdBlock) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-27]
CHR Extension: (Classic Popup Blocker) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp [2012-07-24]
CHR Extension: (Happy Wheels) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljdngafdeknonigdklkdlolkefpigejp [2012-10-19]
CHR Extension: (Click to activate/deactivate ProxTube) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko [2012-02-13]
CHR Extension: (Google Wallet) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Google Mail) - C:\Users\Luc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-24]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
CHR StartMenuInternet: Google Chrome - C:\Users\Luc\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) [File not signed]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [203264 2010-05-27] (AMD) [File not signed]
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480 2011-07-23] (Avira GmbH)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed]
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2014-10-03] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2014-10-03] (Microsoft Corporation) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1486664 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\system32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [187904 2014-07-07] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2014-07-07] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation) [File not signed]
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-05-23] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-11-22] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation) [File not signed]
S2 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) [File not signed]
S2 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4182496 2011-05-26] (INCA Internet Co., Ltd.) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-12-01] (Electronic Arts)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\system32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed]
R3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2014-04-12] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
R3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed]
R3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-03] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\system32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-04] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-28] (Microsoft Corporation) [File not signed]
S3 xsherlock; C:\Windows\SysWOW64\xsherlock.xem [675936 2012-08-27] (Wellbia.com Co., Ltd.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2014-05-30] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-14] (Microsoft Corporation) [File not signed]
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6856192 2010-05-27] (ATI Technologies Inc.) [File not signed]
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [264192 2010-05-27] (Advanced Micro Devices, Inc.) [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3580928 2012-03-09] (Qualcomm Atheros Communications, Inc.) [File not signed]
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-05] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-23] (Avira GmbH)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-03] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-23] (Avira GmbH)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-07-01] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation) [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-05] ()
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] (Microsoft Corporation) [File not signed]
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-17] (Microsoft Corporation) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] (Microsoft Corporation) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2014-11-11] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-17] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-02] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbaudio; C:\Windows\system32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-03] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) [File not signed]
S3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [68992 2009-04-08] (Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\c:\users\luc\desktop\l4d\left 4 dead 2\bin\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena\safedrv.sys [X]
S3 X6va005; \??\C:\Users\Luc\AppData\Local\Temp\0058D9F.tmp [X]
S3 X6va006; \??\C:\Users\Luc\AppData\Local\Temp\00677E2.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 19:37 - 2014-12-14 19:37 - 00852490 _____ () C:\Users\Luc\Downloads\SecurityCheck.exe
2014-12-11 14:44 - 2014-12-11 14:44 - 00912541 _____ (FIFA MASTER ) C:\Users\Luc\Downloads\setup_dbm_14_0.exe
2014-12-11 14:44 - 2014-12-11 14:44 - 00001170 _____ () C:\Users\Luc\Desktop\DB Master.lnk
2014-12-11 14:44 - 2014-12-11 14:44 - 00000000 ____D () C:\Users\Luc\Documents\FM_temp
2014-12-11 14:44 - 2014-12-11 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa Master
2014-12-11 14:44 - 2014-12-11 14:44 - 00000000 ____D () C:\Program Files (x86)\Fifa Master
2014-12-11 14:15 - 2014-12-11 14:15 - 00171907 _____ () C:\Users\Luc\Downloads\RE4 Melee Trainer v4.1.zip
2014-12-11 13:10 - 2014-12-11 13:19 - 00000000 ____D () C:\Users\Luc\Desktop\Essay
2014-12-11 13:06 - 2014-12-11 13:06 - 00017759 _____ () C:\Users\Luc\Downloads\Druckformatvorlage-Word-Essays.dotx
2014-12-11 10:47 - 2014-12-11 10:47 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\AVG2015
2014-12-11 10:43 - 2014-12-11 10:43 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-12-11 10:43 - 2014-12-11 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-12-11 10:42 - 2014-12-11 10:44 - 00000000 ____D () C:\ProgramData\AVG2015
2014-12-11 10:36 - 2014-12-11 10:36 - 00000000 ____D () C:\Users\Luc\Desktop\Material
2014-12-10 22:14 - 2014-12-10 22:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-10 22:11 - 2014-12-10 22:11 - 02347384 _____ (ESET) C:\Users\Luc\Downloads\esetsmartinstaller_deu.exe
2014-12-10 21:59 - 2014-12-10 21:59 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 02:49 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 02:49 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 02:49 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 02:49 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 02:49 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 02:49 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 02:49 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 02:49 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 02:49 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 02:49 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 02:09 - 2014-12-10 02:09 - 174022504 _____ (AVG Technologies) C:\Users\Luc\Downloads\avg_free_x64_all_2015_5557a8402.exe
2014-12-10 00:15 - 2014-12-10 00:15 - 00001201 _____ () C:\Users\Luc\Desktop\mbam.txt
2014-12-09 23:49 - 2014-12-09 23:30 - 00055978 _____ () C:\Users\Luc\Desktop\AdwCleaner[R0].txt
2014-12-09 23:47 - 2014-12-09 23:47 - 00002678 _____ () C:\Users\Luc\Desktop\JRT.txt
2014-12-09 23:41 - 2014-12-09 23:41 - 00000000 ____D () C:\Windows\ERUNT
2014-12-09 23:40 - 2014-12-09 23:41 - 01707646 _____ (Thisisu) C:\Users\Luc\Downloads\JRT.exe
2014-12-09 23:38 - 2014-12-09 23:38 - 00057629 _____ () C:\Users\Luc\Desktop\AdwCleaner[S0].txt
2014-12-09 23:33 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-09 23:33 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-09 23:33 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-09 23:33 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-09 23:33 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-09 23:33 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-09 23:33 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-09 23:33 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-09 23:33 - 2014-10-30 03:04 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-09 23:33 - 2014-10-30 02:46 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-09 23:33 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-12-09 23:33 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-12-09 23:32 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-09 23:32 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-09 23:32 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 23:32 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-09 23:32 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-09 23:32 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 23:32 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-09 23:32 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 23:32 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-09 23:32 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 23:32 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 23:32 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-09 23:32 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-09 23:32 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 23:32 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 23:32 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 23:32 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 23:32 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 23:32 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-09 23:32 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-09 23:32 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 23:32 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-09 23:32 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 23:32 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 23:32 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-09 23:32 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 23:32 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 23:32 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-09 23:32 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 23:32 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-09 23:32 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 23:32 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 23:32 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 23:32 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-09 23:32 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 23:32 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 23:32 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-09 23:32 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 23:32 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 23:32 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-09 23:32 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 23:32 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 23:32 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-09 23:32 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 23:32 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 23:32 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-09 23:32 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 23:32 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 23:32 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-09 23:31 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 23:31 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 23:31 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-09 23:31 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-09 23:31 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-09 23:31 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-09 23:31 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 23:31 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-09 23:31 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 23:31 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 23:31 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-09 23:31 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-09 23:31 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-09 23:31 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-09 23:31 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-09 23:31 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-09 23:31 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-09 23:31 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-09 23:31 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-09 23:31 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-09 23:31 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 23:31 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-09 23:31 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-09 23:31 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 23:14 - 2014-12-09 23:34 - 00000000 ____D () C:\AdwCleaner
2014-12-09 23:14 - 2014-12-09 23:14 - 02166272 _____ () C:\Users\Luc\Downloads\AdwCleaner_4.105.exe
2014-12-09 22:37 - 2014-12-09 23:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-09 22:37 - 2014-12-09 22:37 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-09 22:37 - 2014-12-09 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-12-09 22:37 - 2014-12-09 22:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-09 22:37 - 2014-12-09 22:37 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-12-09 22:37 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-09 22:37 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-09 22:37 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-09 22:28 - 2014-12-09 22:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Luc\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-09 10:36 - 2014-12-09 10:35 - 00023801 _____ () C:\Users\Luc\Desktop\Cultural studies home exam.odt
2014-12-09 10:35 - 2014-12-09 10:35 - 00023801 _____ () C:\Users\Luc\Downloads\Cultural studies home exam.odt
2014-12-09 10:14 - 2014-12-09 10:15 - 63363736 _____ (Microsoft Corporation) C:\Users\Luc\Downloads\PowerPointViewer2010.exe
2014-12-09 10:13 - 2014-12-09 10:13 - 08774656 _____ () C:\Users\Luc\Downloads\TIffany and Co. Competitive Analysis Presentation.ppt
2014-12-09 10:13 - 2014-12-09 10:13 - 08774656 _____ () C:\Users\Luc\Desktop\TIffany and Co. Competitive Analysis Presentation.ppt
2014-12-09 09:46 - 2014-12-09 09:46 - 00087704 _____ () C:\Windows\cadkasdeinst01.exe
2014-12-09 09:46 - 2014-12-09 09:46 - 00001034 _____ () C:\Users\Luc\Desktop\PDF Editor 4.5.lnk
2014-12-09 09:46 - 2014-12-09 09:46 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.5
2014-12-09 09:46 - 2014-12-09 09:46 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\CAD-KAS
2014-12-09 09:46 - 2014-12-09 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.5
2014-12-09 09:46 - 2014-12-09 09:46 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 4
2014-12-09 09:45 - 2014-12-09 09:46 - 18084637 _____ () C:\Users\Luc\Downloads\pdfeditor_4.5.zip
2014-12-09 09:32 - 2014-12-09 09:32 - 00008930 _____ () C:\Users\Luc\Downloads\smime (1).p7s
2014-12-09 00:29 - 2014-12-11 10:44 - 00000000 ____D () C:\Users\Luc\AppData\Local\Avg2015
2014-12-09 00:29 - 2014-12-09 00:29 - 04579240 _____ (AVG Technologies) C:\Users\Luc\Downloads\avg_isct_stb_all_2015_5315_WAO_1.exe
2014-12-09 00:21 - 2014-12-09 00:21 - 00023176 _____ () C:\ComboFix.txt
2014-12-08 23:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-08 23:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-08 23:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-08 23:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-08 23:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-08 23:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-08 23:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-08 23:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-08 23:46 - 2014-12-09 00:21 - 00000000 ____D () C:\Qoobox
2014-12-08 23:46 - 2014-12-09 00:18 - 00000000 ____D () C:\Windows\erdnt
2014-12-08 23:44 - 2014-12-08 23:44 - 05601243 ____R (Swearware) C:\Users\Luc\Desktop\ComboFix.exe
2014-12-08 23:44 - 2014-12-08 23:44 - 05601243 _____ (Swearware) C:\Users\Luc\Downloads\ComboFix.exe
2014-12-08 22:20 - 2014-12-08 22:20 - 00001268 _____ () C:\Users\Luc\Desktop\Revo Uninstaller.lnk
2014-12-08 22:20 - 2014-12-08 22:20 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-08 22:19 - 2014-12-08 22:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Luc\Downloads\revosetup95.exe
2014-12-07 20:42 - 2014-12-07 20:43 - 00052566 _____ () C:\Users\Luc\Downloads\Addition.txt
2014-12-07 20:39 - 2014-12-14 20:03 - 00059777 _____ () C:\Users\Luc\Downloads\FRST.txt
2014-12-07 20:39 - 2014-12-14 20:03 - 00000000 ____D () C:\FRST
2014-12-07 20:39 - 2014-12-07 20:39 - 02119680 _____ (Farbar) C:\Users\Luc\Downloads\FRST64.exe
2014-12-07 18:28 - 2014-12-07 18:28 - 00000000 _____ () C:\Users\Luc\Desktop\d.txt
2014-12-04 23:54 - 2014-12-04 23:54 - 00000000 ____D () C:\found.004
2014-12-04 15:02 - 2014-12-04 15:02 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
2014-12-02 19:37 - 2014-12-02 19:37 - 17777241 _____ () C:\Users\Luc\Downloads\savethedate-1.0-win.zip
2014-12-02 19:06 - 2014-12-02 19:06 - 00000785 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Toribash.lnk
2014-12-02 19:06 - 2014-12-02 19:06 - 00000777 _____ () C:\Users\Luc\Desktop\Toribash.lnk
2014-12-02 19:04 - 2014-12-02 19:04 - 60478158 _____ (Nabi Studios Pte Ltd ) C:\Users\Luc\Downloads\Toribash-4.92-Setup.exe
2014-12-01 14:55 - 2014-12-11 23:22 - 00000000 ____D () C:\Users\Luc\Documents\FIFA 14
2014-11-28 02:00 - 2014-11-28 02:06 - 00001670 _____ () C:\Users\Luc\Documents\Englisch.lm
2014-11-28 01:58 - 2014-11-28 01:58 - 00001134 _____ () C:\Users\Luc\Desktop\ADVANCED.lnk
2014-11-28 01:57 - 2014-11-28 01:57 - 00000000 ____D () C:\Users\Luc\Documents\ADVANCED Vokabeltrainer
2014-11-28 01:57 - 2014-11-28 01:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADVANCED - Der Vokabeltrainer
2014-11-28 01:57 - 2014-11-28 01:57 - 00000000 ____D () C:\Program Files (x86)\ADVANCED Vokabeltrainer
2014-11-28 01:56 - 2014-11-28 01:56 - 03402582 _____ ( ) C:\Users\Luc\Downloads\advanced_1_12_setup.exe
2014-11-27 14:09 - 2014-11-27 14:09 - 00000222 _____ () C:\Users\Luc\Desktop\Don't Starve.url
2014-11-27 14:09 - 2014-11-27 14:09 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-26 12:00 - 2014-11-26 12:00 - 05561513 _____ () C:\Users\Luc\Downloads\paderborn-einführungsvorlesung-3-WS2014-15-ergänzung.pptx
2014-11-20 22:41 - 2014-11-20 22:41 - 00008930 _____ () C:\Users\Luc\Downloads\smime.p7s
2014-11-19 10:09 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 10:09 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 10:09 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 10:09 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-17 11:40 - 2014-11-17 11:39 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-17 11:40 - 2014-11-17 11:39 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-17 01:18 - 2014-11-17 01:31 - 00000000 ____D () C:\LetsPlay
2014-11-14 09:01 - 2014-11-14 09:01 - 00000000 _____ () C:\Users\Luc\Desktop\DeLuca.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-14 19:43 - 2012-10-15 13:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-14 19:32 - 2011-04-20 14:18 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 19:31 - 2011-04-20 14:18 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-14 19:27 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-14 19:27 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-14 19:26 - 2014-05-04 12:42 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-14 19:26 - 2010-10-10 00:35 - 01063228 _____ () C:\Windows\WindowsUpdate.log
2014-12-14 19:19 - 2014-10-14 21:04 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-14 19:19 - 2012-08-26 19:29 - 00071477 _____ () C:\Windows\setupact.log
2014-12-14 19:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 01:06 - 2011-12-24 11:30 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001UA.job
2014-12-11 23:39 - 2013-09-13 17:32 - 00000000 ____D () C:\ProgramData\Origin
2014-12-11 21:51 - 2014-07-01 16:47 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-11 13:06 - 2012-04-11 20:13 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\Spotify
2014-12-11 10:42 - 2014-05-04 12:44 - 00000000 ___HD () C:\$AVG
2014-12-11 01:08 - 2012-04-11 20:13 - 00000000 ____D () C:\Users\Luc\AppData\Local\Spotify
2014-12-10 21:59 - 2014-05-06 21:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 21:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 21:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 03:04 - 2013-03-03 16:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:02 - 2013-07-18 06:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 02:52 - 2011-05-12 19:12 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 02:48 - 2013-03-12 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-10 02:46 - 2013-03-12 22:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-10 02:46 - 2013-03-12 22:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-09 23:36 - 2012-08-27 15:58 - 00717240 _____ () C:\Windows\PFRO.log
2014-12-09 23:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-12-09 23:03 - 2010-10-10 10:20 - 00000000 ____D () C:\Windows\NAPP_Dism_Log
2014-12-09 12:28 - 2014-08-05 08:18 - 00000000 ____D () C:\Users\Luc\Desktop\Studium Paderborn
2014-12-09 09:20 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-09 09:17 - 2014-05-04 12:44 - 00000000 ____D () C:\ProgramData\AVG2014
2014-12-09 00:33 - 2014-05-04 12:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-12-09 00:21 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-09 00:17 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-08 23:53 - 2014-05-04 12:42 - 00000000 ____D () C:\Users\Luc\AppData\Local\Avg2014
2014-12-08 23:39 - 2012-08-26 17:17 - 00000000 ____D () C:\ProgramData\NexonEU
2014-12-08 23:36 - 2011-06-12 23:04 - 00000000 ____D () C:\Program Files (x86)\booddanet
2014-12-08 23:24 - 2010-07-13 12:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-08 23:08 - 2014-01-24 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge
2014-12-08 23:08 - 2014-01-24 20:35 - 00000000 ____D () C:\Program Files (x86)\Gameforge
2014-12-08 23:02 - 2014-07-06 21:57 - 00000000 ____D () C:\gamigo
2014-12-08 22:55 - 2014-07-07 13:34 - 00000000 ____D () C:\Users\Luc\AppData\Roaming\RIFT
2014-12-08 22:55 - 2014-07-07 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-12-08 22:38 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-07 20:06 - 2011-12-24 11:30 - 00001060 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001Core.job
2014-12-02 19:04 - 2012-03-31 14:11 - 00000000 ____D () C:\Games
2014-12-01 16:18 - 2013-08-12 18:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-01 14:54 - 2014-07-29 23:42 - 00000000 ____D () C:\Users\Luc\AppData\Local\Origin
2014-12-01 14:49 - 2012-10-19 11:45 - 00305375 _____ () C:\Windows\DirectX.log
2014-12-01 14:06 - 2013-09-13 17:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-27 08:10 - 2012-10-15 13:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-27 08:09 - 2012-09-15 14:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-27 08:09 - 2011-05-26 13:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 14:04 - 2012-01-20 21:12 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-18 15:47 - 2013-11-27 21:07 - 00000000 ____D () C:\Users\Luc\Desktop\Dokumente
2014-11-17 16:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-17 11:44 - 2011-04-20 19:58 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-17 11:41 - 2014-05-29 16:08 - 00000000 ____D () C:\Program Files\Java
2014-11-17 11:39 - 2014-07-01 13:19 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-17 11:39 - 2014-05-29 16:08 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-17 11:37 - 2014-07-01 13:19 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-17 11:37 - 2014-05-29 16:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-17 11:37 - 2014-05-29 16:06 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-17 11:37 - 2014-05-29 16:06 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-17 11:37 - 2013-11-03 21:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-16 23:01 - 2013-09-22 22:01 - 00000162 _____ () C:\Users\Luc\AppData\Roaming\WB.CFG
2014-11-16 20:01 - 2011-12-24 11:30 - 00004078 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001UA
2014-11-16 20:01 - 2011-12-24 11:30 - 00003682 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-583997862-3316777395-3397561109-1001Core
2014-11-16 19:26 - 2011-04-20 14:18 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-16 19:26 - 2011-04-20 14:18 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\hash.dat
C:\Users\Luc\jagex_runescape_preferences.dat
C:\Users\Luc\jagex_runescape_preferences2.dat
Some content of TEMP:
====================
C:\Users\Luc\AppData\Local\Temp\Quarantine.exe
C:\Users\Luc\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-09 12:47
==================== End Of Log ============================
Das Problem wurde wirklich behoben. Der Laptop fährt wieder normal hoch und der weiße Bildschirm erscheint nicht mehr. Daher vielen vielen Dank für die großartige Hilfe |
|
15.12.2014, 19:16
| #10 |
| /// the machine /// TB-Ausbilder | Laptop: Bildschirm wird plötzlich weiß Java, Adobe und FIrefox updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
