| |
| |||||||
Log-Analyse und Auswertung: Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.05.2015, 18:31
| #1 |
| |  Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? Hallo zusammen, ich sitze gerade vorm Computer meines Schwiegervaters und versuche ihn wieder flott zu bekommen. Im Voraus schon mal Dank für eure Hilfe. Nun zum Problem. Virenscanner hat Malware Colormedia erkannt, wird in Quarantäne verschoben, danach funktioniert Internet nicht mehr. Muß dann Systemwiederherstellung machen. Gestern Spyhunter installiert, leider vorher nicht nachgeschaut was das für ein Programm ist. Heute deinstalliert, weiß aber nicht ob alles weg ist. hier sind die FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Lutz (administrator) on LUTZ-PC on 05-05-2015 19:09:21
Running from C:\Users\Lutz\Desktop
Loaded Profiles: Lutz (Available profiles: UpdatusUser & Lutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(ASUS) C:\Windows\AsScrPro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-13]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2011-10-25]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk [2011-11-28]
ShortcutTarget: PHOTOfunSTUDIO 5.1 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={5AFB39BA-F9C4-11E2-ACAB-5404A622445E}
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> 439284A69E2B4FC7A5EAF9E3D04CB572 URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\ColorMedia64.dll [378640 2015-01-02] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 02 C:\Windows\system32\ColorMedia64.dll [378640 2015-01-02] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 03 C:\Windows\system32\ColorMedia64.dll [378640 2015-01-02] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 04 C:\Windows\system32\ColorMedia64.dll [378640 2015-01-02] (CartCrunch Israel Ltd.)
Winsock: Catalog9-x64 16 C:\Windows\system32\ColorMedia64.dll [378640 2015-01-02] (CartCrunch Israel Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-09]
CHR Extension: (YouTube) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Google Search) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Google Wallet) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-09]
CHR Extension: (Gmail) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [abfmigjiaapipflmopkaaooigcjjdojh] - C:\Program Files (x86)\LyricsContainer\130.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe [537248 2015-01-01] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-03-06] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-06-15] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-01] (G Data Software AG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-08] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 cpuz134; \??\C:\Users\Lutz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-05 19:09 - 2015-05-05 19:11 - 00025110 _____ () C:\Users\Lutz\Desktop\FRST.txt
2015-05-05 18:55 - 2015-05-05 19:09 - 00000000 ____D () C:\FRST
2015-05-05 18:49 - 2015-05-05 18:49 - 00000470 _____ () C:\Users\Lutz\Desktop\defogger_disable.log
2015-05-05 18:49 - 2015-05-05 18:49 - 00000000 _____ () C:\Users\Lutz\defogger_reenable
2015-05-05 18:36 - 2015-05-05 06:57 - 02101248 _____ (Farbar) C:\Users\Lutz\Desktop\FRST64.exe
2015-05-05 18:36 - 2015-05-05 06:55 - 00002386 _____ () C:\Users\Lutz\Desktop\Window 7 spyhunter 4 entfernen - Trojaner-Board.url
2015-05-05 18:36 - 2015-05-05 06:49 - 02716306 _____ (Thisisu) C:\Users\Lutz\Desktop\JRT.exe
2015-05-05 18:36 - 2015-05-05 06:48 - 02204160 _____ () C:\Users\Lutz\Desktop\AdwCleaner_4.203.exe
2015-05-05 18:36 - 2015-05-05 06:47 - 00464381 _____ () C:\Users\Lutz\Desktop\SpyHunterKiller.exe
2015-05-05 18:36 - 2015-05-05 06:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lutz\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-07 19:49 - 2015-04-07 19:49 - 00000000 ____D () C:\Windows\de
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\fr
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\es
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\en
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\el
2015-04-07 19:47 - 2015-04-07 19:47 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-04-07 19:47 - 2015-04-07 19:47 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\ru
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\nl
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\it
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\he
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\ar
2015-04-07 19:43 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-04-07 19:41 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-04-07 19:41 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-07 19:41 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-07 19:41 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-04-07 19:40 - 2015-04-07 19:40 - 00000379 _____ () C:\Windows\DirectX.log
2015-04-07 19:39 - 2015-04-07 19:39 - 00002155 _____ () C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-04-07 19:39 - 2015-04-07 19:39 - 00002122 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-04-07 19:39 - 2015-04-07 19:39 - 00002122 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-04-07 19:39 - 2015-04-07 19:39 - 00000000 ___RD () C:\Users\Lutz\OneDrive
2015-04-07 19:39 - 2015-04-07 19:39 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-04-07 19:39 - 2015-04-07 19:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-04-07 19:29 - 2015-04-07 19:29 - 00000000 ____D () C:\Users\Lutz\AppData\Local\{7A8CAB90-0FDB-405F-A078-CC1C639C82DB}
2015-04-07 19:26 - 2015-04-07 19:26 - 00000000 ____D () C:\Users\Lutz\AppData\Local\{E592E27A-4B34-4718-821C-0DB645F9010E}
2015-04-06 17:10 - 2015-04-06 17:10 - 00000000 ____D () C:\Users\Lutz\AppData\Local\{C2CD8D97-51F0-4CE6-B27B-B193ECF39EB3}
2015-04-06 10:23 - 2015-04-06 10:23 - 00000000 ____D () C:\Users\Lutz\AppData\Local\{8841E3B0-382C-405F-B59D-3B96C43902CB}
2015-04-05 17:04 - 2015-04-05 17:04 - 00000000 ____D () C:\Users\Lutz\AppData\Local\{F91F6F13-5A97-4F3D-8AFD-59994CD71BF0}
2015-04-05 11:27 - 2015-04-05 11:27 - 00000000 ____D () C:\Users\Lutz\AppData\Local\{31331135-5D9F-4FD7-B969-944D6B09685B}
2015-04-05 10:57 - 2015-04-05 10:57 - 00000000 ____D () C:\Users\Lutz\AppData\Local\{41D4C365-3016-46B8-A977-38C06484464A}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-05 19:09 - 2012-04-25 20:11 - 00000000 ____D () C:\Users\Lutz\AppData\Roaming\Skype
2015-05-05 19:09 - 2011-10-25 22:34 - 01969203 _____ () C:\Windows\WindowsUpdate.log
2015-05-05 19:05 - 2013-12-09 15:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-05 19:05 - 2013-07-31 11:33 - 00000406 _____ () C:\Windows\Tasks\LyricsContainer Update.job
2015-05-05 19:04 - 2013-07-31 21:31 - 00100073 _____ () C:\Windows\setupact.log
2015-05-05 19:04 - 2012-03-30 11:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-05 19:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-05 18:49 - 2011-11-26 11:06 - 00000000 ____D () C:\Users\Lutz
2015-05-05 18:39 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 18:39 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 18:38 - 2011-04-11 14:05 - 00483022 _____ () C:\Windows\system32\perfh001.dat
2015-05-05 18:38 - 2011-04-11 14:05 - 00098926 _____ () C:\Windows\system32\perfc001.dat
2015-05-05 18:38 - 2011-03-17 13:52 - 00728608 _____ () C:\Windows\system32\perfh019.dat
2015-05-05 18:38 - 2011-03-17 13:52 - 00154996 _____ () C:\Windows\system32\perfc019.dat
2015-05-05 18:38 - 2011-02-19 07:02 - 00396352 _____ () C:\Windows\system32\perfh00D.dat
2015-05-05 18:38 - 2011-02-19 07:02 - 00088912 _____ () C:\Windows\system32\perfc00D.dat
2015-05-05 18:38 - 2011-02-19 06:56 - 00610996 _____ () C:\Windows\system32\perfh008.dat
2015-05-05 18:38 - 2011-02-19 06:56 - 00115282 _____ () C:\Windows\system32\perfc008.dat
2015-05-05 18:38 - 2011-02-19 06:51 - 00412480 _____ () C:\Windows\system32\prfh0404.dat
2015-05-05 18:38 - 2011-02-19 06:51 - 00126298 _____ () C:\Windows\system32\prfc0404.dat
2015-05-05 18:38 - 2011-02-19 06:45 - 00733026 _____ () C:\Windows\system32\prfh0816.dat
2015-05-05 18:38 - 2011-02-19 06:45 - 00157060 _____ () C:\Windows\system32\prfc0816.dat
2015-05-05 18:38 - 2011-02-19 06:40 - 00747506 _____ () C:\Windows\system32\perfh013.dat
2015-05-05 18:38 - 2011-02-19 06:40 - 00157256 _____ () C:\Windows\system32\perfc013.dat
2015-05-05 18:38 - 2011-02-19 06:35 - 00744054 _____ () C:\Windows\system32\perfh010.dat
2015-05-05 18:38 - 2011-02-19 06:35 - 00151000 _____ () C:\Windows\system32\perfc010.dat
2015-05-05 18:38 - 2011-02-19 06:29 - 00749724 _____ () C:\Windows\system32\perfh00C.dat
2015-05-05 18:38 - 2011-02-19 06:29 - 00153734 _____ () C:\Windows\system32\perfc00C.dat
2015-05-05 18:38 - 2011-02-19 06:24 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2015-05-05 18:38 - 2011-02-19 06:24 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2015-05-05 18:38 - 2011-02-19 06:19 - 00749464 _____ () C:\Windows\system32\perfh00A.dat
2015-05-05 18:38 - 2011-02-19 06:19 - 00162628 _____ () C:\Windows\system32\perfc00A.dat
2015-05-05 18:38 - 2009-07-14 07:13 - 09365100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 11:17 - 2011-11-26 11:24 - 00000000 ____D () C:\Users\Lutz\AppData\Roaming\SoftGrid Client
2015-05-05 11:13 - 2013-12-09 15:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-05 10:37 - 2011-11-26 17:26 - 00000000 ____D () C:\Users\Lutz\Desktop\Diskette
2015-05-05 10:18 - 2011-11-26 11:07 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-05-05 10:18 - 2011-10-25 22:55 - 00001428 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-04 19:31 - 2015-01-02 17:44 - 00000000 ____D () C:\ProgramData\SecurityUtility
2015-05-04 18:17 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-04 18:09 - 2013-08-16 14:10 - 00369694 _____ () C:\Windows\PFRO.log
2015-05-04 17:38 - 2011-11-26 11:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-04 17:37 - 2011-12-02 13:43 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-04 17:37 - 2011-11-28 12:09 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-05-04 17:37 - 2011-11-26 11:24 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-04 17:37 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-04 17:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-04 17:36 - 2014-08-12 20:11 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2015-05-04 17:36 - 2012-07-01 15:40 - 00000000 ____D () C:\ProgramData\HP
2015-05-04 17:36 - 2012-04-25 20:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-04 17:36 - 2011-12-02 13:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-05-04 17:36 - 2011-12-02 13:43 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 17:36 - 2011-11-29 19:15 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2011
2015-05-04 17:36 - 2011-10-25 22:51 - 00000000 ____D () C:\ProgramData\P4G
2015-05-04 17:36 - 2011-04-13 04:38 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-05-04 17:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-04 17:34 - 2013-11-30 20:31 - 00000000 __RHD () C:\MSOCache
2015-05-03 11:19 - 2012-04-02 17:12 - 00000000 ____D () C:\Users\Lutz\Desktop\Mail`s
2015-04-15 10:00 - 2012-03-30 11:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 10:00 - 2012-03-30 11:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 10:00 - 2011-12-03 18:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-07 21:55 - 2013-07-31 11:33 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-1.6
2015-04-07 19:56 - 2011-11-26 11:14 - 00000000 ____D () C:\Users\Lutz\AppData\Local\Windows Live
2015-04-07 19:48 - 2011-04-13 04:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-04-07 19:46 - 2011-04-13 04:41 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-04-07 19:44 - 2011-04-13 04:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-04-07 19:42 - 2011-04-13 04:36 - 00000000 ____D () C:\Program Files\Windows Live
==================== Files in the root of some directories =======
2014-06-14 16:12 - 2014-06-14 16:12 - 0000000 _____ () C:\Users\Lutz\AppData\Roaming\gdfw.log
2014-06-14 16:12 - 2014-06-15 15:20 - 0001558 _____ () C:\Users\Lutz\AppData\Roaming\gdscan.log
2012-03-31 15:00 - 2012-03-31 15:00 - 0033134 _____ () C:\Users\Lutz\AppData\Roaming\UserTile.png
2011-12-29 19:59 - 2011-12-29 19:59 - 0017408 _____ () C:\Users\Lutz\AppData\Local\WebpageIcons.db
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2012-07-01 15:40 - 2012-07-01 15:59 - 0002376 _____ () C:\ProgramData\hpzinstall.log
2011-10-25 22:59 - 2011-10-25 22:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-10-25 22:58 - 2011-10-25 22:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-12 10:18
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by Lutz at 2015-05-05 19:12:25
Running from C:\Users\Lutz\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1443041108-445289656-2671713935-500 - Administrator - Disabled)
Gast (S-1-5-21-1443041108-445289656-2671713935-501 - Limited - Disabled)
Lutz (S-1-5-21-1443041108-445289656-2671713935-1001 - Administrator - Enabled) => C:\Users\Lutz
UpdatusUser (S-1-5-21-1443041108-445289656-2671713935-1000 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS K3 Series ScreenSaver (HKLM-x32\...\ASUS K3 Series ScreenSaver) (Version: 1.0.0002 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.13992 - Landesfinanzdirektion Thüringen)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
fotoalbum.de Editor (HKLM-x32\...\de.fotoalbum.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.6.0.1048 - myphotobook GmbH)
fotoalbum.de Editor (x32 Version: 1.6.0 - myphotobook GmbH) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.5 - G DATA Software AG)
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
NVIDIA Grafiktreiber 311.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.44 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6373 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SecurityUtility (HKLM-x32\...\SecurityUtility) (Version: 1.0.0.1244 - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TuneUp Utilities 2011 (HKLM-x32\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 16.4.3528.0331 - Корпорация Майкрософт) Hidden
Фотоальбом (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1443041108-445289656-2671713935-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443041108-445289656-2671713935-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443041108-445289656-2671713935-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443041108-445289656-2671713935-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1443041108-445289656-2671713935-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
24-04-2015 11:04:39 Windows Update
24-04-2015 19:23:45 Windows Update
25-04-2015 10:17:29 Windows Update
25-04-2015 19:02:50 Windows Update
26-04-2015 15:46:06 Windows Update
27-04-2015 10:48:28 Windows Update
27-04-2015 16:23:05 Windows Update
28-04-2015 09:40:02 Windows Update
28-04-2015 14:43:33 Windows Update
01-05-2015 09:49:42 Windows Update
01-05-2015 10:54:49 Wiederherstellungsvorgang
01-05-2015 17:45:55 Windows Update
02-05-2015 15:35:03 Windows Update
02-05-2015 18:52:31 Wiederherstellungsvorgang
02-05-2015 19:04:42 Windows Update
03-05-2015 10:58:38 Windows Update
04-05-2015 14:37:26 Windows Update
04-05-2015 17:27:04 Wiederherstellungsvorgang
04-05-2015 17:43:05 Windows Update
05-05-2015 10:24:29 Windows Update
05-05-2015 10:38:10 Windows Update
05-05-2015 18:37:36 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04560841-8BAE-4EC2-8452-5CA8619D388F} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {11FFF3CC-776B-493A-8EBE-E568D8C74F2A} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe <==== ATTENTION
Task: {15514FC1-A67F-42B4-9AAC-62ECB5C7E380} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe <==== ATTENTION
Task: {26E19EBE-0A20-4413-A471-55F9DA04FA67} - System32\Tasks\{D3D8AF08-43D6-4A7D-BDB0-5D9649F818CB} => pcalua.exe -a "C:\Program Files (x86)\Plus-HD-1.6\Uninstall.exe" -c /fromcontrolpanel=1
Task: {2C9FFEAC-4295-4B27-9E44-44546ACA1689} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {42425768-B8E0-4925-BF54-D6E7805EF729} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1443041108-445289656-2671713935-1001
Task: {436E0AA3-8121-49FC-ABA2-4A83630DE4D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {4EA3CA03-9B84-4516-B90F-1AB8D46CE7B4} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {56489018-5EBD-4142-9057-73EEBCED20E0} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {5873473B-630F-4477-9529-4FEE3A42815E} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe <==== ATTENTION
Task: {589BF64D-3260-4011-A293-2B8B1B668DE2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {68D282E0-EBBF-4135-A194-9957A4538D1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: {6A8E623D-37F3-48AC-AF9C-9B0FC26D469A} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe <==== ATTENTION
Task: {72521970-F098-43E1-92D1-AEAA12472490} - System32\Tasks\{167C4710-8140-4C23-B1A6-62965BD9509D} => pcalua.exe -a "C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe" -c /uninstallProduct /addon:incredimail
Task: {836A04C8-9184-45AB-A21F-A1F1EB140436} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {C4A7541F-66AA-4517-BA8D-9315DE4F1DC4} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS)
Task: {CEEA6E64-0E92-4154-9B1E-BE1C93812F03} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {CF6902AB-4A45-458B-814D-41D36E21F099} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D196AEFD-6611-4460-94DD-848115537D69} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)
Task: {F1B74004-229A-4C97-B0CA-B649E099A8B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe/installcrx /agentregpath='Plus-HD-1.6' /extensionfilepath C:\Program Files (x86)\Plus-HD-1.6\32002.crx' /appid=32002 /srcid='000250' /subid='0' /zdata='0' /bic=860FA8591C38438BBD4438DBF92EEF30IE /verifier=09a23235feaa74a27066ae29a37f0ead /installerversion=1_27_153 /installerfullversion=1.27.153.10 /installationtime=1375263226 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe±/reinstallapp /agentregpath='Plus-HD-1.6' /appid=32002 /srcid='000250' /subid='0' /zdata='0' /bic=860FA8591C38438BBD4438DBF92EEF30IE /verifier=09a23235feaa74a27066ae29a37f0ead /installerversion=1_27_153 /installerfullversion=1.27.153.10 /installationtime=1375263226 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com /codedownloaddomain=http:/app-static.crossrider.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe…/enablebho /agentregpath='Plus-HD-1.6' /appid=32002 /srcid='000250' /subid='0' /zdata='0' /bic=860FA8591C38438BBD4438DBF92EEF30IE /verifier=09a23235feaa74a27066ae29a37f0ead /installerversion=1_27_153 /installationtime=1375263226 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exeä/runupdater /agentregpath='Plus-HD-1.6' /appid=32002 /srcid='000250' /subid='0' /zdata='0' /bic=860FA8591C38438BBD4438DBF92EEF30IE /verifier=09a23235feaa74a27066ae29a37f0ead /installerversion=1_27_153 /installationtime=1375263226 /statsdomain=http:/stats.statsdatasrv.com /errorsdomain=http:/errors.statsdatasrv.com /monetizationdomain=http:/stats.myappsync.com /geoserviceurl=http:/ipgeoapi.com/ /updatejsondomain=http:/update.statsdatasrv.com <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2013-07-31 20:40 - 2013-03-14 08:28 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2015-01-02 17:45 - 2015-01-01 16:29 - 00537248 _____ () C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
2011-07-07 08:10 - 2011-05-05 14:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-07-07 08:12 - 2011-01-27 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2010-04-03 04:21 - 2008-10-01 08:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-09-24 01:53 - 2010-09-24 01:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2009-11-02 23:20 - 2009-11-02 23:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 23:23 - 2009-11-02 23:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-08-31 16:33 - 2011-08-31 16:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:029E021F
AlternateDataStreams: C:\ProgramData\Temp:981884E7
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{4C5927B2-9427-4653-AF6C-54351AC924EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{F3192D59-4F18-4E00-82A1-B98120CA010C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1BEBF878-90DE-49E1-8154-A6711BA19675}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{89BA54AE-900F-444A-8564-78F239CDCCD2}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{CAA5ACE4-7129-4F39-84C9-847067D16DB0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{691A55EE-06F3-4708-ADB8-80D95DA86BE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B7BCEBAF-AC1F-4E08-BD92-090A92B7D20E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{706FD852-1B95-41CB-BF31-F8A3C0EAB494}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{938684EC-E3CB-4EFF-972C-B8E9347BE7A9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{EC2176A1-77A0-4D4E-85F6-BA31D1C28BA5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{5D8AF023-CD69-4001-AD56-F91BA1865BFD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{37530708-28EB-42C8-8C82-41FE8F62A7D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{778E7C19-08D3-4AE5-8679-CED0210F2BD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{7C348D34-1CA8-4DF2-9F98-99598D064681}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{87D4CB71-107A-488B-8208-635724AE8B84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C0472B4C-35B6-4796-B3BC-01F058EE3C8B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{4D05B1A9-AF24-4993-9B72-60CDE9BE59C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{241CF9D3-51AC-4BF8-821B-2A48B8D74DB3}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{6EB6AFE2-81D5-4AD0-8F2F-DEB4F69843BA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{04C095BE-E72C-4932-A2EA-453F121ADE4C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{8C4BE1CC-21C6-43BB-B4C4-A2AAD335ACD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{D570C742-B094-4FC5-B22A-3B6E1C8DF7B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{8D601BE7-40BF-4A58-A9A0-753BEE31D336}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{AB091161-48BC-4961-97D5-BB88E271319B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{0930A008-738F-4629-B1A2-D05A2C8AFD39}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{818163CD-6B26-4A0B-BAA1-1E2694EE5B78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{68DB165E-16CE-4D78-89F7-FEAA168EA645}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F8B844F7-2D31-482B-BA6D-3BA1677D42D7}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{90BFCD58-4AFD-45EE-B006-65C194C0FB5D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{0C45581B-FBFA-4A4F-8573-9D02BB611868}] => (Allow) C:\Users\Lutz\AppData\Local\Temp\IMsetup.exe
FirewallRules: [{10ABF1D0-5B7A-42F0-85D3-DF21C4CE373E}] => (Allow) C:\Users\Lutz\AppData\Local\Temp\IMsetup.exe
FirewallRules: [{7C0F2C0C-42E3-4199-AE37-7809D01980CC}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{3BEE367E-EF1B-4BE6-B9FE-ACCEA5B394CB}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{4F15AC6B-73CF-436D-A486-23C72CA8E1BB}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{D0CA9C27-3831-422D-9AF7-DD9C24C8D4AB}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{2081DD0C-0AC6-4A25-A7CA-C6102C9B7D3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C2CA5959-9CC3-49D0-8A5C-CDE04A1E0D2B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E8B312F9-2499-43C9-A34B-2D2555CFC9D0}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{010FDB3C-9D93-49F7-A274-E2FCC7B18144}] => (Allow) C:\Users\Lutz\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E1BCCFB6-2C6E-4ED6-B81C-0F9F528F5D25}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{93600615-CABE-4A77-9F24-63063A60865B}] => (Allow) LPort=2869
FirewallRules: [{E8F81886-7992-48DA-8ED9-BD32E8BB7172}] => (Allow) LPort=1900
FirewallRules: [{5E94AB2A-E625-4AC2-907A-263F74360123}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/04/2015 06:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GDFwSvcx64.exe, Version: 4.1.14233.221, Zeitstempel: 0x53f54e26
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0xddc
Startzeit der fehlerhaften Anwendung: 0xGDFwSvcx64.exe0
Pfad der fehlerhaften Anwendung: GDFwSvcx64.exe1
Pfad des fehlerhaften Moduls: GDFwSvcx64.exe2
Berichtskennung: GDFwSvcx64.exe3
Error: (05/04/2015 06:42:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKTray.exe, Version: 25.0.14140.245, Zeitstempel: 0x537ab872
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xc833ec4a
ID des fehlerhaften Prozesses: 0xffc
Startzeit der fehlerhaften Anwendung: 0xAVKTray.exe0
Pfad der fehlerhaften Anwendung: AVKTray.exe1
Pfad des fehlerhaften Moduls: AVKTray.exe2
Berichtskennung: AVKTray.exe3
Error: (05/04/2015 06:29:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
Error: (05/04/2015 06:17:50 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (05/04/2015 06:09:51 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (05/04/2015 05:30:31 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Wiederherstellungsvorgang). Zusätzliche Informationen: 0x80070570.
Error: (05/03/2015 11:21:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKTray.exe, Version: 25.0.14140.245, Zeitstempel: 0x537ab872
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0xc833ec4a
ID des fehlerhaften Prozesses: 0xfd4
Startzeit der fehlerhaften Anwendung: 0xAVKTray.exe0
Pfad der fehlerhaften Anwendung: AVKTray.exe1
Pfad des fehlerhaften Moduls: AVKTray.exe2
Berichtskennung: AVKTray.exe3
Error: (05/02/2015 07:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14287.174, Zeitstempel: 0x543c744f
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14287.175, Zeitstempel: 0x543c7471
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e512
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Error: (05/01/2015 05:45:05 PM) (Source: GDScan) (EventID: 0) (User: )
Description: Exception caught while calling m_pfDoEngineUpdate2Ex. MiniDump created in file C:\ProgramData\G Data\AVK\Log\CAVKScanPWrapperEx__DoEngineUpdate2_1643c_mini.dmp
Error: (05/01/2015 05:42:21 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Die Systemwiederherstellung wurde nicht ausgeführt, da das System neu gestartet wurde, ein Stromausfall aufgetreten ist oder das System nicht mehr reagiert. Zusätzliche Informationen: (Windows Update).
System errors:
=============
Error: (05/05/2015 07:07:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {1DED95CA-C567-464A-B405-087EDDF0B095}
Error: (05/05/2015 07:07:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/05/2015 07:07:20 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/05/2015 07:06:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {BCB3CC02-761B-4C74-8B04-891A31034D19}
Error: (05/05/2015 07:04:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.05.2015 um 19:02:46 unerwartet heruntergefahren.
Error: (05/05/2015 06:34:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/05/2015 06:34:12 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/05/2015 06:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/05/2015 06:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/05/2015 06:29:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (05/04/2015 06:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GDFwSvcx64.exe4.1.14233.22153f54e26ntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102ddc01d08685e3a9acfaC:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exeC:\Windows\SYSTEM32\ntdll.dll5b010af8-f27d-11e4-9638-5404a622445e
Error: (05/04/2015 06:42:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKTray.exe25.0.14140.245537ab872unknown0.0.0.000000000c0000005c833ec4affc01d086860d483c44C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exeunknown7f30f8aa-f27c-11e4-9638-5404a622445e
Error: (05/04/2015 06:29:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Error: Initialization failed 0x80080005 Type: 88::UnexpectedError.
Error: (05/04/2015 06:17:50 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (05/04/2015 06:09:51 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
Error: (05/04/2015 05:30:31 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Wiederherstellungsvorgang0x80070570
Error: (05/03/2015 11:21:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKTray.exe25.0.14140.245537ab872unknown0.0.0.000000000c0000005c833ec4afd401d0857ed4147e8aC:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exeunknownd8f12a2d-f175-11e4-bdfa-5404a622445e
Error: (05/02/2015 07:41:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKProxy.exe1.5.14287.174543c744favkhttp.dll25.0.14287.175543c7471c00004170008e5127e801d084fe6c7c4a01C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dll6b608461-f0f2-11e4-b7c6-5404a622445e
Error: (05/01/2015 05:45:05 PM) (Source: GDScan) (EventID: 0) (User: )
Description: Exception caught while calling m_pfDoEngineUpdate2Ex. MiniDump created in file C:\ProgramData\G Data\AVK\Log\CAVKScanPWrapperEx__DoEngineUpdate2_1643c_mini.dmp
Error: (05/01/2015 05:42:21 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Windows Update
CodeIntegrity Errors:
===================================
Date: 2015-05-04 18:17:35.407
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NETwNs64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-04 18:17:34.565
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\NETwNs64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-15 12:20:59.456
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 12:20:59.456
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 12:20:59.426
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 12:20:59.416
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 12:18:24.926
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-15 12:18:24.826
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-14 10:09:13.581
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-14 10:09:13.565
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 83%
Total physical RAM: 8102.7 MB
Available physical RAM: 1330.53 MB
Total Pagefile: 16203.57 MB
Available Pagefile: 8369.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:122.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Foto) (Fixed) (Total:254.45 GB) (Free:222.38 GB) NTFS
Drive r: (RECOVERY) (Fixed) (Total:24.98 GB) (Free:8.58 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=0C)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
Geändert von kranni (05.05.2015 um 19:15 Uhr) |
|
05.05.2015, 19:54
| #2 |
| /// the machine /// TB-Ausbilder    | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? Hi,
__________________Scan mit Combofix
__________________ |
|
05.05.2015, 20:59
| #3 |
| | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? hier der combofix.txt:
__________________Code:
ATTFilter ComboFix 15-04-28.01 - Lutz 05.05.2015 21:38:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8103.6006 [GMT 2:00]
ausgeführt von:: c:\users\Lutz\Desktop\ComboFix.exe
AV: G DATA INTERNET SECURITY *Disabled/Updated* {545C8713-0744-B079-87F8-349A6D5C8CF0}
FW: G DATA Personal Firewall *Disabled* {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
SP: G DATA INTERNET SECURITY *Disabled/Updated* {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Roaming
c:\windows\msdownld.tmp
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-05 bis 2015-05-05 ))))))))))))))))))))))))))))))
.
.
2015-05-05 19:47 . 2015-05-05 19:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-05-05 19:47 . 2015-05-05 19:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-05 16:55 . 2015-05-05 17:13 -------- d-----w- C:\FRST
2015-05-04 17:28 . 2015-05-05 19:41 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F345CA23-712B-4A3B-AE99-C4A65D5A787E}\offreg.dll
2015-04-07 17:49 . 2015-04-07 17:49 -------- d-----w- c:\windows\de
2015-04-07 17:48 . 2015-04-07 17:48 -------- d-----w- c:\windows\en
2015-04-07 17:48 . 2015-04-07 17:48 -------- d-----w- c:\windows\el
2015-04-07 17:48 . 2015-04-07 17:48 -------- d-----w- c:\windows\es
2015-04-07 17:48 . 2015-04-07 17:48 -------- d-----w- c:\windows\fr
2015-04-07 17:47 . 2015-04-07 17:47 -------- d-----w- c:\windows\he
2015-04-07 17:47 . 2015-04-07 17:47 -------- d-----w- c:\windows\it
2015-04-07 17:47 . 2015-04-07 17:47 -------- d-----w- c:\windows\nl
2015-04-07 17:47 . 2015-04-07 17:47 -------- d-----w- c:\windows\ru
2015-04-07 17:47 . 2015-04-07 17:47 -------- d-----w- c:\windows\ar
2015-04-07 17:43 . 2014-03-31 19:06 58056 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2015-04-07 17:41 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2015-04-07 17:41 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2015-04-07 17:41 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2015-04-07 17:41 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2015-04-07 17:41 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2015-04-07 17:41 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2015-04-07 17:41 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2015-04-07 17:41 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2015-04-07 17:39 . 2015-04-07 17:39 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2015-04-07 17:39 . 2015-04-07 17:39 -------- d-----r- c:\users\Lutz\OneDrive
2015-04-07 17:39 . 2015-04-07 17:36 6081224 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\6619a70c1d0715902\onedrivesetup.exe
2015-04-07 17:39 . 2015-04-07 17:39 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-04-07 17:36 . 2015-04-07 17:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\680b26a51d0715904\DSETUP.dll
2015-04-07 17:36 . 2015-04-07 17:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\680b26a51d0715904\DXSETUP.exe
2015-04-07 17:36 . 2015-04-07 17:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\680b26a51d0715904\dsetup32.dll
2015-04-07 17:36 . 2015-04-07 17:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\677eb5751d0715903\DSETUP.dll
2015-04-07 17:36 . 2015-04-07 17:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\677eb5751d0715903\DXSETUP.exe
2015-04-07 17:36 . 2015-04-07 17:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\677eb5751d0715903\dsetup32.dll
2015-04-07 17:36 . 2015-04-07 17:36 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\64fc01eb1d0715901\DSETUP.dll
2015-04-07 17:36 . 2015-04-07 17:36 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\64fc01eb1d0715901\DXSETUP.exe
2015-04-07 17:36 . 2015-04-07 17:36 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\64fc01eb1d0715901\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-05 08:18 . 2011-11-26 09:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
2015-04-15 08:00 . 2012-03-30 09:34 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 08:00 . 2011-12-03 16:43 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-07 17:42 . 2010-06-24 18:33 23768 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-03-06 10:10 . 2014-06-15 13:21 64512 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-07 17:39 223432 ----a-w- c:\users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-07 17:39 223432 ----a-w- c:\users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-07 17:39 223432 ----a-w- c:\users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-02-26 31344744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2014-05-20 1756792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2011-10-25 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
PHOTOfunSTUDIO 5.1 HD Edition.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 5.1 HD\PHOTOfunSTUDIO.exe" [2011-11-28 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Reader\Ereg\Ereg.ini"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SecurityUtility Service;SecurityUtility Service;c:\programdata\SecurityUtility\SecurityUtilitySrv.exe;c:\programdata\SecurityUtility\SecurityUtilitySrv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz134;cpuz134;c:\users\Lutz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Lutz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys;c:\windows\SYSNATIVE\drivers\GDBehave.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 GDKBFlt;G Data GDKBFlt Driver;c:\windows\system32\drivers\GDKBFlt64.sys;c:\windows\SYSNATIVE\drivers\GDKBFlt64.sys [x]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys;c:\windows\SYSNATIVE\drivers\MiniIcpt.sys [x]
S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys;c:\windows\SYSNATIVE\drivers\gdwfpcd64.sys [x]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys;c:\windows\SYSNATIVE\drivers\GRD.sys [x]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys;c:\windows\SYSNATIVE\drivers\HookCentre.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [x]
S2 AVKService;G DATA Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [x]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [x]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]
S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:00]
.
2015-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09 13:14]
.
2015-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-09 13:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-04-07 17:39 262344 ----a-w- c:\users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-04-07 17:39 262344 ----a-w- c:\users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-04-07 17:39 262344 ----a-w- c:\users\Lutz\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
.
------- Dateityp-Verknüpfung -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-05 21:50:21
ComboFix-quarantined-files.txt 2015-05-05 19:50
.
Vor Suchlauf: 11 Verzeichnis(se), 130.665.619.456 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 130.093.215.744 Bytes frei
.
- - End Of File - - BB02593FFDD5114BC88C756A83CE3596
|
|
06.05.2015, 08:52
| #4 |
| /// the machine /// TB-Ausbilder | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.05.2015, 18:34
| #5 |
| | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? So, weiter geht's. Hier die angeforderten Logfiles: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.05.2015 Suchlauf-Zeit: 18:20:16 Logdatei: mbamlog.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.06.03 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Lutz Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 427111 Verstrichene Zeit: 19 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe, 2552, Löschen bei Neustart, [2249e4ac2565e55128380dbafc071de3] Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 75 PUP.Optional.SweetPacks.A, HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [aac19bf57d0d979fa25f36541ee54eb2], PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [aac19bf57d0d979fa25f36541ee54eb2], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\IB Updater, In Quarantäne, [b5b607897a101e18678ea169e61e758b], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0032002.Sandbox, In Quarantäne, [91daf0a0ed9d9c9a9ad0b3448e757f81], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0032002.Sandbox.1, In Quarantäne, [e6859ef2e1a948eef6749c5bc53e21df], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [05664f4111796acc10e4d436cf35bf41], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\IB Updater, In Quarantäne, [6803f29edeacbc7a857028e2d034f709], PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\Plus-HD-1.6, In Quarantäne, [2d3ebed20882b97dacf04fcfe32141bf], PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, In Quarantäne, [94d7830d9ded0f27a268c9177291c838], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032002.Sandbox, In Quarantäne, [2546454bf09a270f086250a708fbed13], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0032002.Sandbox.1, In Quarantäne, [8be02b654644c76f84e612e552b1837d], PUP.Optional.AdLyrics.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\abfmigjiaapipflmopkaaooigcjjdojh, In Quarantäne, [d596523e444675c10ffdd11e1be8f808], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [c0abace4f8926ec86391ac5ebb499070], PUP.Optional.SecurityUtility.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityUtility Service, In Quarantäne, [e08b7a161e6cfa3c8991b6217d869b65], PUP.Optional.SweetIM.A, HKU\S-1-5-18\SOFTWARE\SweetIM, In Quarantäne, [412a0b856a20e452e8217e62e51e3cc4], PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, In Quarantäne, [1f4c3a563654d561bcee191fec194eb2], PUP.Optional.SweetIM.A, HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\SweetIM, In Quarantäne, [f378c7c9a6e48caace3b3fa16e957789], PUP.Optional.PlusHD.A, HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-1.6, In Quarantäne, [1a51c2cea0eace6825c0fb1494708a76], PUP.Optional.PriceGong.A, HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [4a21aee2315981b5f2045a8a35ce0bf5], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Plus HD, In Quarantäne, [f477b2de2e5cc175179f8968ff04a858], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1B0071C9-831E-43DD-9EFE-722D8AEB9E2E}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5217E897-1728-4B11-BC9D-5405AD551BEF}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6073385E-A128-4464-9DFD-C7CF0F39A492}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{81E47395-D310-4064-B963-844C4088AB76}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{83E41C3D-190A-4052-A046-269722F3B4FD}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A62D52D9-1E41-4772-A794-71B9B92AA014}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D1C116A0-DC17-4257-9190-033AE10F90B9}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{ED5B55CA-994B-42B9-93B6-1FD306925967}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FB7F9DF6-2A66-444F-BA5D-2F221F1B1AC8}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B8D1E62C-5D04-4AB0-A09E-688FF75743EF}, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SecurityUtility, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], Registrierungswerte: 5 PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [76f5563a8bff290df0d1df6dd82bad53], PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [76f5563a8bff290df0d1df6dd82bad53] PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\IB Updater\Firefox, In Quarantäne, [76f5563a8bff290df0d1df6dd82bad53] PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [1f4ca2ee860455e1d5ecae9e8b78c937], PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [1f4c3a563654d561bcee191fec194eb2] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 6 PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-1.6, In Quarantäne, [d89397f9dfab81b5d318f2aef70cc13f], PUP.Optional.IBUpdater, C:\Program Files\IB Updater, In Quarantäne, [0a61c2cec2c80d29d05ebbf0cc37cf31], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility, Löschen bei Neustart, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, In Quarantäne, [9dce4d432e5c1f17e7749e2dcd36946c], Dateien: 80 PUP.Optional.Incredibar.A, C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, In Quarantäne, [16558709a5e587af22d14bbff0147f81], PUP.Optional.Incredibar.A, C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage-journal, In Quarantäne, [79f277192c5e4bebd81bbe4c9d67b44c], PUP.Optional.ColorMedia.A, C:\Windows\SysWOW64\ColorMedia.ini, In Quarantäne, [e883ff91fa90b6800cba4213ed1810f0], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\ColorMediaOff.ini, In Quarantäne, [65061878f49678be61664f0616ef13ed], PUP.Optional.Winsock.HijackBoot, C:\Windows\SysWOW64\ColorMediaOff.ini, In Quarantäne, [8edd3d53b9d146f0ac1bdf76e124e917], PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\ColorMedia64.dll, Löschen bei Neustart, [88e3167a90fa46f055af035b798ccc34], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\f.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\1.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\10020.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\11.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\11343.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\15441.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\15741.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\1728.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\21684.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\2229.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\2260.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\2486.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\2501.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\371.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\41.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\4207.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\4489.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\4941.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\5359.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\6704.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\7031.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\8206.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\83.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\9514.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\a.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\b.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\c.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\d.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\e.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\g.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\h.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\i.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\j.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\k.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\l.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\m.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\mru.xml, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\n.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\o.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\p.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\q.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\r.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\s.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\t.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\u.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\v.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\w.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\wlu.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\x.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\y.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PriceGong.A, C:\Users\Lutz\AppData\LocalLow\PriceGong\Data\z.txt, In Quarantäne, [1f4cf69ac2c82a0cb26a544a9b68ed13], PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-1.6\background.html, In Quarantäne, [d89397f9dfab81b5d318f2aef70cc13f], PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-1.6\Installer.log, In Quarantäne, [d89397f9dfab81b5d318f2aef70cc13f], PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6.ico, In Quarantäne, [d89397f9dfab81b5d318f2aef70cc13f], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia.tlb, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMedia64.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ColorMediaCrt.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\freebl3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libnspr4.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplc4.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\libplds4.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nss3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssckbi.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssdbm3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\nssutil3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RfndNSIS.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\RgsBTMedia.ini, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe, Löschen bei Neustart, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\smime3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\softokn3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\sqlite3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\ssl3.dll, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.SecurityUtility.A, C:\ProgramData\SecurityUtility\uninstall.exe, In Quarantäne, [2249e4ac2565e55128380dbafc071de3], PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe, In Quarantäne, [9dce4d432e5c1f17e7749e2dcd36946c], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 06/05/2015 um 18:51:39
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Lutz - LUTZ-PC
# Gestarted von : C:\Users\Lutz\Desktop\AdwCleaner_4.203.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Yahoo! Companion
Ordner Gelöscht : C:\ProgramData\SecurityUtility
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Lutz\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Lutz\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Lutz\AppData\Roaming\Systweak
Datei Gelöscht : C:\Windows\Reimage.ini
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\ColorMedia64.dll
Datei Gelöscht : C:\Users\Lutz\AppData\LocalLow\SkwConfig.bin
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Reimage
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Reimage
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Google Chrome v
[C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [5634 Bytes] - [06/05/2015 18:47:13]
AdwCleaner[S0].txt - [5316 Bytes] - [06/05/2015 18:51:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5375 Bytes] ##########
Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 06/05/2015 um 18:47:13
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Lutz - LUTZ-PC
# Gestarted von : C:\Users\Lutz\Desktop\AdwCleaner_4.203.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Lutz\AppData\LocalLow\SkwConfig.bin
Datei Gefunden : C:\Windows\Reimage.ini
Datei Gefunden : C:\Windows\System32\ColorMedia64.dll
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\SecurityUtility
Ordner Gefunden : C:\ProgramData\Yahoo! Companion
Ordner Gefunden : C:\Users\Lutz\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Lutz\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Lutz\AppData\Roaming\Systweak
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gefunden : HKCU\Software\Reimage
Schlüssel Gefunden : [x64] HKCU\Software\IM
Schlüssel Gefunden : [x64] HKCU\Software\ImInstaller
Schlüssel Gefunden : [x64] HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : [x64] HKCU\Software\Reimage
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\ImInstaller
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\systweak
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Reimage
Schlüssel Gefunden : HKU\.DEFAULT\Software\IM
Schlüssel Gefunden : HKU\.DEFAULT\Software\ImInstaller
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Google Chrome v
[C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Web data] - Gefunden [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [5460 Bytes] - [06/05/2015 18:47:13]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5519 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.8 (05.06.2015:1)
OS: Windows 7 Home Premium x64
Ran by Lutz on 06.05.2015 at 19:08:23,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102}
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{00228762-D408-41CB-945A-826AF38FEADC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0089BFF7-C2A0-478B-A624-ED15FE29B9E5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{011AE12F-A006-47DB-BA0A-51322C88B043}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{01ABB607-58DA-43B3-A742-70B07A73D46A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{01E0B736-5F6C-44DD-A621-BD29736F4A7C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{027514CA-7A66-407A-B0AB-A7C32F0F85B1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{02AD129D-654F-4EC9-997C-274BAB0B68BA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{03E5BF50-C7E2-4998-8FA0-6D7C2348A584}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{04770B87-1538-40FA-BAE2-ECFF61AC2CC3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{047DE785-7A15-4F14-8CA9-3980A2EDC5FB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{04912E25-3EF8-48F7-8164-4A56643B52F2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{05AD5711-9668-49DB-B8D5-182C8A2E2D20}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{075027ED-2E13-4F02-99A8-28EB6AB74EB1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0760B98F-713A-42D5-99E7-DB025BCD0D5B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{076524E9-4672-41C1-ADF3-31B30BD46EDA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{08179FC3-E440-4495-A0A9-A41F6EBEFADD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{08683B63-0ED0-4874-ABAF-39B51AEBD168}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0870FEBD-F7BB-497D-B61B-4715336B5083}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{08E5E83D-590F-4D14-9091-A03B996B3946}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{096CAEA6-FCF6-4486-BE8F-C6F517F5A5A9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{09F57561-D8E9-4EB0-833D-EF0B7A750589}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0A6690AF-018E-447B-A7BC-CC7EE5F574A9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0B4075E6-A609-48A3-B465-313F54EA3141}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0B654B42-FE37-4FB6-9351-EC43A9FA0359}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0BBC9610-1B90-4733-9F35-7F2F474020B6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0C299226-10A1-4E98-B322-316A1C933633}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0C2C0D9F-B7A4-47A3-B05B-7A9DB1E0EFCC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0C8A338E-B0E7-4DF1-8841-5831DE171C95}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0CD99BE0-A18C-442A-BBB1-268CCD687BDF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0CDA35B7-E362-46E9-83B6-ED861FA922D6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0D0ADD15-36B8-4DF6-95A0-05F3FBDFFD89}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0D4DEC5B-F324-409E-B635-A4C4B464AD15}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0D74F0AB-08FF-42A6-8D89-DB6AA0F3ED8D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0E7C4422-0F92-41D7-A283-6329B7971600}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0EADF710-C52E-4634-A291-650695904AB6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0ECA77C0-1430-435B-B4A6-FC287114BF3C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0ED222BC-C040-4BBA-831C-3429374E4763}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0EED590C-B239-4872-8ACE-B578E29B5B54}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{0FAE02DE-3AA5-48C9-83A7-D3E5B6CF266E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{109731E0-1F0F-4A47-8F75-9CDED4479B55}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{11632CF5-CF88-44C9-B690-44121ABD4082}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{11B431FD-5990-40D8-B971-C3B1F269D408}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{11C8BF09-9781-471F-B609-FB15C12FFA8A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{134AD237-2F4A-4B22-8995-752F33690301}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{134E94BD-D791-4C2D-8E8A-75D214ADFE35}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1357EB0F-03F2-4A92-80AE-A7FFA3E389A6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{13C357F8-5342-4FA2-A6E5-F3C419F46F69}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{13F90455-BD17-488F-AD95-5BF794B1761B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{141F0FBB-230F-48E8-8E91-FF57507814CD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{14945A5C-F406-4361-8182-FA1B7967F743}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{14C5F1B0-665A-4594-B64C-8076B271CC6F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{14D5953C-2DFF-44E7-BCC2-32DEF8A0DF86}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{150F26A7-8DC5-4DC9-BEF9-13DD3DB3DCE9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{150F8DEC-4056-460D-97A6-F8978AB8F42A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{15D82488-42CA-4B5C-8F4B-7DFF2286B5A7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{161DB443-F0D3-48DA-9564-9D6D4E176DDC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{164A28FF-ACD9-4029-8CA0-9323F431DCDC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{166C8797-0F6A-4ED6-BDA3-A7B2E9450712}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{16F772DD-DC4A-4376-94DF-F3AE0C4B05ED}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1744FBBC-7B05-4FA2-A1C6-52EA8D3A58C7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1864AF48-54DE-4102-A5CE-CB2DA16F47D8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{18B593BF-693D-4434-8B38-289E5A7333F3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{19037F89-E13B-4329-B6FC-34EE9063036A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{199F539F-EB8D-4467-A41E-557814E8C6B7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1A78473A-3672-4437-A9F3-47002D1532FF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1A8D96BC-1996-4511-8460-757D299122AF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1B281475-AF8A-481D-B5F9-5EB9759AED78}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1B4EBBAD-7201-41CA-A8AB-47F3CE0B6BE7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1BB20B31-82DB-446D-A2FD-3515B650E9BD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1BBD496C-8B21-4C9E-8B5A-B03F03886375}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1C731AB4-C749-4D25-A1B0-65A27EC49E89}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1CC381AC-FFD7-401D-9F30-FACA090445DA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1D1841BA-506B-49C1-9F85-D7523D51E2DC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1DF724BC-30B2-4FA9-B573-D07A04237FBF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1E14758A-BA96-4670-B1DB-7CFD3F580F60}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{1E72DE90-6CFD-4ACC-B72A-F5B73E69C178}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{21EF1B76-8497-43D5-A894-9F26C49211C2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{23BD60A3-1DE9-43FA-AF2F-7BA75C125925}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{240176A4-BC2C-48F1-9777-4FA35DA8F528}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{249D62BA-96F6-4CDD-9E70-C89EA6D890F2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{250A30AA-6AA4-4A7B-B036-9F2206C72BB2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{25130FDA-C70E-47B0-951C-489306936124}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{255282FC-F3E6-4FBE-8C2E-89B2DA7EE848}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{25D9B55E-C981-4948-9BF3-48C672CE9CBB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{25EFD114-EE6B-4983-B47B-36038C40F801}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{263F6286-FFC0-4D79-B442-1FC0D67EAB68}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{289B6842-B5DF-4A1F-B7A3-3F5802E3A0FD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{28E5400A-56F5-47D6-AEF2-9268DF287E37}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2A292A89-5104-441B-92A1-573931ECAE51}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2A45BF48-BC29-41F2-BEF2-F2C4C66DA458}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2A5097B9-48B2-40E8-8E70-99D8AAE80070}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2AD29CD2-5106-47D6-BB1D-F90013012F64}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2B52719D-563E-46B1-B68B-C7428B0B63F3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2B90A6A8-3921-4FDD-BA4E-BE345FC4FDE8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2B95CC86-4D19-4C6D-955A-C1DBF80CDD9A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2BC7F2DF-E43D-4014-A261-2146444BD00F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2C760DEA-812A-447C-BEC3-9E793ECFB749}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2D29B236-1D63-4219-984B-27D352A03EC0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2E1EF874-E949-47DB-ADDB-6FE94930BAC1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2F279461-165C-4F5D-8926-48349C11E4B6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2F41E221-4B0F-4974-888E-ABE7B46229B9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{2FA81656-C9AE-4266-8BA3-59C81735FD5B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{30509F3C-8CF8-4F92-9D22-EEEDEA7D43B2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{30639E40-57EB-413F-8E1A-E18711457C20}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{31331135-5D9F-4FD7-B969-944D6B09685B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3214D8EC-5994-47EE-B6B5-2A61CD6316A1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{327528B2-4E55-4B66-8B93-D0DEFCF1D727}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3279C064-CA34-4BD7-B827-3A18C524D999}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3400EF32-8D23-4267-BD2A-665863AF7CA0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{35E20F64-3783-4613-BAF0-AF77C9609964}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{35F0C909-0435-45C1-9E91-A95ED1EB1820}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{36A68B67-11A4-47DF-B1AB-77D8C87E809F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3877AEE5-3C6B-45AA-A20A-CA18D9618C17}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{396AF0B9-248A-4FCC-9E5E-DC77296DED21}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{39FA90FA-C4E8-4497-B333-828F358A0DED}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3A319D33-814D-46B8-9CAA-1166BC8F5577}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3A5DC4B1-8270-4815-8DAF-7A3245A08BEA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3AFDEBC3-F7AC-4DDE-81E4-86D5D3DAEAE6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3BA72348-9B20-4931-A560-57BBEA68315F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3BC9626A-CFA3-4692-9A7E-AEBE046B3CD7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3BF3FA3F-F19A-4AE7-A267-BA9A5DE4E6C3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3C8B0C38-A90F-436E-B3B0-31C92E343266}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3DCE2720-E2D0-47DE-98B6-462D3C65B414}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3DFFF716-897F-49F0-9B7C-3D8CF62781C2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3EB54535-1FDB-43A3-B8C2-20382BABBC91}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3EEF2610-AB66-4B48-80D1-348910068480}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3F15B547-87E4-405C-AFDA-46E5FC784DAC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3F198758-07AA-4484-B415-577E6B49B15F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3FAB3628-B995-41FB-9045-7A01069ED645}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{3FAF442E-C7D5-4FA0-ADF5-D7D548D44D3F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{400BCA30-5876-4EC0-86C3-64715CD62D9E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{408D9728-3C17-4D8B-BE7D-AE5D9F264AE0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{40ABE2C9-FA9B-47AC-B683-A581EF21662C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{413CA059-830A-4A9E-8595-9C1DD5C1ECD4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{41D4C365-3016-46B8-A977-38C06484464A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{42225682-AF18-49D9-8CC8-9D856ED30AF2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{422470F7-979D-45AE-B8ED-95B3D66198FD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{422D0807-1E2A-4324-A73B-FE4A0E7921A1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{42432818-12D8-4D55-B1CE-A932CFCE9201}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{427F390F-B206-4D51-920F-7B457E079C01}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{42818FCD-CF1F-4D47-B65E-44EC5F23E17E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{42F58AA0-8EFD-484A-A7C6-127564D66475}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{42FAB319-FF06-42CF-8926-7B22F741B837}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{43AF2FF0-67ED-46FF-BF74-85FBC6A08F67}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{43CAB9A6-08B0-4599-BE23-B14359B3B32D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{442B9C20-8DB5-40A7-A57F-0779B3E07DA6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{44EC04DD-22E3-433E-B5FF-5B92D3961047}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{45277DCD-5082-417E-9B57-17894DA0CD18}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{45B22C9B-AAE2-416E-9FF9-92DE459941DC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{464BC712-4052-47D4-9F7C-9F379372D268}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{46EB0092-1186-4630-95DE-690D641CFE85}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{47AE087F-43D0-4B56-AABC-8A4C191F8404}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{47EA8993-D76D-4E29-9FC9-ECF1EA9F5DA4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4826D96A-277B-4E04-9046-660714CD971E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4842092B-4812-4BF9-8324-57C3863E0C50}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4937BC64-EB66-4500-98E9-CEB4EF7A7CE2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{494BA05D-2A92-45C5-A2EA-909BB2B771A8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{49746180-42F0-48C7-9E0A-617802DC06E0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{49BDAF08-2DBB-4A0B-AD2F-4DF481B4AE33}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4A19CF1A-AA57-4F54-BF48-E8A36E6A0AA1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4A9579D2-DBDB-452C-9ADF-23FBD0D1A248}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4B148731-E2E6-4023-8FD2-828C18872945}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4B937C82-C162-4606-8B1A-2B5C4012A497}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4BA4F585-C1F8-4E47-A844-781B82443715}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4BBF4D62-C55F-42E0-884B-9228CF39A2C5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4C2EF590-D19C-4E7D-AD2D-1964D2B78CCC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4C3BCA40-177B-4A8F-9283-175AC6F0A1C2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4CAFC6A2-9CB1-478C-95BC-02F67BD37FF0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4D011F10-B812-489C-B310-8093F0712B9D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4D0F3028-3886-448A-89E7-482CC7064807}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4E431EF8-0F82-4BD6-8337-26C2801B0BFA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4E70D122-1BF8-4A09-9676-43C4732E7C72}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4E7FA50D-8A6A-4F96-B535-D554BEA99B05}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4EA54594-1E24-454F-95EF-84C5BE48209F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4F053AC4-43E1-4504-8FA6-319C595F1F3F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4F64823D-9AC0-4290-B31E-6790BDF36E3D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{4FC63F5D-AD87-44FC-B9C8-76DB1A1BECF5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5140F964-DC2A-433E-A65F-AF9443EFC153}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{51EF0270-F65C-4A54-BDD9-44C705DBD5B4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{54349230-B86C-4128-B5C9-2D90591BB56B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{571D78D5-E9D3-4EF4-A05C-B88090492D3B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5733EA92-476B-45A0-B286-4C3232C3C35B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{57ACAE61-20E5-43A0-8C7D-16A1292F9285}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5847DD30-17A2-4696-9F79-041BC44EDC46}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5966DA75-F49D-4E3A-8932-3B2E1BEEBAD5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{59E046E0-88EF-482A-8923-0D4DFACE4C15}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5AE56015-2041-4365-A84F-2324716C572D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5B663006-BC41-4E11-A82D-3EF33BC7D27D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5BB77C1E-896D-42DD-AD25-3DFB80898E44}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5BD8B06C-0856-4D5E-9C6A-2A21E7E67174}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5C379908-F2A3-4D50-A384-DA98B51266C8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5C51DB26-8FCB-49B4-80D1-0955FEF792D5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5CC11B37-AFA1-45D2-8EF3-1D0FB45AB56B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5CC9CF96-7A05-4D6C-8396-7C41943FDAD1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5CF430AA-BE5A-4C52-95D4-CB2BAB1F78D2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5DDA4D3D-0AA1-4097-8820-D492013821F1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5E223A1B-866F-4C5B-9870-0154C0CA7BF9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5E70E747-12E0-4094-95A0-E9FC84B1A5DC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5E901C30-6A15-4448-831A-D1F52F7E21F0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5E9C435B-8E27-492A-AF3A-7725DEA38089}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5F03F8F9-B5FA-4B4C-AC6E-D638366B579C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5F3FB6A8-704F-4D45-AD46-2D6AE813EB87}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5F4EBD44-0BC7-4CC7-9A89-40118CEA78B1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{5FFFBA0B-BBA5-4212-B049-5C19745B7284}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{609448A3-E69B-4DE0-8C2C-3E5671CF6485}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{60966577-6B78-4043-995A-6D1C9BF2470F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6115FA7F-4234-4DDA-BEC6-28B5036E6A9F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{61797E8E-AB42-4E72-8B11-44050F216169}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{620F2376-004C-49E2-9098-C4C48E0464F5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{62424D22-8EEA-4137-BE0F-0E50906731E9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{62F9391E-4995-4E60-BD6E-252266383E3F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6330E8F8-0347-4F42-A968-F4B0AEC62D8E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6339BDF2-D9DE-4A5E-A022-EF26A48B2276}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6340DBD0-52EE-4ACB-B46C-1FB3712DE740}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6375C7DA-178D-4C49-B843-E74C7AD839DA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{63B3A423-EB68-4327-AD5C-339A4BC3F89F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{647BB02C-6286-40AB-8244-CB00C046EFA4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{64C24282-DF60-4A59-B14A-D5BD1B251B7E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{658099AA-150F-4B9E-878D-43BA31D530AA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{662DDCDC-5A41-49FB-AE8E-37C03FAEDF33}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{66999A3F-CA8C-4ADC-ABB4-640C71137461}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{66CD26A1-6562-4E98-842B-16A112781920}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{678FACB1-93B0-4AE0-885E-28A8ECC15ADB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{67AAF9E5-0E00-43A7-A319-F50A5A8B167B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{67B78C16-463C-4F80-AA49-8C0302A30D0F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6832EBC8-E4C4-463F-90D3-AB4185DFE728}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6867F1FD-6202-414A-95FB-62EBF77B6016}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6933893B-76DA-46DE-8824-C1C9A8989080}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{69750F76-9C48-48A8-B892-B341B961C850}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{69C97783-56DB-40D6-BE82-31656878A5E2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6A503568-3AF6-4F59-9340-316F062AC7B9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6B157C29-7962-4B3E-B723-CEB3303897EE}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6B3BB348-0DEB-4A3D-800C-73F9CFDCC04C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6B5077A2-3448-46C3-A35D-6BC48D7947BE}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6B562B5C-071F-4668-A737-AF2B46AEF87D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6B800A8F-F625-4973-8152-BDBC95586824}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6C2E9701-42A1-4078-9F31-FB8F4118D345}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6CD6FD11-A67C-4B2C-8EE9-6098E4C34E25}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6D15487A-40B7-4D4D-92EF-0BF6982A9D1A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6E3E70AF-902D-4FA7-B77E-B663FEB52FE9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6F2D6ACC-22EE-441D-AB97-B3C90C3F1137}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{6F5E75FD-4352-4E5B-B9EE-A82EC0DEDF6B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{70A133B5-0EAD-4B3A-8C40-498EEC7716BF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{70C85F7C-2DA1-40E8-B97C-7EE306D43A32}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{70FD8AEA-AEF7-4338-B2E5-40AF225F6A63}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{715E2C59-5079-483A-AD84-41E203449E06}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{71C1F48F-CAB9-45DF-A2BD-861E13117339}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{72702287-3372-4C2D-97AC-D710471E72B3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{72AB0887-C99C-4261-BFA2-687D6A82ED6C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{732A4225-CBFD-4A67-B362-642FCBE59706}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7391836B-B7F5-4889-A7F9-74768085E09E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{73FBB18C-48F7-4912-B393-288EE91A7AA7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{74062397-A8B5-4F47-84AC-0721ABCFEFF5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{74C3B188-3A1A-4190-9912-C5E3E8496839}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{74CFC49D-844A-4F5E-86BE-466BD7C0FD4B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{750B372B-8EA8-4F22-98D1-9E52A0560811}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{751F5357-087D-4291-84DA-43E981D33AA9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{754C01B9-E4BE-412B-B02C-97A2EBA75CA0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{755A1231-CB3E-4B9A-ABEA-1997022665FC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{75B6E7A0-A45C-4136-9F2D-3A0DD8F9B1C1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{75C358AE-1802-4C61-B05E-A886193000D1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7679FEBC-0C88-4D51-9ADC-B5CE2292B619}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{76A02E61-9414-4E87-949D-4518F79C02FD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{76A3CCCB-B2AD-4229-BB21-53C4198D38B4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7775093D-D136-49F7-A72B-99F995C2A519}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{77A981D9-7422-4C0C-BCC8-CCDC9D1DFD02}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{78792E4F-F8A8-483E-B651-6A5679AD86B5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{78A19B50-0368-4D37-B4E7-38DCED8B7CB9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7A4A9327-E38F-4950-9AA1-78CA09E52ADA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7A687F56-D1D5-4428-BFB6-58010C8FA7A7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7A8CAB90-0FDB-405F-A078-CC1C639C82DB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7B4A26D0-8FCB-4053-A605-60E40125485F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7BAC56E5-D4C6-42B0-B795-1E416FDF7604}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7C32EE31-D749-448A-91FA-F226A80F5E28}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7CDCC49E-0F5A-4F6A-BE12-19A18CE6EA99}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7D0EF74E-8BE6-4E93-851D-BEDED2568844}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7DCA7AE7-D959-40F8-A4BA-B75642FCE2EA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7DCF5272-4D3F-47C5-A7A2-C42A51C0CC4B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7DD9B396-1F37-4E03-A1DF-C049FB41054E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7E164B7C-DF93-45D7-A49D-4968EC6CF6EA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7E9A4464-1FAB-4099-AD14-D61C53542A1D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7F8A93D4-0820-4BC3-85BB-8083946CCED3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{7FBF3F19-E5C9-47CE-B957-760B89C29106}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{80016957-36FF-4CD3-94C3-D2E6767982A7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{80305D35-2ADF-4D15-8C53-6826F528B104}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{803DE11C-A5D7-4F4A-81E9-CD7A0EBC1C86}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{816486C4-E92C-4197-AE55-8DD1B485F65B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{837508A5-E7E5-47B9-BD07-EE696AC56B35}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{83A55CF7-C1AE-4360-8BC5-1EFBD1B314AC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{83B9A314-9ED5-4372-8F02-8AEB13A10C68}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8552EB29-89AF-4FFE-BED3-A3EAB9DCFC60}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{857ADCD4-33E4-4E7F-980F-B471F5EB19C4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{867EFB82-427D-4E1E-9CD6-FF9CC201D343}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{86D5F843-A977-4C0C-A291-6340DACFC30F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{88293E4C-06CA-4BDC-AFAB-FABD7A13B428}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8841E3B0-382C-405F-B59D-3B96C43902CB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{884A7ECA-69EE-4102-944D-86804025DEFC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8A81984A-D9F8-4937-9015-C2AD03C9114C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8B477D87-FE19-4AA7-909D-5751EA2DDE8B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8B63B840-ECE4-4AE4-95FA-BF23289D0F3B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8B79F603-7951-4F46-9D62-CD1269718276}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8BC92F58-FB85-4E9E-8398-3572B1784530}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8BDC2C34-66F0-4975-84D8-2153F3C22A06}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8C4B6C98-EA57-47EC-B8B9-EBA404848188}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8D2FF175-7863-44D5-8D21-6E07245A5866}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8D45A97F-2EBF-4C4D-999C-B71C11CF00DA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8DAE695F-8607-4B1A-9F30-43F13CA21161}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8E089DD7-61CF-4DFE-A4C9-6ED24B603CD7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8E578682-2241-4C56-BAE2-82537F6A59D0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{8EF96D6A-BBD9-4A40-B737-DE1308E11C9C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9021987E-BE30-46DC-B713-9AA9D0E9611C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{90BCE465-03FC-4AAA-8BA1-C440109B751B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9100D99C-459C-408D-B8CB-72B243E10C6D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{915C7F21-064B-473B-8629-5E2D0E3A554A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{919C4E64-A8C4-40A1-80F3-F89E6CA8E47A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{91E0F782-E95A-4A47-9BF9-F422AEDE73D4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{92A910A1-F92A-44B4-88E3-DD428FF7F19E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{92C9E47E-75F6-42B4-A314-BBAFAE1C7E71}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{92D6C1B9-225E-4135-B041-77F025DCE2C7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{930B7041-605D-428B-8FCF-424BB59BA85C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{93D9303A-88D4-4AC1-B6DC-05686291BC2B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9420AB10-ADED-40BA-B216-C7E8E751BF3C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{946A6C01-065F-4C46-A7FC-117A9493EFEE}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{94A574C4-35C1-440B-8017-3EE554A332B7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{952D365E-DBAC-4498-892F-B6F0EF81D47A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{956F45E0-0807-4C8E-A115-3B393657E079}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{95754B68-13FF-42AE-BD4C-F27777603222}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{95AB2748-5CA8-49AD-85BB-38EDAA7A983B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{95D3B985-7F24-4944-82E2-E7D49AE6BB14}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9600B8DD-396B-4B74-93D8-DD422AB50705}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{967AD894-8616-4B1F-BAA5-E3E73CA1603F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{969EB17E-1FC6-4116-8903-DEBDC1DA1C38}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{970CBFC3-6B13-49F6-AF04-1219E1F0589C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{972AC141-C7FE-4FB4-BF8C-F85256270992}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{974236E6-CCA0-4BB3-A88F-E2EB1252AB4C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{977D9F3C-72CA-42BC-AE59-11E031DEB1E1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{986BA5D9-3840-4BDB-9CB1-7450340C2174}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{987B89BD-2143-428A-A3D1-FCDD39248051}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{993D3584-E739-4405-B689-12D359BCED8B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9963EC2B-669F-431F-8CAE-69BCE5A37C19}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{997A9314-489F-4958-A129-B3F46342882B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9984E6DA-62F2-4334-8530-2C1171BA858C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{99E5EA9A-86F2-4813-863F-4ED7445530F2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9A0E779F-3660-45D7-8EBA-8F28C203EDCA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9A22388D-AB3C-4DC6-A180-D7CDED750AAB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9A627048-31BE-4CAA-816C-BE00429CFF1D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9B4BD7E1-A529-4DFB-A30F-7BF1A69C33D0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9BFBEB5E-2866-44DA-B970-BCD8D112A7EA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9C541462-427C-43B7-9CEF-A9F27501DB96}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9CA9C424-56E7-4C30-842A-348A85A36391}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9D472867-1E9F-4238-AF3C-8E45E0C22801}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9DA8EAFC-7ECE-431B-A193-B203FEBC49E6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9DCB68F4-943F-4649-8473-10588EB2100F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9E005EE7-71A7-40B6-AA89-9626801FCD04}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9E7B36E0-CF42-403A-81FF-560703480A09}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9ED85881-B112-4801-A6F0-0C7213304D9D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9F2A322D-D525-49FE-8127-8D00FFC06FDB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{9F3795E8-F332-432B-B40E-8901D4A41D4F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A016B535-0504-4F60-88EA-2A1B17DB26B6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A05D620E-0C87-4363-BACD-B153F94AF3BD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A0810204-6A3A-4A15-BA68-61A194761FEA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A0A903CF-B759-4215-8EAA-4E4A5C5612BC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A1C89BB5-D774-4013-A074-EC32EFF1784A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A3B493F6-8F77-45B6-AF07-7E0CB33216D4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A416A1A8-C228-409E-B48E-05EAC7795F0E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A4747DB1-B47F-47A1-B268-E880172BCCC2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A4924170-5FB8-4BB3-9DD4-AA47E346C41E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A4B3584A-ADA8-477A-83CC-500A032FE562}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A4F2EC43-3E85-453F-BA87-2DAA35E55D7D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A5F0151F-F183-4312-A16C-9C12C3648496}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A6A22F0A-E56A-4C1C-A77C-76463C4A34F4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A7CE59E8-36EA-4B57-BF09-404BB32036D5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A835C374-BC4B-4C4A-95C8-984D0153EDB8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A9388103-918B-4644-8C9A-9CFB4E1A40B9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{A9417DB5-0ADF-4625-94A4-5E7DF534C81D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AA8E7761-447A-41B9-879A-83E2B7ACFEE4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AACA93B0-C927-413A-9313-C52CB0816398}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AAE2ECF5-584F-4CA4-B272-635E9E9A0BCB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AAFF58D7-4291-4900-9D7F-4C601931521E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AB61DFE7-32C4-41E9-9793-FD3B8A5CA45B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ABCA4EF7-4B4B-4FB4-97E4-EB90D2BC29FF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ACB1184F-B43A-4320-8F06-880161CE3C76}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ACF5DA53-AE4D-4158-A763-3901E34973EB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AD2C96B7-8921-4D03-8F69-CA8E9F82CD75}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ADA65E37-8838-4A82-9262-A43C6839E443}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ADA7100B-5571-466A-A0E8-58E3B63FA554}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ADB30788-973D-4B66-91E1-909825807D49}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AE2388B1-3852-4387-9208-0B031C8CD898}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AE8E2122-EA26-4DA8-9F55-7CA54687E752}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{AFEAA7EB-0D35-462F-A904-87FD0BB172B6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B0363893-98AD-4FAB-8E35-A1AC2E3A2B26}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B061DBF3-59E3-496E-A927-524E91CA1015}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B2625C3C-00C7-4A43-A500-1F103BF4E480}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B2A0AD25-B16B-4BBB-997C-D23255D1E565}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B3ABBF58-13BB-4687-9F86-179C649F6066}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B3C6EEE0-608E-429D-95C7-1F3EC9DE9C2B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B442AA0F-C47B-4E4D-B74A-BD4B57F36B9F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B511BD6D-B4D6-4EE8-ABB2-50E4D0ACE29D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B53BCD87-0170-4F49-A865-DD66C13B47E4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B57DB8E6-D15F-4FC0-BCAE-6CA2A0C3BD3A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B6176860-8C64-45E7-8B6F-27C3EF569CEF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B618F0A8-7B4B-4C0E-A508-4E7B498F7FB0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B648FE56-6F68-40B3-9217-723D5CA46EB4}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B66A0D99-1F63-4206-BBCC-7CEE63FCB2B9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B6D8381B-A4AB-4FFC-8039-CEED72ED3786}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B73EFDE9-33ED-4FCD-AFA4-C2DA0AD8E55A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B740B7F7-09B1-4073-8946-BFC36A59B192}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B7BBD464-DDD6-4DB3-8202-950AE51401CA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B7E5B2FC-54B6-4611-A8AC-980836ECDCA6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B81FF943-E4D6-45C2-B8DB-284880729B69}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B8399BBF-4AC0-4A4D-82F2-9E99BF01F726}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B8399DB5-F140-4EB6-98B6-10FC40D1347A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{B927273D-631D-421F-843F-0FC9F4CDD017}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{BA3623E6-56FF-4F53-B96D-CA03510CE84D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{BBE539CC-37A3-454A-94F1-00E43953460B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{BC0D95EE-DF02-48E2-AEED-C00672849DD1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{BC769757-9C4A-4CC9-9E84-3007EC442B1D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{BCA0551D-499B-4270-A7C8-9CF329A12E6F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{BF35EE76-8B2C-4B52-85E4-3CB982A7ECB7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C02DD3F9-7E78-43C9-BE9B-ED56BA7E3A2A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C0B51B73-366B-4CF2-B1E8-B1F58E55DDAF}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C0B6EDE8-702E-4443-830F-2BF064A3DBDB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C1BC160A-74A2-4DD6-894C-D0ED469C9774}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C1CFF84D-1B6E-4C90-AA98-0FD7DB18EB82}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C221725D-77E2-42E8-A313-A4A4CD17CC34}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C26106E3-2CFC-416B-866F-58CBD86468A0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C2A49489-79A1-45E7-B810-741A61F7B3AC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C2CD8D97-51F0-4CE6-B27B-B193ECF39EB3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C31115A0-00DE-461A-BBBE-86A72BAF022B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C3B67AD1-B60E-4D39-B2B7-EC2877837787}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C54FE10A-13BF-4C79-AA6A-D8202634287C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C5BD7291-F268-47D2-8A21-D072D52F4168}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C600CE09-5098-439B-B47C-8E3313761B27}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C62F3A98-896B-4938-8F44-5789F9C690AC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C63F44F3-8686-4C5F-9ED0-7E0E129F8857}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C6A60A5A-E08F-4132-B351-6379FA1F3071}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C8471494-FC9A-4776-9366-BB5295BD0C2A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C8713B62-4313-4F91-82EB-FDA2C94FF307}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C92014BE-6BA7-4CE9-9AC0-3710B164C51A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C944D85B-DC60-44C9-A17E-6A232549D220}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{C9727C0E-D572-4D03-8E37-C3597D3F48AD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CA04305F-7D2B-45B9-8B1D-B13F0E64A395}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CA65A854-337D-46F4-B455-32F0B08158B1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CA6CF32A-027A-4C29-85AD-347EF23C18D9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CA7C43FE-8067-4A00-9BBF-52B9B013C881}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CBC0F24B-1D94-4289-BCCC-666B7346E06C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CBE37B6C-6012-407F-BB9A-0298ABE9C89C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CC1532DE-E6D7-498A-A5AD-49D14FDF53A0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CCEAA58E-DA7C-466A-99B4-D5427D21293D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CCF97AB5-1B81-4B04-A633-B0F7D623BBD8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CDADB271-5637-458E-90E3-ECF0E5ACDE70}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CDC28791-D729-47C4-875C-E60680989B05}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CE13DDBC-A33F-49E4-8FD4-57341886E3E6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CEB99CA9-457A-4BE8-B644-3C0CFB523096}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CEEA6EE0-A589-4D19-9E4C-763E58444F0B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CF1B3315-BACD-417F-A7C8-DA1CF46F0547}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CF23A5C3-3967-4398-A1FF-8562C859B0BD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{CFA00609-600D-4CA7-BBED-9470D828DE95}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D05BCA0B-DFAC-455F-93B0-B05268F29E4C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D1543F32-4ACE-4E72-A076-F6982B8C532E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D1A47897-59F2-4308-91AB-0B6E206D753C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D1D3F810-0490-448F-8231-4B31A4065D30}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D20B04D4-47F5-49E3-8AF4-100D3399918A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D2B82751-BAA8-4FB7-B736-C96CB67A27CA}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D3289B68-F9D6-4D2A-B992-FE72B23AC616}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D371D416-0F06-4B15-A650-8115EBAF92CD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D3F6A05A-BFAA-43DC-AF72-ED35640E223E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D464C082-CD24-42AE-8581-136B17658A82}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D4C9E900-289C-4BA2-BFCA-7427F0BCAE10}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D5032854-96AE-4A78-AD76-6EE325671B59}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D5CDE4D6-15A9-453E-9154-DEBD0D9AE6C8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D6596DB3-E291-43F3-A1D3-AECDD9A47A82}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D682736F-E725-434C-9FF3-3E1D05853027}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D6946F97-68CB-49CA-AEF6-CB8BBC474738}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D75E66DB-19BE-4F3A-81DE-3DC6759E4E11}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D843CDF6-529A-4585-BE62-F2AAD759C482}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D904606E-AEDB-4A08-9732-2964B6FBF27A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D91137A0-A634-4879-9150-D7CD93042F43}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{D978B30C-6BC0-4E80-80C4-09F0179FF76A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DA0A022E-9C71-4725-8E65-11DF6FD81583}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DA296B3F-C05B-40CE-B8F7-59D126B39611}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DA303E76-CEAC-4A30-930C-2D0889003ABC}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DA59817D-68F0-4091-BAC7-02233737AD14}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DA871533-4DE8-4088-8E80-A71C60288D55}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DA8A3F20-A99A-4F09-BF57-1346A1E1EB59}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DACD2D08-752A-42C2-9500-67EB690D3E6F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DB3AC1E5-A532-49DF-9E12-A41D1F199C28}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DBB5ECBE-4626-4AEF-B21F-5206152E3A74}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DC2ECB7C-6B3C-4184-BB35-BA246A330382}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DDD05A9D-8F50-4442-8EB9-929F2B12CE30}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DDEE1D3B-7356-4300-AC85-3761B48E1495}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DE2C74D1-B914-45FB-81F7-027941CEB204}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DE76EDD7-CBE4-4A5F-A0CF-289B30C94FE9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DF2DA4D3-BAA0-47EE-AEBA-166786156B06}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DF642592-4211-401A-B0EB-96B5422FC895}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{DFD1C718-C0DB-4C1C-899F-141BDC4858B9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E0BAD849-04DB-4FAC-A881-C1936073716F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E12D9A3B-604A-4D8E-A75F-4F49D1256EE6}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E2978DEF-396F-4408-A547-838FEA24156C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E3EAA325-D401-4644-B794-119BD9EE765B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E3FCDCC8-94A6-4220-837A-122D306A1CB8}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E4714DE4-126F-4450-BA90-FD9536FD912A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E49DC3C9-6B50-41C1-AAC0-94159BA9C206}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E592E27A-4B34-4718-821C-0DB645F9010E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E5AE8F98-B01C-40E3-BDF9-850809619EDD}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E7546CD6-9340-44DC-820E-DCFA205A8964}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E75CC2F3-951A-4EE9-9663-79058B619B55}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E7B5D012-CC5D-4A4C-9C07-57028857E81D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E87262F4-16B0-421C-8F4F-8BCDDC9D60B1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E8D576AD-0BA0-46C2-8311-CF7D81CBF84C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{E99C9094-2E8D-417D-AF77-D1FA2D5A9D48}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EA046F39-37EE-4955-9C00-B1720999B043}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EA122B39-CD53-477F-BFB3-8B4879D1BD69}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EA8C16BE-D83B-4DD5-ADAC-E92A2351B7C0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EA8D8D8D-90C1-4BC5-B535-BADB2011DFF5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EAABBF12-0FE8-43A5-8DCF-9A7E7E702F98}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EB155EEB-EA7E-4F3D-AA23-74790223337C}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EC30B8E1-2A9D-4F68-84DC-5D73A20D52B9}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EC403304-14BB-44A4-B1F6-B392C19BE846}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EC7EE4C2-D055-4520-A2C3-784B64AB4363}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EC931DB8-E900-474D-AE91-0F5EB858EC2F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ECAD1DCC-0698-4AD1-9B28-26201152F4A1}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ECC73DE2-6270-40CE-B054-4C12CF289AE3}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{ED169CFF-DD5C-4F22-89C1-4A5CD95F4169}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{EE358664-C00F-49F5-B4BC-2DADDE107840}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F004639D-31F5-41FF-B67F-4282419FF379}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F036E343-DE81-41F0-ABE9-3651CADABF7A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F042E2E6-7221-4797-A91F-F1D6D7CE16C2}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F0911E71-5DBC-46ED-B771-1B803CD2C62D}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F13C8CAE-477E-4374-B3E4-6FE11328D5C5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F2AAE5C4-1C3C-49CA-9AB5-11A96E883948}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F2C9892B-7E19-4A66-87B5-D64F4B124718}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F2E1FA47-A0BC-4BDE-BDDF-BD185290DB68}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F36106C0-1F2C-4311-9684-9E95926068D7}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F3DD641E-82FB-4F56-965B-8D5053E4897F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F46DC25B-9632-4115-8F83-CFA6FC8F0A4A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F4F2F765-1286-4C83-9728-559D2739285E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F63BC14B-B1CE-4053-A0D5-B573212036C0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F67B10B1-3997-46F9-A18E-B1B944E6686B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F6B7FA7E-98AB-4AC1-98C5-05C304EC1276}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F867F468-5F50-4B45-868F-C9400CB3CC2A}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F91F6F13-5A97-4F3D-8AFD-59994CD71BF0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F96582B0-253E-4454-B2AF-03FBF1E6730B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{F96D3680-6C21-433E-B6B4-95EDF31DF32F}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FA3772D5-08A7-461D-AC6F-CE7E4B8B8B4B}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FA516D36-C014-431E-A755-CF62F8243673}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FA80A2D9-818D-4A98-B2CE-E0CDE12ABEC5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FB14C90A-7011-41D5-92A8-DEC93AC5B005}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FB6B9925-5B92-4279-8DE8-87D7B4DAD310}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FBD64450-0C19-4BBC-9FE5-9399E89D91F5}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FBF84D2E-38CD-4900-A21E-852B221F3085}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FC1DBE5B-3AC3-4924-A144-98604DCADD3E}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FD1FC4B2-FFC5-4AB4-8189-59C6B1FDF452}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FD2FA3E8-EA05-485C-BAE0-1CB54AF4AF12}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FD3853FC-C870-44EC-B635-0098CF91D5EB}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FDC687F8-87A2-462D-A772-EEFE60553867}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FF27C6D5-2331-4B97-BBF3-6783BA2A27C0}
Successfully deleted: [Empty Folder] C:\Users\Lutz\appdata\local\{FF905BF2-9508-45A6-9F9E-6A41EB099781}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2015 at 19:10:18,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
06.05.2015, 18:39
| #6 |
| | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen?FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Lutz (administrator) on LUTZ-PC on 06-05-2015 19:21:30
Running from C:\Users\Lutz\Desktop
Loaded Profiles: Lutz (Available profiles: UpdatusUser & Lutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-13]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2011-10-25]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk [2011-11-28]
ShortcutTarget: PHOTOfunSTUDIO 5.1 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> DefaultScope 439284A69E2B4FC7A5EAF9E3D04CB572 URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> 439284A69E2B4FC7A5EAF9E3D04CB572 URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-01]
FF HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-09]
CHR Extension: (YouTube) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Google Search) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Google Wallet) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-09]
CHR Extension: (Gmail) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-03-06] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-06-15] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-01] (G Data Software AG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-08] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Lutz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-06 19:21 - 2015-05-06 19:21 - 00022947 _____ () C:\Users\Lutz\Desktop\FRST.txt
2015-05-06 19:21 - 2015-05-06 19:21 - 00000000 ____D () C:\Users\Lutz\Desktop\FRST-OlderVersion
2015-05-06 19:10 - 2015-05-06 19:11 - 00059570 _____ () C:\Users\Lutz\Desktop\JRT.txt
2015-05-06 19:08 - 2015-05-06 19:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUTZ-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-06 19:08 - 2015-05-06 19:08 - 00000000 ____D () C:\RegBackup
2015-05-06 19:07 - 2015-05-06 14:29 - 02716843 _____ (Thisisu) C:\Users\Lutz\Desktop\JRT_NEW.exe
2015-05-06 19:04 - 2015-05-06 19:18 - 00000645 _____ () C:\Users\Lutz\Desktop\Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen - Trojaner-Board.website
2015-05-06 19:02 - 2015-05-06 18:51 - 00005475 _____ () C:\Users\Lutz\Desktop\AdwCleaner[S0].txt
2015-05-06 19:02 - 2015-05-06 18:47 - 00005634 _____ () C:\Users\Lutz\Desktop\AdwCleaner[R0].txt
2015-05-06 18:46 - 2015-05-06 18:51 - 00000000 ____D () C:\AdwCleaner
2015-05-06 18:19 - 2015-05-06 18:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 18:17 - 2015-05-06 18:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-06 18:17 - 2015-05-06 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-06 18:17 - 2015-05-06 18:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-06 18:17 - 2015-05-06 18:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-06 18:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 18:17 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-06 18:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-06 11:15 - 2015-05-06 11:15 - 00000000 ____D () C:\Users\Lutz\AppData\Local\elfopatch
2015-05-05 21:50 - 2015-05-05 21:50 - 00023933 _____ () C:\ComboFix.txt
2015-05-05 21:36 - 2015-05-05 21:50 - 00000000 ____D () C:\Qoobox
2015-05-05 21:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-05 21:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-05 21:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-05 21:12 - 2015-05-05 21:49 - 00000000 ____D () C:\Windows\erdnt
2015-05-05 21:10 - 2015-05-05 21:10 - 05619691 ____R (Swearware) C:\Users\Lutz\Desktop\ComboFix.exe
2015-05-05 19:12 - 2015-05-05 19:13 - 00045112 _____ () C:\Users\Lutz\Desktop\Addition.txt
2015-05-05 18:55 - 2015-05-06 19:21 - 00000000 ____D () C:\FRST
2015-05-05 18:49 - 2015-05-05 18:49 - 00000470 _____ () C:\Users\Lutz\Desktop\defogger_disable.log
2015-05-05 18:49 - 2015-05-05 18:49 - 00000000 _____ () C:\Users\Lutz\defogger_reenable
2015-05-05 18:36 - 2015-05-06 19:21 - 02102272 _____ (Farbar) C:\Users\Lutz\Desktop\FRST64.exe
2015-05-05 18:36 - 2015-05-05 06:49 - 02716306 _____ (Thisisu) C:\Users\Lutz\Desktop\JRT.exe
2015-05-05 18:36 - 2015-05-05 06:48 - 02204160 _____ () C:\Users\Lutz\Desktop\AdwCleaner_4.203.exe
2015-05-05 18:36 - 2015-05-05 06:47 - 00464381 _____ () C:\Users\Lutz\Desktop\SpyHunterKiller.exe
2015-05-05 18:36 - 2015-05-05 06:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lutz\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-07 19:49 - 2015-04-07 19:49 - 00000000 ____D () C:\Windows\de
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\fr
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\es
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\en
2015-04-07 19:48 - 2015-04-07 19:48 - 00000000 ____D () C:\Windows\el
2015-04-07 19:47 - 2015-05-06 18:41 - 00000000 ____D () C:\Windows\ru
2015-04-07 19:47 - 2015-04-07 19:47 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-04-07 19:47 - 2015-04-07 19:47 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\nl
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\it
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\he
2015-04-07 19:47 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\ar
2015-04-07 19:43 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-04-07 19:41 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-04-07 19:41 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-07 19:41 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-07 19:41 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-07 19:41 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-04-07 19:40 - 2015-04-07 19:40 - 00000379 _____ () C:\Windows\DirectX.log
2015-04-07 19:39 - 2015-04-07 19:39 - 00002155 _____ () C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-04-07 19:39 - 2015-04-07 19:39 - 00002122 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-04-07 19:39 - 2015-04-07 19:39 - 00002122 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-04-07 19:39 - 2015-04-07 19:39 - 00000000 ___RD () C:\Users\Lutz\OneDrive
2015-04-07 19:39 - 2015-04-07 19:39 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-04-07 19:39 - 2015-04-07 19:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-06 19:23 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 19:23 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 19:18 - 2012-04-25 20:11 - 00000000 ____D () C:\Users\Lutz\AppData\Roaming\Skype
2015-05-06 19:16 - 2013-12-09 15:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-06 19:15 - 2013-07-31 21:31 - 00100465 _____ () C:\Windows\setupact.log
2015-05-06 19:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 19:14 - 2011-10-25 22:34 - 02017594 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 19:13 - 2013-12-09 15:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 19:00 - 2012-03-30 11:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 18:54 - 2013-08-16 14:10 - 00391684 _____ () C:\Windows\PFRO.log
2015-05-06 18:53 - 2011-10-25 22:55 - 00001440 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-06 11:30 - 2011-11-26 11:24 - 00000000 ____D () C:\Users\Lutz\AppData\Roaming\SoftGrid Client
2015-05-06 10:48 - 2011-04-11 14:05 - 00483022 _____ () C:\Windows\system32\perfh001.dat
2015-05-06 10:48 - 2011-04-11 14:05 - 00098926 _____ () C:\Windows\system32\perfc001.dat
2015-05-06 10:48 - 2011-03-17 13:52 - 00728608 _____ () C:\Windows\system32\perfh019.dat
2015-05-06 10:48 - 2011-03-17 13:52 - 00154996 _____ () C:\Windows\system32\perfc019.dat
2015-05-06 10:48 - 2011-02-19 07:02 - 00396352 _____ () C:\Windows\system32\perfh00D.dat
2015-05-06 10:48 - 2011-02-19 07:02 - 00088912 _____ () C:\Windows\system32\perfc00D.dat
2015-05-06 10:48 - 2011-02-19 06:56 - 00610996 _____ () C:\Windows\system32\perfh008.dat
2015-05-06 10:48 - 2011-02-19 06:56 - 00115282 _____ () C:\Windows\system32\perfc008.dat
2015-05-06 10:48 - 2011-02-19 06:51 - 00412480 _____ () C:\Windows\system32\prfh0404.dat
2015-05-06 10:48 - 2011-02-19 06:51 - 00126298 _____ () C:\Windows\system32\prfc0404.dat
2015-05-06 10:48 - 2011-02-19 06:45 - 00733026 _____ () C:\Windows\system32\prfh0816.dat
2015-05-06 10:48 - 2011-02-19 06:45 - 00157060 _____ () C:\Windows\system32\prfc0816.dat
2015-05-06 10:48 - 2011-02-19 06:40 - 00747506 _____ () C:\Windows\system32\perfh013.dat
2015-05-06 10:48 - 2011-02-19 06:40 - 00157256 _____ () C:\Windows\system32\perfc013.dat
2015-05-06 10:48 - 2011-02-19 06:35 - 00744054 _____ () C:\Windows\system32\perfh010.dat
2015-05-06 10:48 - 2011-02-19 06:35 - 00151000 _____ () C:\Windows\system32\perfc010.dat
2015-05-06 10:48 - 2011-02-19 06:29 - 00749724 _____ () C:\Windows\system32\perfh00C.dat
2015-05-06 10:48 - 2011-02-19 06:29 - 00153734 _____ () C:\Windows\system32\perfc00C.dat
2015-05-06 10:48 - 2011-02-19 06:24 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2015-05-06 10:48 - 2011-02-19 06:24 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2015-05-06 10:48 - 2011-02-19 06:19 - 00749464 _____ () C:\Windows\system32\perfh00A.dat
2015-05-06 10:48 - 2011-02-19 06:19 - 00162628 _____ () C:\Windows\system32\perfc00A.dat
2015-05-06 10:48 - 2009-07-14 07:13 - 09365100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 22:01 - 2011-11-26 11:07 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-05-05 21:50 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-05 21:47 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-05 18:49 - 2011-11-26 11:06 - 00000000 ____D () C:\Users\Lutz
2015-05-05 10:37 - 2011-11-26 17:26 - 00000000 ____D () C:\Users\Lutz\Desktop\Diskette
2015-05-04 18:17 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-04 17:38 - 2011-11-26 11:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-04 17:37 - 2011-12-02 13:43 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-04 17:37 - 2011-11-28 12:09 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-05-04 17:37 - 2011-11-26 11:24 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-04 17:37 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-04 17:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-04 17:36 - 2014-08-12 20:11 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2015-05-04 17:36 - 2012-07-01 15:40 - 00000000 ____D () C:\ProgramData\HP
2015-05-04 17:36 - 2012-04-25 20:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-04 17:36 - 2011-12-02 13:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-05-04 17:36 - 2011-12-02 13:43 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 17:36 - 2011-11-29 19:15 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2011
2015-05-04 17:36 - 2011-10-25 22:51 - 00000000 ____D () C:\ProgramData\P4G
2015-05-04 17:36 - 2011-04-13 04:38 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-05-04 17:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-04 17:34 - 2013-11-30 20:31 - 00000000 ___RD () C:\MSOCache
2015-05-03 11:19 - 2012-04-02 17:12 - 00000000 ____D () C:\Users\Lutz\Desktop\Mail`s
2015-04-15 10:00 - 2012-03-30 11:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 10:00 - 2012-03-30 11:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 10:00 - 2011-12-03 18:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-07 19:56 - 2011-11-26 11:14 - 00000000 ____D () C:\Users\Lutz\AppData\Local\Windows Live
2015-04-07 19:48 - 2011-04-13 04:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-04-07 19:46 - 2011-04-13 04:41 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-04-07 19:44 - 2011-04-13 04:39 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-04-07 19:42 - 2011-04-13 04:36 - 00000000 ____D () C:\Program Files\Windows Live
==================== Files in the root of some directories =======
2014-06-14 16:12 - 2014-06-14 16:12 - 0000000 _____ () C:\Users\Lutz\AppData\Roaming\gdfw.log
2014-06-14 16:12 - 2014-06-15 15:20 - 0001558 _____ () C:\Users\Lutz\AppData\Roaming\gdscan.log
2012-03-31 15:00 - 2012-03-31 15:00 - 0033134 _____ () C:\Users\Lutz\AppData\Roaming\UserTile.png
2011-12-29 19:59 - 2011-12-29 19:59 - 0017408 _____ () C:\Users\Lutz\AppData\Local\WebpageIcons.db
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2012-07-01 15:40 - 2012-07-01 15:59 - 0002376 _____ () C:\ProgramData\hpzinstall.log
2011-10-25 22:59 - 2011-10-25 22:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-10-25 22:58 - 2011-10-25 22:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some content of TEMP:
====================
C:\Users\Lutz\AppData\Local\Temp\Quarantine.exe
C:\Users\Lutz\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-12 10:18
==================== End Of Log ============================
|
|
07.05.2015, 07:47
| #7 |
| /// the machine /// TB-Ausbilder | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CloseProcesses:
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.05.2015, 21:19
| #8 |
| | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen?Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Lutz at 2015-05-07 19:42:41 Run:1
Running from C:\Users\Lutz\Desktop
Loaded Profiles: Lutz (Available profiles: UpdatusUser & Lutz)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************
Processes closed successfully.
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKU\S-1-5-21-1443041108-445289656-2671713935-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 450.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:43:25 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=127227b8be9ad44496a5d220c04cc449
# engine=23741
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-07 07:31:51
# local_time=2015-05-07 09:31:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 92413 182656961 0 0
# scanned=279262
# found=2
# cleaned=0
# scan_time=5716
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=E7FD234E3A308CA5B1F08E7AC3A26D080A98E0BE ft=1 fh=ff5c7689854658bf vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
|
|
08.05.2015, 16:48
| #9 |
| /// the machine /// TB-Ausbilder | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? und der Rest?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.05.2015, 18:10
| #10 |
| | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? So. Entschuldigung erst mal, war übers Wochenende nicht da. Hier kommt der Rest: Code:
ATTFilter Results of screen317's Security Check version 1.001
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
G DATA INTERNET SECURITY
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2011
TuneUp Utilities Language Pack (de-DE)
Adobe Flash Player 10 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
G Data InternetSecurity Firewall GDFwSvcx64.exe
G Data InternetSecurity Firewall GDFirewallTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Lutz (administrator) on LUTZ-PC on 11-05-2015 19:12:12
Running from C:\Users\Lutz\Desktop
Loaded Profiles: Lutz (Available profiles: UpdatusUser & Lutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(ASUS) C:\Windows\AsScrPro.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-05-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011-04-13]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2011-10-25]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-07-01]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk [2011-11-28]
ShortcutTarget: PHOTOfunSTUDIO 5.1 HD Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1443041108-445289656-2671713935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> DefaultScope 439284A69E2B4FC7A5EAF9E3D04CB572 URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> 439284A69E2B4FC7A5EAF9E3D04CB572 URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1443041108-445289656-2671713935-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-23] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-01]
FF HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1443041108-445289656-2671713935-1001\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-09]
CHR Extension: (Google Drive) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-09]
CHR Extension: (YouTube) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Google Search) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Google Wallet) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-09]
CHR Extension: (Gmail) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2028864 2011-12-13] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-01] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-11-25] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-09-30] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64512 2015-03-06] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-06-15] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-01] (G Data Software AG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [11856 2011-07-08] (TuneUp Software)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Lutz\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 18:50 - 2015-05-11 18:50 - 00852630 _____ () C:\Users\Lutz\Desktop\SecurityCheck.exe
2015-05-08 14:41 - 2015-05-11 14:53 - 00000550 _____ () C:\nospam.log
2015-05-07 19:53 - 2015-05-07 19:53 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-07 19:52 - 2015-05-07 19:52 - 02347384 _____ (ESET) C:\Users\Lutz\Desktop\esetsmartinstaller_deu.exe
2015-05-06 19:21 - 2015-05-11 19:12 - 00022198 _____ () C:\Users\Lutz\Desktop\FRST.txt
2015-05-06 19:21 - 2015-05-11 19:07 - 00000000 ____D () C:\Users\Lutz\Desktop\FRST-OlderVersion
2015-05-06 19:10 - 2015-05-06 19:11 - 00059570 _____ () C:\Users\Lutz\Desktop\JRT.txt
2015-05-06 19:08 - 2015-05-06 19:08 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUTZ-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-06 19:08 - 2015-05-06 19:08 - 00000000 ____D () C:\RegBackup
2015-05-06 19:07 - 2015-05-06 14:29 - 02716843 _____ (Thisisu) C:\Users\Lutz\Desktop\JRT_NEW.exe
2015-05-06 19:04 - 2015-05-11 18:48 - 00000645 _____ () C:\Users\Lutz\Desktop\Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen - Trojaner-Board.website
2015-05-06 19:02 - 2015-05-06 18:51 - 00005475 _____ () C:\Users\Lutz\Desktop\AdwCleaner[S0].txt
2015-05-06 19:02 - 2015-05-06 18:47 - 00005634 _____ () C:\Users\Lutz\Desktop\AdwCleaner[R0].txt
2015-05-06 18:46 - 2015-05-06 18:51 - 00000000 ____D () C:\AdwCleaner
2015-05-06 18:19 - 2015-05-06 18:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 18:17 - 2015-05-06 18:17 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-06 18:17 - 2015-05-06 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-06 18:17 - 2015-05-06 18:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-06 18:17 - 2015-05-06 18:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-06 18:17 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 18:17 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-06 18:17 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-06 11:15 - 2015-05-06 11:15 - 00000000 ____D () C:\Users\Lutz\AppData\Local\elfopatch
2015-05-05 21:50 - 2015-05-05 21:50 - 00023933 _____ () C:\ComboFix.txt
2015-05-05 21:36 - 2015-05-05 21:50 - 00000000 ____D () C:\Qoobox
2015-05-05 21:36 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-05 21:36 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-05 21:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-05 21:36 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-05 21:12 - 2015-05-05 21:49 - 00000000 ____D () C:\Windows\erdnt
2015-05-05 21:10 - 2015-05-05 21:10 - 05619691 ____R (Swearware) C:\Users\Lutz\Desktop\ComboFix.exe
2015-05-05 19:12 - 2015-05-05 19:13 - 00045112 _____ () C:\Users\Lutz\Desktop\Addition.txt
2015-05-05 18:55 - 2015-05-11 19:12 - 00000000 ____D () C:\FRST
2015-05-05 18:49 - 2015-05-05 18:49 - 00000470 _____ () C:\Users\Lutz\Desktop\defogger_disable.log
2015-05-05 18:49 - 2015-05-05 18:49 - 00000000 _____ () C:\Users\Lutz\defogger_reenable
2015-05-05 18:36 - 2015-05-11 19:07 - 02102784 _____ (Farbar) C:\Users\Lutz\Desktop\FRST64.exe
2015-05-05 18:36 - 2015-05-05 06:49 - 02716306 _____ (Thisisu) C:\Users\Lutz\Desktop\JRT.exe
2015-05-05 18:36 - 2015-05-05 06:48 - 02204160 _____ () C:\Users\Lutz\Desktop\AdwCleaner_4.203.exe
2015-05-05 18:36 - 2015-05-05 06:47 - 00464381 _____ () C:\Users\Lutz\Desktop\SpyHunterKiller.exe
2015-05-05 18:36 - 2015-05-05 06:42 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lutz\Desktop\mbam-setup-2.1.6.1022.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 19:13 - 2013-12-09 15:14 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 19:00 - 2012-03-30 11:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 18:57 - 2011-10-25 22:34 - 01082180 _____ () C:\Windows\WindowsUpdate.log
2015-05-11 18:53 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 18:53 - 2009-07-14 06:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 18:46 - 2013-12-09 15:14 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 18:45 - 2013-07-31 21:31 - 00100969 _____ () C:\Windows\setupact.log
2015-05-11 18:45 - 2011-11-26 11:07 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-05-11 18:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-07 19:46 - 2013-08-16 14:10 - 00392128 _____ () C:\Windows\PFRO.log
2015-05-06 21:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-06 19:41 - 2012-04-25 20:11 - 00000000 ____D () C:\Users\Lutz\AppData\Roaming\Skype
2015-05-06 18:53 - 2011-10-25 22:55 - 00001440 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-06 18:52 - 2015-04-07 19:47 - 00000000 ____D () C:\Windows\ru
2015-05-06 11:30 - 2011-11-26 11:24 - 00000000 ____D () C:\Users\Lutz\AppData\Roaming\SoftGrid Client
2015-05-06 10:48 - 2011-04-11 14:05 - 00483022 _____ () C:\Windows\system32\perfh001.dat
2015-05-06 10:48 - 2011-04-11 14:05 - 00098926 _____ () C:\Windows\system32\perfc001.dat
2015-05-06 10:48 - 2011-03-17 13:52 - 00728608 _____ () C:\Windows\system32\perfh019.dat
2015-05-06 10:48 - 2011-03-17 13:52 - 00154996 _____ () C:\Windows\system32\perfc019.dat
2015-05-06 10:48 - 2011-02-19 07:02 - 00396352 _____ () C:\Windows\system32\perfh00D.dat
2015-05-06 10:48 - 2011-02-19 07:02 - 00088912 _____ () C:\Windows\system32\perfc00D.dat
2015-05-06 10:48 - 2011-02-19 06:56 - 00610996 _____ () C:\Windows\system32\perfh008.dat
2015-05-06 10:48 - 2011-02-19 06:56 - 00115282 _____ () C:\Windows\system32\perfc008.dat
2015-05-06 10:48 - 2011-02-19 06:51 - 00412480 _____ () C:\Windows\system32\prfh0404.dat
2015-05-06 10:48 - 2011-02-19 06:51 - 00126298 _____ () C:\Windows\system32\prfc0404.dat
2015-05-06 10:48 - 2011-02-19 06:45 - 00733026 _____ () C:\Windows\system32\prfh0816.dat
2015-05-06 10:48 - 2011-02-19 06:45 - 00157060 _____ () C:\Windows\system32\prfc0816.dat
2015-05-06 10:48 - 2011-02-19 06:40 - 00747506 _____ () C:\Windows\system32\perfh013.dat
2015-05-06 10:48 - 2011-02-19 06:40 - 00157256 _____ () C:\Windows\system32\perfc013.dat
2015-05-06 10:48 - 2011-02-19 06:35 - 00744054 _____ () C:\Windows\system32\perfh010.dat
2015-05-06 10:48 - 2011-02-19 06:35 - 00151000 _____ () C:\Windows\system32\perfc010.dat
2015-05-06 10:48 - 2011-02-19 06:29 - 00749724 _____ () C:\Windows\system32\perfh00C.dat
2015-05-06 10:48 - 2011-02-19 06:29 - 00153734 _____ () C:\Windows\system32\perfc00C.dat
2015-05-06 10:48 - 2011-02-19 06:24 - 00711546 _____ () C:\Windows\system32\perfh007.dat
2015-05-06 10:48 - 2011-02-19 06:24 - 00153736 _____ () C:\Windows\system32\perfc007.dat
2015-05-06 10:48 - 2011-02-19 06:19 - 00749464 _____ () C:\Windows\system32\perfh00A.dat
2015-05-06 10:48 - 2011-02-19 06:19 - 00162628 _____ () C:\Windows\system32\perfc00A.dat
2015-05-06 10:48 - 2009-07-14 07:13 - 09365100 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-05 21:50 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-05 21:47 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-05 18:49 - 2011-11-26 11:06 - 00000000 ____D () C:\Users\Lutz
2015-05-05 10:37 - 2011-11-26 17:26 - 00000000 ____D () C:\Users\Lutz\Desktop\Diskette
2015-05-04 18:17 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-04 17:38 - 2011-11-26 11:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-04 17:37 - 2011-12-02 13:43 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-04 17:37 - 2011-11-28 12:09 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-05-04 17:37 - 2011-11-26 11:24 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-04 17:37 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-04 17:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-04 17:36 - 2014-08-12 20:11 - 00000000 ____D () C:\Program Files (x86)\Fotoalbum.de
2015-05-04 17:36 - 2012-07-01 15:40 - 00000000 ____D () C:\ProgramData\HP
2015-05-04 17:36 - 2012-04-25 20:11 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-04 17:36 - 2011-12-02 13:46 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-05-04 17:36 - 2011-12-02 13:43 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-04 17:36 - 2011-11-29 19:15 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2011
2015-05-04 17:36 - 2011-10-25 22:51 - 00000000 ____D () C:\ProgramData\P4G
2015-05-04 17:36 - 2011-04-13 04:38 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-05-04 17:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-05-04 17:34 - 2013-11-30 20:31 - 00000000 ___RD () C:\MSOCache
2015-05-03 11:19 - 2012-04-02 17:12 - 00000000 ____D () C:\Users\Lutz\Desktop\Mail`s
2015-04-15 10:00 - 2012-03-30 11:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 10:00 - 2012-03-30 11:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 10:00 - 2011-12-03 18:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-06-14 16:12 - 2014-06-14 16:12 - 0000000 _____ () C:\Users\Lutz\AppData\Roaming\gdfw.log
2014-06-14 16:12 - 2014-06-15 15:20 - 0001558 _____ () C:\Users\Lutz\AppData\Roaming\gdscan.log
2012-03-31 15:00 - 2012-03-31 15:00 - 0033134 _____ () C:\Users\Lutz\AppData\Roaming\UserTile.png
2011-12-29 19:59 - 2011-12-29 19:59 - 0017408 _____ () C:\Users\Lutz\AppData\Local\WebpageIcons.db
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2012-07-01 15:40 - 2012-07-01 15:59 - 0002376 _____ () C:\ProgramData\hpzinstall.log
2011-10-25 22:59 - 2011-10-25 22:59 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-10-25 22:58 - 2011-10-25 22:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-06 20:12
==================== End Of Log ============================
Geändert von kranni (11.05.2015 um 18:15 Uhr) |
|
12.05.2015, 07:09
| #11 |
| /// the machine /// TB-Ausbilder | Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? Flash Player updaten. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win7 Home Premium 64 Bit Malware Colormedia + Plus-HD-1.6 + Spyhunter wie entfernen? |
| administrator, adobe, adware, browser, computer, defender, device driver, entfernen, explorer, failed, firewall, flash player, home, install.exe, internet, malware, nvidia, realtek, registry, scan, security, securityutility, services.exe, software, temp, usb, window 7, windows, winlogon.exe |
WARNUNG an die MITLESER: 
Linear-Darstellung
