| Ladekabel612 | 23.03.2017 18:15 |
Antivirenreste entfernen
Hi,
Habe mir in einem Download wohl AVG eingefangen. Habe daraufhin mit dem Uninstaller des Programms es versucht zu deinstallieren. Aber dennoch sind reste drauf. Zu meiner überraschung auch noch von Avast.
Ich hoffe es stört nicht, wenn ich um eine Bereinigung bitte? :)
Hinweis: Revo Uninstaller kann ich nicht verwenden, da meine Systemwiederherstellung probleme macht. Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 17:46 on 23/03/2017 by lem0th
Administrator - Elevation successful
========== filefind ==========
Searching for "*AVG*"
C:\$RECYCLE.BIN\S-1-5-21-624198674-977653023-2037852723-1017\$I4WAVGP.jpg --a---- 544 bytes [11:59 05/07/2015] [11:59 05/07/2015] F34DEC5E349F89B7CFD3E3935B160B96
C:\AVG_Remover\bin\avgfmwremover.log --a---- 48986 bytes [16:27 23/03/2017] [16:27 23/03/2017] F29B8572182CDAB6CCB547C51CAEE75D
C:\AVG_Remover\bin\avgfmwremover_msilog.log --a---- 68192 bytes [16:27 23/03/2017] [16:27 23/03/2017] D51722BC5E63FC19930EEB4C5A0FA052
C:\AVG_Remover\bin\AVG_Remover.exe --a---- 3511264 bytes [16:25 23/03/2017] [11:07 14/02/2017] B49798BDA02FFDF0FE10971089174599
C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe --a---- 263720 bytes [15:51 23/03/2017] [15:51 23/03/2017] EB56AB5226BE8B634C084E0853356789
C:\Program Files (x86)\AVG\Antivirus\avgui.exe --a---- 9490760 bytes [15:51 23/03/2017] [15:52 23/03/2017] C4855DDACA54F15B5331D8DA11126E5B
C:\Program Files (x86)\AVG\Antivirus\avgui.exe.sum --a---- 223 bytes [15:52 23/03/2017] [15:52 23/03/2017] 814C26F47F56A97F37909D2EE7EAA208
C:\Program Files (x86)\AVG\Antivirus\AvgUiPlugin\avgbavuiplgx.dll --a---- 1454360 bytes [15:51 23/03/2017] [15:51 23/03/2017] 0592C6FE270C651928E80B950693DBC5
C:\Program Files (x86)\AVG\Antivirus\setup\ais_avg_crt_x64-7cc.vpx --a--c- 2979206 bytes [15:48 23/03/2017] [15:48 23/03/2017] 74F4A41E94EFF2FF8C7AE1737C32197E
C:\Program Files (x86)\AVG\Antivirus\setup\ais_avg_crt_x86-7cc.vpx --a--c- 7440299 bytes [15:48 23/03/2017] [15:48 23/03/2017] FD8F4864ADC00F65266D24E1337FC42D
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.crt\amd64\AVG.VC140.CRT.cat --a--c- 18714 bytes [15:51 23/03/2017] [15:51 23/03/2017] FDD064670840085C3CD6AC2AF7A13541
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.crt\amd64\AVG.VC140.CRT.manifest --a--c- 23787 bytes [15:51 23/03/2017] [15:51 23/03/2017] 09C51E9C558F46B5C3861091F596B1D5
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.crt\x86\AVG.VC140.CRT.cat --a--c- 18714 bytes [15:51 23/03/2017] [15:51 23/03/2017] 9346F4EB14E49DD576B640AF025A195E
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.crt\x86\AVG.VC140.CRT.manifest --a--c- 23785 bytes [15:51 23/03/2017] [15:51 23/03/2017] E2A12FE7FD477AC517B9E72F58AEE6F2
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.mfc\x86\AVG.VC140.MFC.cat --a--c- 18714 bytes [15:51 23/03/2017] [15:51 23/03/2017] 1A5755A24D564245E44096215C653F88
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.mfc\x86\AVG.VC140.MFC.manifest --a--c- 1228 bytes [15:51 23/03/2017] [15:51 23/03/2017] E7691E36186B77B9DCDBF4C06CB1F896
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.crt\amd64\Policy.14.0.AVG.VC140.CRT.cat --a--c- 18714 bytes [15:51 23/03/2017] [15:51 23/03/2017] C30B6E21C294B2B726B8C5E1CD84E427
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.crt\amd64\Policy.14.0.AVG.VC140.CRT.manifest --a--c- 760 bytes [15:51 23/03/2017] [15:51 23/03/2017] DE8627B01679AE8DD1FE1E1788A4833B
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.crt\x86\Policy.14.0.AVG.VC140.CRT.cat --a--c- 18714 bytes [15:51 23/03/2017] [15:51 23/03/2017] 27E374BF6520DBE2AF4380D362DF8D0A
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.crt\x86\Policy.14.0.AVG.VC140.CRT.manifest --a--c- 756 bytes [15:51 23/03/2017] [15:51 23/03/2017] 6342CB897077FD8DF40F13DB6D8D0BF5
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.mfc\x86\Policy.14.0.AVG.VC140.MFC.cat --a--c- 18714 bytes [15:51 23/03/2017] [15:51 23/03/2017] 3A07DB3E03AAAFCE853A76AB1D7A6F57
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.mfc\x86\Policy.14.0.AVG.VC140.MFC.manifest --a--c- 756 bytes [15:51 23/03/2017] [15:51 23/03/2017] 88A05937C567E3E5540A3C469AECAED4
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgbdiska.sys --a--c- 166136 bytes [15:51 23/03/2017] [15:51 23/03/2017] E387C5228ACA2AB16690788CF0A40DA2
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgbidsdrivera.sys --a--c- 311592 bytes [15:51 23/03/2017] [15:51 23/03/2017] 99EFE411CD3BBC244D80BF9BDDCD20BD
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgbidsha.sys --a--c- 192096 bytes [15:51 23/03/2017] [15:51 23/03/2017] 185EE4B5477026A7A76FD4AF278274E7
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgbloga.sys --a--c- 336920 bytes [15:51 23/03/2017] [15:51 23/03/2017] F0EF5B8656D02C92074BB96A24351EE7
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgBoot.exe --a--c- 399392 bytes [15:51 23/03/2017] [15:51 23/03/2017] 35F3AE4BA52A8E9CCDC077B39AE7C96C
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgbuniva.sys --a--c- 50848 bytes [15:51 23/03/2017] [15:51 23/03/2017] 6F580D3E31D83CAC63B06F5BB092583D
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgHwid.sys --a--c- 39288 bytes [15:51 23/03/2017] [15:51 23/03/2017] 7A3061BD3B5A5E289EC70152D25AED93
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgMonFlt.sys --a--c- 127584 bytes [15:51 23/03/2017] [15:51 23/03/2017] 9A174F0D8078BE8B58A957B71EA54386
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgRdr2.sys --a--c- 101624 bytes [15:51 23/03/2017] [15:51 23/03/2017] 9EF290906C72E024D5B6704634D8E945
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgRvrt.sys --a--c- 76688 bytes [15:51 23/03/2017] [15:51 23/03/2017] DD9399F2556BE15FB7A4CF20FE529A78
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgSnx.sys --a--c- 994592 bytes [15:51 23/03/2017] [15:51 23/03/2017] ABF8F16E2AF6D89CE5CBAE4178A91DA2
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgsp.sys --a--c- 549912 bytes [15:51 23/03/2017] [15:52 23/03/2017] 39CA7798FF17C2C3BA0743C7FCABC130
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgsp.sys.sum --a--c- 223 bytes [15:52 23/03/2017] [15:52 23/03/2017] E538471B42EBCEE02D8BADC5EDA111C3
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgStm.sys --a--c- 163512 bytes [15:51 23/03/2017] [15:51 23/03/2017] 301B4E533FE6B3BAB8642BE628BF65A8
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgvmm.sys --a--c- 338576 bytes [15:51 23/03/2017] [15:52 23/03/2017] 160DDFA2AF51C16EB2580B1F00F5381B
C:\Program Files (x86)\AVG\Antivirus\setup\Inf\x64\avgvmm.sys.sum --a--c- 223 bytes [15:52 23/03/2017] [15:52 23/03/2017] 168B8B4B891FD5B86ACCB9997F6A67BA
C:\ProgramData\Avg\Antivirus\log\AVGSvc.log --a---- 41312 bytes [15:52 23/03/2017] [15:53 23/03/2017] C79C78678AE65C1309AEB04FA677D0C0
C:\ProgramData\Avg\Antivirus\log\AvgUI.log --a---- 38429 bytes [15:52 23/03/2017] [16:08 23/03/2017] BF2B7DCA0335BCAFE9E1F4030EFAF79B
C:\ProgramData\Avg\Diag\zenBetaBug.avgdx --a---- 15360 bytes [10:55 06/03/2017] [10:55 06/03/2017] 535524B002083838CE12076D77875946
C:\ProgramData\Avg\Diag\zenBetaIdea.avgdx --a---- 640 bytes [10:55 06/03/2017] [10:55 06/03/2017] A3ECB31B307BBF0BFA48D559E19FFF96
C:\ProgramData\Avg\Subscriptions\license.avglic --a---- 534 bytes [15:52 23/03/2017] [15:52 23/03/2017] AAF32FDBD0F2F30BCBCB6AF844E50E88
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG.lnk --a---- 973 bytes [15:47 23/03/2017] [15:47 23/03/2017] 06276608A10079E20A0D770971B7CF04
C:\Users\All Users\Avg\Antivirus\log\AVGSvc.log --a---- 41312 bytes [15:52 23/03/2017] [15:53 23/03/2017] C79C78678AE65C1309AEB04FA677D0C0
C:\Users\All Users\Avg\Antivirus\log\AvgUI.log --a---- 38429 bytes [15:52 23/03/2017] [16:08 23/03/2017] BF2B7DCA0335BCAFE9E1F4030EFAF79B
C:\Users\All Users\Avg\Diag\zenBetaBug.avgdx --a---- 15360 bytes [10:55 06/03/2017] [10:55 06/03/2017] 535524B002083838CE12076D77875946
C:\Users\All Users\Avg\Diag\zenBetaIdea.avgdx --a---- 640 bytes [10:55 06/03/2017] [10:55 06/03/2017] A3ECB31B307BBF0BFA48D559E19FFF96
C:\Users\All Users\Avg\Subscriptions\license.avglic --a---- 534 bytes [15:52 23/03/2017] [15:52 23/03/2017] AAF32FDBD0F2F30BCBCB6AF844E50E88
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG\AVG.lnk --a---- 973 bytes [15:47 23/03/2017] [15:47 23/03/2017] 06276608A10079E20A0D770971B7CF04
C:\Users\lem0th\Anwendungsdaten\AVG\Antivirus\Cache\Local Storage\https_local.avg.com_0.localstorage --a---- 3072 bytes [15:53 23/03/2017] [15:53 23/03/2017] A35B7C4955FE190BCABED54D500448F5
C:\Users\lem0th\Anwendungsdaten\AVG\Antivirus\Cache\Local Storage\https_local.avg.com_0.localstorage-journal --a---- 0 bytes [15:53 23/03/2017] [15:53 23/03/2017] D41D8CD98F00B204E9800998ECF8427E
C:\Users\lem0th\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.avg.com_0.localstorage --a---- 3072 bytes [15:43 23/03/2017] [15:43 23/03/2017] E1461CAAA5E113A7097D51C4961087AB
C:\Users\lem0th\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_www.avg.com_0.localstorage-journal --a---- 0 bytes [15:43 23/03/2017] [15:43 23/03/2017] D41D8CD98F00B204E9800998ECF8427E
C:\Users\lem0th\AppData\Roaming\AVG\Antivirus\Cache\Local Storage\https_local.avg.com_0.localstorage --a---- 3072 bytes [15:53 23/03/2017] [15:53 23/03/2017] A35B7C4955FE190BCABED54D500448F5
C:\Users\lem0th\AppData\Roaming\AVG\Antivirus\Cache\Local Storage\https_local.avg.com_0.localstorage-journal --a---- 0 bytes [15:53 23/03/2017] [15:53 23/03/2017] D41D8CD98F00B204E9800998ECF8427E
C:\Windows\Prefetch\AVGDIAGEX.EXE-04A490F2.pf --a---- 8167 bytes [16:02 23/03/2017] [16:25 23/03/2017] 098149472E6B9345BA731FC797DDB411
C:\Windows\Prefetch\AVGFMWREMOVERX.EXE-E21F43CD.pf --a---- 8792 bytes [16:27 23/03/2017] [16:27 23/03/2017] B50F15AE6B8F1CFAB244A19E240881F1
C:\Windows\Prefetch\AVGOFFERTOOL.EXE-2B0CC750.pf --a---- 5606 bytes [15:45 23/03/2017] [15:45 23/03/2017] 264FDA9C47AD428FFC3A82A66D4B1CDE
C:\Windows\Prefetch\AVGSETUPX.EXE-044AB43B.pf --a---- 8358 bytes [15:53 23/03/2017] [16:08 23/03/2017] 87E1D3B598A9DDA3430A6A7ADE486991
C:\Windows\Prefetch\AVGSETUPX.EXE-3801E465.pf --a---- 20851 bytes [15:43 23/03/2017] [15:44 23/03/2017] BE54B261FDF56B0BB7B7FFC5D1F6EF3E
C:\Windows\Prefetch\AVGSETUPX.EXE-61FCA3B3.pf --a---- 25990 bytes [15:43 23/03/2017] [15:43 23/03/2017] 82BCA03C5D7981C608D0A7881A66B062
C:\Windows\Prefetch\AVGSVC.EXE-CF2D3FEE.pf --a---- 10859 bytes [15:52 23/03/2017] [15:52 23/03/2017] 6B9920078BD002D8FE794F956DED680E
C:\Windows\Prefetch\AVGSVCA.EXE-5A36D861.pf --a---- 13409 bytes [15:47 23/03/2017] [15:47 23/03/2017] 226BD3D27D87159F1F9CF4F8A8EA7149
C:\Windows\Prefetch\AVGUI.EXE-DF0AF370.pf --a---- 17729 bytes [15:53 23/03/2017] [16:08 23/03/2017] 71103348F34984DED6653155413A18B5
C:\Windows\Prefetch\AVGUI.EXE-DF0AF371.pf --a---- 25383 bytes [15:53 23/03/2017] [16:05 23/03/2017] B016B5EAB9C04E30CA43C397B46718A0
C:\Windows\Prefetch\AVGUI.EXE-DF0AF378.pf --a---- 18512 bytes [15:54 23/03/2017] [15:54 23/03/2017] 682AC86B91FD62DD05A582150C1930C4
C:\Windows\Prefetch\AVGUIRNA.EXE-AFA97C73.pf --a---- 4234 bytes [16:12 23/03/2017] [16:12 23/03/2017] 990D5D5396E956C9304394525A1CD5E2
C:\Windows\Prefetch\AVGUIX.EXE-2DA2A5B6.pf --a---- 18925 bytes [15:47 23/03/2017] [16:13 23/03/2017] 64A5EE3927CAFD6472E8801C31CB0AF5
C:\Windows\Prefetch\AVGUIX.EXE-2DA2A5B7.pf --a---- 14538 bytes [15:53 23/03/2017] [16:20 23/03/2017] 2FD909C452E5B2297C54F868500240EE
C:\Windows\Prefetch\AVG_FREE_ANTIVIRUS_SETUP_ONLI-9F18F6FE.pf --a---- 17091 bytes [15:48 23/03/2017] [15:48 23/03/2017] 5E46CD3ED88D101A0606D3E6585201D3
C:\Windows\Prefetch\AVG_PROTECTION_FREE_1606.EXE-B3FA77FB.pf --a---- 9043 bytes [15:43 23/03/2017] [15:43 23/03/2017] 2470B1A1D42BBC8201397C9211256B5F
C:\Windows\Prefetch\AVG_REMOVER.EXE-9A1F65C6.pf --a---- 7413 bytes [16:25 23/03/2017] [16:25 23/03/2017] 67C28B0EBF61469F33A4FE86631C2D0D
C:\Windows\Prefetch\AVG_REMOVER.EXE-C20C8F97.pf --a---- 10993 bytes [16:25 23/03/2017] [16:25 23/03/2017] 4DF96BED9EF0C412E323F717D18DAB61
C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\avgntflt.cat --a-s-- 8172 bytes [19:09 23/01/2014] [08:32 18/12/2013] 2863C8AB8B4955EAACED764FA07CC212
C:\Windows\System32\drivers\avg5B4A.tmp --a---- 166136 bytes [16:05 23/03/2017] [15:51 23/03/2017] E387C5228ACA2AB16690788CF0A40DA2
C:\Windows\System32\drivers\avg5C26.tmp --a---- 311592 bytes [16:05 23/03/2017] [15:51 23/03/2017] 99EFE411CD3BBC244D80BF9BDDCD20BD
C:\Windows\System32\drivers\avg5C94.tmp --a---- 192096 bytes [16:05 23/03/2017] [15:51 23/03/2017] 185EE4B5477026A7A76FD4AF278274E7
C:\Windows\System32\drivers\avg5CB4.tmp --a---- 336920 bytes [16:05 23/03/2017] [15:51 23/03/2017] F0EF5B8656D02C92074BB96A24351EE7
C:\Windows\System32\drivers\avg5D23.tmp --a---- 50848 bytes [16:05 23/03/2017] [15:51 23/03/2017] 6F580D3E31D83CAC63B06F5BB092583D
C:\Windows\System32\drivers\avg5E1E.tmp --a---- 994592 bytes [16:05 23/03/2017] [15:51 23/03/2017] ABF8F16E2AF6D89CE5CBAE4178A91DA2
C:\Windows\System32\drivers\avg5E4E.tmp --a---- 101624 bytes [16:05 23/03/2017] [15:51 23/03/2017] 9EF290906C72E024D5B6704634D8E945
C:\Windows\System32\drivers\avg5F1A.tmp --a---- 39288 bytes [16:05 23/03/2017] [15:51 23/03/2017] 7A3061BD3B5A5E289EC70152D25AED93
C:\Windows\System32\drivers\avg5F4A.tmp --a---- 127584 bytes [16:05 23/03/2017] [15:51 23/03/2017] 9A174F0D8078BE8B58A957B71EA54386
C:\Windows\System32\drivers\avg5F6A.tmp --a---- 76688 bytes [16:05 23/03/2017] [15:51 23/03/2017] DD9399F2556BE15FB7A4CF20FE529A78
C:\Windows\System32\drivers\avg5F8A.tmp --a---- 549912 bytes [16:05 23/03/2017] [15:52 23/03/2017] 39CA7798FF17C2C3BA0743C7FCABC130
C:\Windows\System32\drivers\avg5FAA.tmp --a---- 338576 bytes [16:05 23/03/2017] [15:52 23/03/2017] 160DDFA2AF51C16EB2580B1F00F5381B
C:\Windows\System32\drivers\avg6086.tmp --a---- 163512 bytes [16:05 23/03/2017] [15:51 23/03/2017] 301B4E533FE6B3BAB8642BE628BF65A8
C:\Windows\System32\drivers\avgsp.sys.149028434432802 --a---- 548888 bytes [15:52 23/03/2017] [15:51 23/03/2017] A9E2160B9B2BA26E3E80A9E0BBBB34B6
C:\Windows\System32\drivers\avgsp.sys.149028435300008 --a---- 549912 bytes [15:52 23/03/2017] [15:52 23/03/2017] C67B1C3B5DF55A5CFA5766B8A63AF6C1
C:\Windows\System32\drivers\avgvmm.sys.149028434823405 --a---- 338576 bytes [15:52 23/03/2017] [15:51 23/03/2017] F6559A90B53F5E1C4E9815009E317DC8
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] FDD064670840085C3CD6AC2AF7A13541
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae.manifest --a---- 23787 bytes [15:46 23/03/2017] [15:46 23/03/2017] 09C51E9C558F46B5C3861091F596B1D5
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_627b1bcdde7f1391.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] EDBFFC83A7D73D56301CF8FEE70B310F
C:\Windows\WinSxS\Manifests\amd64_avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_627b1bcdde7f1391.manifest --a---- 1232 bytes [15:46 23/03/2017] [15:46 23/03/2017] 14D186476F29904740D22D5E55F471CD
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_8de82b78e2a2735c.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] C30B6E21C294B2B726B8C5E1CD84E427
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_8de82b78e2a2735c.manifest --a---- 760 bytes [15:46 23/03/2017] [15:46 23/03/2017] DE8627B01679AE8DD1FE1E1788A4833B
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_866945aee770f03f.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] ED76F8CB03A373452E04632AB24E9B49
C:\Windows\WinSxS\Manifests\amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_866945aee770f03f.manifest --a---- 760 bytes [15:46 23/03/2017] [15:46 23/03/2017] D9557EFAFC8BE28F1723A4E8D4621693
C:\Windows\WinSxS\Manifests\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] 9346F4EB14E49DD576B640AF025A195E
C:\Windows\WinSxS\Manifests\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4.manifest --a---- 23785 bytes [15:46 23/03/2017] [15:46 23/03/2017] E2A12FE7FD477AC517B9E72F58AEE6F2
C:\Windows\WinSxS\Manifests\x86_avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_aa2852a4f2fb3c97.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] 1A5755A24D564245E44096215C653F88
C:\Windows\WinSxS\Manifests\x86_avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_aa2852a4f2fb3c97.manifest --a---- 1228 bytes [15:46 23/03/2017] [15:46 23/03/2017] E7691E36186B77B9DCDBF4C06CB1F896
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_d595624ff71e9c62.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] 27E374BF6520DBE2AF4380D362DF8D0A
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_d595624ff71e9c62.manifest --a---- 756 bytes [15:46 23/03/2017] [15:46 23/03/2017] 6342CB897077FD8DF40F13DB6D8D0BF5
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_ce167c85fbed1945.cat --a---- 18714 bytes [15:46 23/03/2017] [15:46 23/03/2017] 3A07DB3E03AAAFCE853A76AB1D7A6F57
C:\Windows\WinSxS\Manifests\x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_ce167c85fbed1945.manifest --a---- 756 bytes [15:46 23/03/2017] [15:46 23/03/2017] 88A05937C567E3E5540A3C469AECAED4
========== folderfind ==========
Searching for "*AVG*"
C:\AVG_Remover d------ [16:25 23/03/2017]
C:\Program Files (x86)\AVG d------ [15:45 23/03/2017]
C:\Program Files (x86)\AVG\Antivirus\AvgUiPlugin d------ [15:51 23/03/2017]
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.crt d----c- [15:51 23/03/2017]
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\avg.vc140.mfc d----c- [15:51 23/03/2017]
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.crt d----c- [15:51 23/03/2017]
C:\Program Files (x86)\AVG\Antivirus\setup\CRT\data\policy.14.0.avg.vc140.mfc d----c- [15:51 23/03/2017]
C:\ProgramData\Avg d------ [15:43 23/03/2017]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG d------ [15:47 23/03/2017]
C:\Users\All Users\Avg d------ [15:43 23/03/2017]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\AVG d------ [15:47 23/03/2017]
C:\Users\lem0th\Anwendungsdaten\AVG d------ [15:53 23/03/2017]
C:\Users\lem0th\AppData\Local\Avg d------ [15:43 23/03/2017]
C:\Users\lem0th\AppData\Local\Temp\_avg_ d------ [15:52 23/03/2017]
C:\Users\lem0th\AppData\Roaming\AVG d------ [15:53 23/03/2017]
C:\Windows\Temp\avg_ash2 d------ [15:53 23/03/2017]
C:\Windows\Temp\_avg_ d------ [15:52 23/03/2017]
C:\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae d------ [15:46 23/03/2017]
C:\Windows\WinSxS\amd64_avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_627b1bcdde7f1391 d------ [15:46 23/03/2017]
C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_b1a7386eee2cbfb4 d------ [15:46 23/03/2017]
C:\Windows\WinSxS\x86_avg.vc140.mfc_f92d94485545da78_14.0.24210.0_none_aa2852a4f2fb3c97 d------ [15:46 23/03/2017]
========== regfind ==========
Searching for "AVG"
[HKEY_CURRENT_USER\SOFTWARE\AVG]
[HKEY_CURRENT_USER\SOFTWARE\AVG\AVG Browser Cleanup]
[HKEY_CURRENT_USER\SOFTWARE\AVG\Avgdiag]
[HKEY_CURRENT_USER\SOFTWARE\AVG Web TuneUp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avg]
[HKEY_CURRENT_USER\SOFTWARE\paint.net]
"File/MostRecent/Thumbnail1"="iVBORw0KGgoAAAANSUhEUgAAADoAAAA6CAYAAADhu0ooAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAALWSURBVGhD7ZZrkuIwDIS5wRyFI8y9SYAkwIEIkCeQ1SdHwZsBprb2186qq1S2jFtS23KKhcPhcDgcDofD4XA4HA6Hw+Fw/Bx8iC3FPn+ooQ2Ni+V2ux3e2Rz3+32cBTzjxPYMcYxnnNjmgPuMn+f5VyuKYRS7+DwcDsM2y4a9jJmMcRJsjuvt9teFXq/X0Qv8/X7/hWc2x03yYwbbhzCbbzabIUmSIZM1NKpQkqRpOqxWiSQU0eNmMxCf4p8KjfdaHBPKnD3vhM75sVDjY7FQ9KzXa12LhD7E6e3KuNvtZMx0I8HqphmqqtK5CSVZ13XDTorM80I7ohAeXE7S4lR1rfuxru81Vi9C8XvxaS+rQblZrp1V6Ppec5iopmmHtu2mGqiJnHCpFR4iMVt7K5QNnAgiTFArxmhJGimY39hDN8Cxk6RgCmBOcXDYW9eN8hB6kxj4K2kxezZaqHAQiFBakMMAxOCQMIvHb1av1YyZnm+FkkhPWnyC0WoURnCS4HOyAKFwtAvGYpkTY7PZBg78cdSbjHzjUlQYww0XBbebaQ7wiBFEml/AkVrZSwy6yeylUIo2AiedJKkGK8sy3KAUqScr7cg6sPdFkXBjoaybMLsFYEIxy0tOngt56QxudC6UWBi8vr8Op9NJ98e3OLenQjkd2sVuiWQWvKrqqdi2lbcibcz6K6Hms2fqCuHiMzcfLjWwl3z43NBcKDGsFurouuCHnI8P0dwmoRYg3FR4d7bGmwwFhNaiABOgvhi3A+DDgU97UQhz28cBTk9ChKkvT4Mu4XYm8eSV/HCNb08C8eS3tiYWeeG9ggldHqUtj8ejWKkCwf
[HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdi]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdi]
"Content Type"="AvgDiagExFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdi\shell\FmwAvgDiExOpen]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdi\shell\FmwAvgDiExOpen]
@="Open AVG diag file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdi\shell\FmwAvgDiExOpen\command]
@=""C:\Program Files (x86)\AVG\Framework\1\avgdiagex.exe" /FILE="%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx]
"Content Type"="AvgDiagExFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx\shell\FmwAvgDxExOpen]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx\shell\FmwAvgDxExOpen]
@="Open AVG diag file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx\shell\FmwAvgDxExOpen\command]
@=""C:\Program Files (x86)\AVG\Framework\1\avgdiagex.exe" /FILE="%1" /UI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AvgPersistentStorage]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7E6B353-129C-43BE-86A5-1041305A828C}]
"HwIdAvg"="d00cb75301e247cfbf72d16d67550644-07f8905a36838d6e0415a2817090d0dec0976ffe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07E577C8197A8AD4CB3CA67B31F64448\SourceList]
"LastUsedSource"="n;1;C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\07E577C8197A8AD4CB3CA67B31F64448\SourceList\Net]
"1"="C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A91FFE89BA03B4E49B340FB6C136BE8F\SourceList]
"LastUsedSource"="n;1;C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A91FFE89BA03B4E49B340FB6C136BE8F\SourceList\Net]
"1"="C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Defender\AvgCPULoadFactor]
"RegValueNameRedirect"="AvgCPULoadFactor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\avguard.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\Framework\Common\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\Framework\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\Framework\1\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG\log\fmw1\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG\log\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\Zen\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Avg\log\zen1\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Avg\Diag\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\Zen\3rd_party\licenses\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\Zen\3rd_party\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07E577C8197A8AD4CB3CA67B31F64448\InstallProperties]
"InstallSource"="C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07E577C8197A8AD4CB3CA67B31F64448\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AE8DC971BED2854E914684322B3CD4D\Features]
"gm_Root"="IpDkHDYyO%r6z0'A7Dc'A6-M3,!4'*xctqqD`h&RjrS=Gd@7FTFt=yAu(J2Ab73K[izFW5fu25z_uM`cBSzpWqf*d.,rSofdDfrRlAzP[TcS=^(jwPLIn'T*nC!r*0DWD1M~&h1lxpRCZ$=~AAB1=QtRW-_Tt)-A8KI$mLz44@SKp5W4xwJYQlm.ZpOO~dj6cF-t=lafcx}ct+1GcJ{[]2_x7EQ.H6Yc8B31$PFX]P(c=!+tE@NT4Kq@1F{s36@F+tpLNx_Dz!O?@z?Bfuep0,k+o,dt$a@sW=%TprKdgShE[FAY@6zI[TY29=2-HTTV%R~1LxHEHAUgM34y[VnGv'n`y68'GWHnKd6VOY1@lb1JljuFtH0AYnQO3K_Sw4Y]d@@1Jx_AaO@=swevYtHjACx=~znTomu%~YYAcw$tNd8^5_5uzAFS@G&4$a'JQ2*!?+DobZ%cQ(oDPo~Ikgk'JL+_=t`R.qF?*V})]^tI1NEwLR$nhcv$D)*&E6L*lXunYMew,Dca!3X1INo+p@wg3KQiS0)AkV?kN`Q*wQ@r$!1iOy0RucGHSP=oxy@]$o=bo!Fzw.e$]MqL9D~gzV0dGk)593`Q,udx?9Co=[sWBt!D{DX.AF8'pNX=*?NL80]tCR?)=eB^ENK16x2d4ozH5Ac1-@ut+-4q{4OvUo+tt1a(nl9ILdK@^2WU9O_(!srU@*SPpqHSlJgYF@PkOSaOo!Nz)m.t)(9i_fY6d!^roYC[&)qMTL9+c8YVWZnleY`*Gud.gT]fleX.aSf7DrNKo'diy@8u=TzXLR?nlvc2vNk}{_G+-l0wzZxm85]I2kLf_DRFa6,DVmQMCy)}A-D%IubUg0q@'~vs9=S[%n
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AE8DC971BED2854E914684322B3CD4D\Features]
"gm_Langpack_Basis_ast"="yU4vlXGjdSkHnWiJc9C?P7D=(yHvyuIWunS6a3VTa5b1kskA5Jlfl4aqN&VWxjMyaVG5k8C}KlnMfu[=89b%C6I?5*}g&HA.&~}s0Nw%V_en`Me!8CKa6t{@Iph3.8%JFq*.D[B=JnP0oZr=NKaZnV+7+z!H7}4A5UXdl]~Zm%@eJAzA''K!,B2CoK*C=flR&UNEX$dm%S$XpLQxy4&m$%i^2GDJAMOAeuz7LH.v@psHv4~W_D?K%5zwxXP4MLrQ?Tl!IjnQ91PGI0}XS?RU_d*E`1aUCWEeE`y.YKD'i_1-pd$=skMp?9G2YKXwL*Kd6uW?1u~h8d5Vud(VVdw`84[mGUIV(ZSUlgHC_{'t2Bw(ZU^DwOPC-jmHPHFJvIEmUGx~3l&,,e*zPQv`vffPNjJ^+e^Wm1_HQ]d&QVNZHXU'{.1-_d.TYbwzTN^@,z4Nx90s*81{BIHup5OVx*W,Q5P9t'bMPlgK!FZxhj=.!)So*2VnzD)k~K&3y[bDy(g'EJcveUsIN~t]22z`~amvia3OZ$F@�gm_Langpack_r_ast"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AE8DC971BED2854E914684322B3CD4D\Features]
"gm_Langpack_Basis_kk"=",,2CfdAog[wg!{kt1Jd*9Lj$n5){4V5dqlm?J$e]%zdbbwPGK=@bGb54ir}EyQ5=b&7K@d81Dy_K@j~e{mPs7c'(r3EWf-z%A6V'Bh}IJ7-t&0M{gw(r0@hHG5qzQ58HI@9CA!5O`r.**J5Sz_&JUo09mf?58{=gUEay$xC8^L)i(vO9Zu=FW6P_0zWf@yBlI*yv7m~mjbKAj=$TS9-jhGR'+]]1n4^%nW-+xwJA37T'J%kQIaolb`HP?D)&$(C-uDTc!&S2rO3QgB00Ky0xr6.tKn2dE$yh?0axJz5W]wAM.E.@kzi5u(XQjLnFYJ%]db9*999_UE1nWONR.yfHM9sBf+7sQf4&Qv+!IR$G'NSz9d$pwWjc,mx2*{sZ?pQ6Jmy`T[U8x^@AH$yp(*CM?-ZBsCJ(DAyb])8]i(RkCkXo2_7vQ{21S)36u.L5jU@d[bfdAg[uL%p-{+]}Iu$Ga6w5PCSp'U-]!PYDekzZ}8t@7bX+_auY'{Er&ud`hjj7&a$oV,Of]4tJW`3]TZGY`{gaVG@N�gm_Langpack_r_kk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AE8DC971BED2854E914684322B3CD4D\Features]
"gm_Langpack_Base_kk"="S1nJA2ynL%,BO^PtfRP@c}+XV7FpS&TeaDrkVB0meG^`KMN7t3W~4?q3'XC[?5+2ac?'h)S,y,w-n+TGeMIiPLavGx!7Fvp)y~ju!!V]YNLi(lQybZ.S-F`)@%!9@]~I=AXTJ!bdNaWN9aRqmBkINe97rk$bQo8u�gm_Langpack_r_kk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AE8DC971BED2854E914684322B3CD4D\Features]
"gm_Langpack_Resource_nb"="+VD84X7'7cG$P_eQ6w6@L{`3OkXP_myB7-rZ?gnJUJZI+@@zl4n@BFQ33h.mOrs}8@=%tYH)C)C6R.CKEww85LOg2u,KAs.G&{bbq@,R,(4zlr9jiME%&~iDVK5WO86KV[NYm=UmK]910nz[!5K(`5)}_0l+@qeuvuE4wEhaI1(6``4G!STt+Ne]mho[=lFHk~Q1ZyX0nlQavw[^3HZya@1%z&tc+[TBtahDl%P`ZZx=roK?)(f+z6v_[3xvLD)4_1U9E.Hjv,n2{h(E*[u_2hI-E44J&~^NFfv~iW-$@GX[h3FGt!k!W.G_LTf2}VyX1kp=K3vHAjQ~yA*0}0RdiG~0o&Va9P`9H43Xblyem]41^%q3EFeI,IGIi+IAgvryR-lzpA0$Dw9TKwsdIeals$1qQynH{uLA5}5*%l7_$dy'L!-]$9ALKTc.ee$chuy'Df$HcjGe^8irSiBqDsJ.!+zOd8Wr$^kARC4zjj8Xym`On_cms_PHuJ7h=I]oyJeEP+{0rvQClwmIdB*36F,xw*p6(FgQyF{0jJOJn,[_WP4Oz0N!HJZ!YV~P1uJBfkmvl@)FS}BPW-0Q[3%xX,'{p-P*-8504btCCOHFnlVUrc_oEWaBxn!u0)&eMdVrIScdB!aNx5Pv2g1[1%8LAf(BM&aC.RwbP9I+,J=*mXH!%eXh7y@ySOX`Ivv12X]xAVgY=o%Yz%9k4Ot9%@t'AsS-B5ekRskKSaLxny*3Za]2)Gv]W3*4PP$3sDp%2+?CG9MCTT*UpumHm6k2YAOXIIX+Vy9C$}ow1w6d.odpGU(T)p[](et!W.O4ys7sREB208z6'^eZrbur�gm_Langpack_r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F\InstallProperties]
"InstallSource"="C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A91FFE89BA03B4E49B340FB6C136BE8F\InstallProperties]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DD0EFD1C08E15CB48B80CE0398566460\Features]
"Core"="$^uNlz0u)AL6o?SnNvn1Tji!zq2){@wN^&p*kncFYFx2HI0w`@kN!pp,[(s_3}.MQT.?x9h0V^B^bUj[y7Lkj01+IA2_&?a*Oh{U4fZI3U=$u@Zl*7zc(N0%(C%5em?9V@02?I0,+8kRkAYObf+&h8C=j[Gv!V%x+4w&PJMB}8(7'^Ts}0Izr_lng01_o9(0cu_6c^zg~l(hmqCz6?d@z1iWsG4l@!eKn]zZY9XdztD$qJsUV1~{M}.Pe?}pvnMpxIFYH{{(&{HyWAP+sx[[oB9UJWws(0byk9HVSM(i)es*oE'Nlw23.9Har*pV(9OO.Z5$ymc65=a{[CS19N@EAXbJaJeBj?6]KwQX0DuQc.Wg6*Wd99OZZDY_(WSn_8P&)oRa9?=-}=G9XZYnCwo-di~![@7zGepw}T`qNvsZN%~p!AGoOlrCwp[r6e.wzg}6R@UzR,VoX+nLmr$jv6B{3@Fr{(W~DucC3BI6vAitl8UX'+XuPr]&FiAPLk!Sp@nQx@jHbS9W[N]xk(JoI@$h_woIx9vq(i.$5hwEL9['0,!W]$ISQW0R7gw?=99g7^q4AJFry^Q!J0Cg[=Ns,urD+[s$?{?izj&`A=wmgopk%)0R)^]e6+{^7?5&Dw4@KG[V_51@9BGUy?i}8@[j')A(7gSS*KWnv=,t7GaQ^'{%{Y+hoea*&@+i3gJJYC^v,xOYfJ?jo8HGL$[Llbo6u*n}2A)ISA_q4ZC!Xlf0]PQXF4`rR@.[2qd^hp)Mt8&z4E}3'=y4+[`BQ5GQeiC(wHppe@4Q4O%u9S-B}quTCIP~~9wL)b3Zi_oJ@_XM?gL819'$W,(=ZtVAO6V@3p(Ap8y@l0=a_m).!ma$+@H(E?=ZR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"=""C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avg.vc140.crt_f92d94485545da78_none_fce6f287894868aa]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avg.vc140.mfc_f92d94485545da78_none_fd9dc69b88bfb01f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avg.vc140.crt_f92d94485545da78_none_a9ad3a99a4bbc1ec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avg.vc140.mfc_f92d94485545da78_none_aa640eada4330961]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avg.vc140.crt_f92d94485545da78_none_4494295e9dc491b0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avg.vc140.mfc_f92d94485545da78_none_454afd729d3bd925]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avg.vc140.crt_f92d94485545da78_none_f15a7170b937eaf2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avg.vc140.mfc_f92d94485545da78_none_f2114584b8af3267]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}]
"InstallSource"="C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\AVG\Subscriptions\ActiveProducts]
"AvAvg"="434ad9f5-e461-f611-8f68-d9234df9fa24"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}]
"InstallSource"="C:\WINDOWS\Temp\AvgSetup\d0032905-01e2-47cf-bf72-d16d67550644\install\fmw\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}]
"Publisher"="AVG Technologies CZ, s.r.o."
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avguniva]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avguniva]
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\AuthCookies\Live\Default\DIDC]
"Data"="ct%3D1490215090%26hashalg%3DSHA256%26bver%3D13%26appid%3DDefault%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522devicesoftware%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253ECSefnIpMQ4pVw6/oNXVC594tUNFzPtPsKHkamQXIOfmxKaYF263g7gj0vLTmZWC57nR1pzhCSPc8lU8bTSgW19zcRTURtjkfBAJTxhk0H8IzbGe7e0G1FEVojN3V5CBkf4bGPi3GcvetnDNyA4Xhq9DvhjWBTzgo6ksTUQzEbF3s9UWxXJjngT/cOHtoAj2ExeuYzxsAvzcFnwAXnP4AvwtLJG6X6dAtDQrrL7ueETkQDvvqBkVAwXpNoZhRm2BGp9lHfP2ULJ3jaZM05q5VkSLhOB/r%252Bqkmn4NVG8ZZMgs5vH86o0ba2zdShbUW/9hILQHuRafTdWCJfBc
[HKEY_USERS\S-1-5-21-624198674-977653023-2037852723-1040\SOFTWARE\AVG]
[HKEY_USERS\S-1-5-21-624198674-977653023-2037852723-1040\SOFTWARE\AVG\AVG Browser Cleanup]
[HKEY_USERS\S-1-5-21-624198674-977653023-2037852723-1040\SOFTWARE\AVG\Avgdiag]
[HKEY_USERS\S-1-5-21-624198674-977653023-2037852723-1040\SOFTWARE\AVG Web TuneUp]
[HKEY_USERS\S-1-5-21-624198674-977653023-2037852723-1040\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avg]
[HKEY_USERS\S-1-5-21-624198674-977653023-2037852723-1040\SOFTWARE\paint.net]
"File/MostRecent/Thumbnail1"="iVBORw0KGgoAAAANSUhEUgAAADoAAAA6CAYAAADhu0ooAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAALWSURBVGhD7ZZrkuIwDIS5wRyFI8y9SYAkwIEIkCeQ1SdHwZsBprb2186qq1S2jFtS23KKhcPhcDgcDofD4XA4HA6Hw+Fw/Bx8iC3FPn+ooQ2Ni+V2ux3e2Rz3+32cBTzjxPYMcYxnnNjmgPuMn+f5VyuKYRS7+DwcDsM2y4a9jJmMcRJsjuvt9teFXq/X0Qv8/X7/hWc2x03yYwbbhzCbbzabIUmSIZM1NKpQkqRpOqxWiSQU0eNmMxCf4p8KjfdaHBPKnD3vhM75sVDjY7FQ9KzXa12LhD7E6e3KuNvtZMx0I8HqphmqqtK5CSVZ13XDTorM80I7ohAeXE7S4lR1rfuxru81Vi9C8XvxaS+rQblZrp1V6Ppec5iopmmHtu2mGqiJnHCpFR4iMVt7K5QNnAgiTFArxmhJGimY39hDN8Cxk6RgCmBOcXDYW9eN8hB6kxj4K2kxezZaqHAQiFBakMMAxOCQMIvHb1av1YyZnm+FkkhPWnyC0WoURnCS4HOyAKFwtAvGYpkTY7PZBg78cdSbjHzjUlQYww0XBbebaQ7wiBFEml/AkVrZSwy6yeylUIo2AiedJKkGK8sy3KAUqScr7cg6sPdFkXBjoaybMLsFYEIxy0tOngt56QxudC6UWBi8vr8Op9NJ98e3OLenQjkd2sVuiWQWvKrqqdi2lbcibcz6K6Hms2fqCuHiMzcfLjWwl3z43NBcKDGsFurouuCHnI8P0dwmoRYg3FR4d7bGmwwFhNaiABOgvhi3A+DDgU97UQhz28cBTk9ChKkvT4Mu4XYm8eSV
-= EOF =-
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 17:35 on 23/03/2017 by lem0th
Administrator - Elevation successful
========== filefind ==========
Searching for "*Avast"
No files found.
========== folderfind ==========
Searching for "*Avast*"
C:\$RECYCLE.BIN\S-1-5-21-624198674-977653023-2037852723-1040\$RH3X5ZP\Avast d------ [15:01 23/03/2017]
C:\$RECYCLE.BIN\S-1-5-21-624198674-977653023-2037852723-1040\$RH3X5ZP\Persistent Data\Avast d------ [15:01 23/03/2017]
C:\Program Files\AVAST Software d------ [15:01 23/03/2017]
C:\Program Files\AVAST Software\Avast d------ [15:01 23/03/2017]
C:\Program Files\AVAST Software\Avast\setup\CRT\data\avast.vc140.crt d----c- [15:04 23/03/2017]
C:\Program Files\AVAST Software\Avast\setup\CRT\data\avast.vc140.mfc d----c- [15:04 23/03/2017]
C:\Program Files\AVAST Software\Avast\setup\CRT\data\policy.14.0.avast.vc140.crt d----c- [15:04 23/03/2017]
C:\Program Files\AVAST Software\Avast\setup\CRT\data\policy.14.0.avast.vc140.mfc d----c- [15:04 23/03/2017]
C:\Program Files\Common Files\AV\avast! Antivirus d------ [15:05 23/03/2017]
C:\Program Files (x86)\Common Files\AV\avast! Antivirus d------ [15:05 23/03/2017]
C:\ProgramData\AVAST Software d------ [16:22 23/03/2017]
C:\ProgramData\AVAST Software\Avast d------ [16:22 23/03/2017]
C:\ProgramData\AVAST Software\Persistent Data\Avast d------ [16:22 23/03/2017]
C:\Users\Administrator\AppData\Roaming\AVAST Software d------ [15:58 28/03/2015]
C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast d------ [15:58 28/03/2015]
C:\Users\All Users\AVAST Software d------ [16:22 23/03/2017]
C:\Users\All Users\AVAST Software\Avast d------ [16:22 23/03/2017]
C:\Users\All Users\AVAST Software\Persistent Data\Avast d------ [16:22 23/03/2017]
C:\Users\lem0th\Anwendungsdaten\AVAST Software d------ [15:06 23/03/2017]
C:\Users\lem0th\Anwendungsdaten\AVAST Software\Avast d------ [15:06 23/03/2017]
C:\Users\lem0th\AppData\Local\Temp\_avast_ d------ [15:05 23/03/2017]
C:\Users\lem0th\AppData\Roaming\AVAST Software d------ [15:06 23/03/2017]
C:\Users\lem0th\AppData\Roaming\AVAST Software\Avast d------ [15:06 23/03/2017]
C:\Windows\System32\Tasks\AVAST Software d------ [15:05 23/03/2017]
C:\Windows\Temp\_avast_ d------ [15:06 23/03/2017]
C:\Windows\WinSxS\amd64_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_d58a6d64ab65b396 d------ [17:12 19/12/2016]
C:\Windows\WinSxS\amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_56aba0211ca246c2 d------ [15:05 23/03/2017]
C:\Windows\WinSxS\x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c d------ [17:13 19/12/2016]
C:\Windows\WinSxS\x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_9e58d6f8311e6fc8 d------ [15:05 23/03/2017]
C:\Windows\WinSxS\x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_none_a338d8ea2df29efb d------ [15:05 23/03/2017]
========== regfind ==========
Searching for "Avast"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7E6B353-129C-43BE-86A5-1041305A828C}]
"HwIdAvastFull"="7504B3B60366CBE94B30222771F46867B797C694B5159D9CB278441B67BC7328"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2EA85D9B-3E57-343A-8AFA-4BDF08FD7EAC}]
@="IJavaStruct"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F42A312-5754-35EB-947D-D93BE775B522}]
@="_JavaStructMarshalHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2EA85D9B-3E57-343A-8AFA-4BDF08FD7EAC}]
@="IJavaStruct"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4F42A312-5754-35EB-947D-D93BE775B522}]
@="_JavaStructMarshalHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\AvastSvc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc110.crt_2036b14a11e83e4a_none_c373722873c01144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_avast.vc140.crt_fcc99ee6193ebbca_none_020285fe6d6e0580]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_ef17e13d91c55d96]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc110.crt_2036b14a11e83e4a_none_0b20a8ff883c3a4a]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.crt_fcc99ee6193ebbca_none_49afbcd581ea2e86]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_avast.vc140.mfc_fcc99ee6193ebbca_none_49391d6d8244622b]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.11.0.avast.vc110.crt_2036b14a11e83e4a_none_5679bb9c25dbf18d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_none_36c51814a641869c]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_none_364e78aca69bba41]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613BACD0-C821-4E63-8EA2-8D51F38BB081}]
"Path"="\AVAST Software\Avast settings backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613BACD0-C821-4E63-8EA2-8D51F38BB081}]
"Author"="AVAST Software"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{613BACD0-C821-4E63-8EA2-8D51F38BB081}]
"URI"="\AVAST Software\Avast settings backup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{948C723C-F96E-4B20-A39A-9FBCBE0F5F2F}]
"Path"="\avastBCLRestartS-1-5-21-624198674-977653023-2037852723-1003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{2EA85D9B-3E57-343A-8AFA-4BDF08FD7EAC}]
@="IJavaStruct"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{4F42A312-5754-35EB-947D-D93BE775B522}]
@="_JavaStructMarshalHelper"
-= EOF =-
|
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.