Trojaner-Board - Habe Oxy-Virus auf dem PC

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Habe Oxy-Virus auf dem PC (https://www.trojaner-board.de/151803-habe-oxy-virus-pc.html)

Habe Oxy-Virus auf dem PC

Hallo,
ich habe ein großes Problem und ich hoffe mir kann jemand helfen. Ich glaube ich habe den Oxy-Virus auf meinem PC. Malewarebytes hat bereits einige schädliche Objekte gefunden und in Quarantäne verschoben aber ich glaube der Virus ist immer noch auf meinem PC. Außerdem kann ich die Programme Oxy und PileFile reminder nicht deinstallieren :(
Ich benutze Windows 7.
Danke für Hilfe schon im Vorraus.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Paula-chan (administrator) on PAULA-CHAN-PC on 31-03-2014 21:03:10

Running from C:\Users\Paula-chan\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

() C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(APN LLC.) C:\Users\Paula-chan\AppData\Local\VNT\vntldr.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)

HKLM\...\Run: [PLFSetL] - C:\Windows\\PLFSetL.exe

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)

HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)

HKLM-x32\...\Run: [Guard.Mail.ru.gui] - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-05] ()

HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)

HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-12-11] ()

HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-19] (APN)

HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [196048 2014-03-19] (APN LLC.)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [Google+ Auto Backup] - "C:\Users\Paula-chan\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [GoogleChromeAutoLaunch_3B05FA9084BEB65019B27C284C96A728] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

Startup: C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396271007&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396271007&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396271007&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396271007&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File

URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File

URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM-x32 - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=020aa8b50000000000009439e5815d34

SearchScopes: HKCU - {2059CF48-25F3-40d7-9D37-24A3142FD20B} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=3379&q={searchTerms}&rp=&s_it=tb50-ie-opencandyDE-chromesbox-de-de

SearchScopes: HKCU - {B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD} URL = hxxp://eu.ask.com/web?l=dis&o=APN10020&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A4G &apn_uid=1957818974124355&p2=^A4G ^YYYYYY^YY^DE&q={searchTerms}

SearchScopes: HKCU - {DD0BCCE8-BE1E-4C35-A094-E580C08FC880} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=FE43DE64-0B63-4D8B-B009-91905ABDDCA7&apn_sauid=C38EB28F-B2ED-481E-9B3A-2058ECBB0847

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File

BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File

Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default

FF user.js: detected! => C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\user.js

FF NewTab: hxxp://mystart.incredibar.com/mb178?a=6OyMZv7uR0&loc=FF_NT

FF DefaultSearchEngine: Ask.com

FF SearchEngineOrder.1: Ask.com

FF SelectedSearchEngine: Ask.com

FF Homepage: hxxp://mystart.incredibar.com/mb178?a=6OyMZv7uR0&i=26

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF SearchPlugin: C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\searchplugins\askcom.xml

FF Extension: incredibar.com - C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\ffxtlbr@incredibar.com [2012-09-03]

FF Extension: Ask Toolbar - C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\toolbar@ask.com [2012-04-09]

FF Extension: DVDVideoSoftTB  - C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012-12-28]

FF Extension: uTorrentBar_DE Community Toolbar - C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012-04-30]

FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox

FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-09-03]

FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox

FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-09-03]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files (x86)\PriceGong\2.6.2\FF
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR Extension: (Ask Toolbar) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajepeddfdaihpmdgnickofffkdlpb [2014-03-31]

CHR Extension: (Theme Creator) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-03-31]

CHR Extension: (Google Docs) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31]

CHR Extension: (Google Drive) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]

CHR Extension: (YouTube) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31]

CHR Extension: (Google-Suche) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31]

CHR Extension: (AdBlock) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-31]

CHR Extension: (New tab for Chrome™) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2014-03-31]

CHR Extension: (Auto Replay for YouTube™) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-03-31]

CHR Extension: (Little Alchemy) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-03-31]

CHR Extension: (Google Wallet) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]

CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2014-03-31]

CHR Extension: (Google Mail) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31]

CHR Extension: (DVDVideoSoftTB) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo [2014-03-31]

CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-03]

CHR HKCU\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\Paula-chan\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx [2012-09-03]

CHR HKCU\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Paula-chan\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-09-03]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-09-03]

CHR HKCU\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\Paula-chan\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-12-01]

CHR HKLM-x32\...\Chrome\Extension: [aaaajepeddfdaihpmdgnickofffkdlpb] - C:\ProgramData\AskPartnerNetwork\Toolbar\FF3-V7\CRX\ToolbarCR.crx [2014-03-27]

CHR HKLM-x32\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\Paula-chan\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx [2014-03-27]

CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-09-03]

CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-09-03]

CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Paula-chan\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2012-09-03]

CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2012-12-24]

CHR HKLM-x32\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\Paula-chan\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2012-12-01]
 

==================== Services (Whitelisted) =================
 

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-19] (APN LLC.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2562208 2013-10-15] (G Data Software AG)

R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)

R2 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-02-05] ()

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

S2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2014-03-18] (G Data Software AG)

R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2014-03-18] (G Data Software AG)

R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2014-03-18] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2014-03-18] (G Data Software AG)

R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2014-03-18] (G Data Software AG)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-31] (Malwarebytes Corporation)

R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]

S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014

Ran by Paula-chan at 2014-03-31 21:02:08

Running from C:\Users\Paula-chan\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: G Data InternetSecurity 2014 (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}

AS: G Data InternetSecurity 2014 (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
 

==================== Installed Programs ======================
 

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)

Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)

Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)

Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)

Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)

Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden

Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden

AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{EA4954FD-C685-1C7D-16F3-9BC2FD5E6BD3}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)

AOL DE Toolbar (HKCU\...\AOL DE Toolbar) (Version:  - )

ArtRage Studio Pro (HKLM-x32\...\{E7C5374B-E41F-4634-9A64-7B9FF29089E9}) (Version: 3.0.7 - Ambient Design)

Ask Toolbar (HKLM-x32\...\{4646332D-5637-006A-76A7-A758B70C0A06}) (Version: 12.10.6.4917 - APN, LLC) <==== ATTENTION

Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION

Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)

AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)

Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden

Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.0 - Wacom Co., Ltd.)

Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden

Bamboo Explore (HKLM-x32\...\Bamboo Explore) (Version: 1.2010.1105.1650 - Wacom Europe GmbH)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center (x32 Version: 2011.1013.754.12275 - Ihr Firmenname) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Profiles Mobile (x32 Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Czech (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Greek (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Hungarian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Polish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Thai (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

CCC Help Turkish (x32 Version: 2011.1013.0753.12275 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2011.1013.754.12275 - Advanced Micro Devices, Inc.) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)

clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden

clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden

clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden

clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)

Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)

Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION

eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)

Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden

Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)

Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)

Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden

Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)

Fotogaléria (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)

Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)

G Data InternetSecurity 2014 (HKLM-x32\...\{7765322A-8601-47D3-AC60-B66677450D7B}) (Version: 24.0.3.4 - G Data Software AG)

Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria de Fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria fotogràfica (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galerie foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Galerija fotografija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )

Guard.ICQ (HKLM-x32\...\Guard.Mail.ru) (Version:  - Mail.ru) <==== ATTENTION

ICQ Sparberater (HKLM-x32\...\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}) (Version: 1.3.671 - solute gmbh)

ICQ7.7 (HKLM-x32\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)

Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden

Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)

LIMBO (HKLM-x32\...\LIMBO) (Version:  - )

Logitech Harmony Remote Software (x86) (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)

Madagascar (HKLM-x32\...\InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}) (Version: 1.00.0000 - Activision)

Madagascar (TM) (x32 Version: 1.00.0000 - Activision) Hidden

Madagascar 2(TM) (HKLM-x32\...\InstallShield_{F8C02517-4AC3-4026-8292-ACF23E98A7D7}) (Version: 1.00.0000 - Activision)

Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)

Manga Studio Debut 4.0 (HKLM-x32\...\Manga Studio Debut 4.0) (Version:  - )

McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden

McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Movie Studio Platinum 12.0 (HKLM-x32\...\{DC759721-1CD2-11E2-AB1C-F04DA23A5C58}) (Version: 12.0.575 - Sony)

Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{154C7340-7C70-11E3-A15F-F04DA23A5C58}) (Version: 13.0.879 - Sony)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden

MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden

MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)

NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)

NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden

OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)

osu! (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)

Oxy (HKCU\...\{9AAF2503-6CD5-414A-B5BA-37639B76C91F}) (Version:  - LADY'S WOOD 2013 LIMITED)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

Poczta usługi Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Pošta Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 r1678 - )

RE: Alistair++ 1 (HKLM-x32\...\RE: Alistair++) (Version: 1 - sakevisual)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)

Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.6.5.5 - Reimage)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden

RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)

RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)

RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden

Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.9.24 - Sony Ericsson Communications AB)

Sony PC Companion 2.10.115 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)

Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden

Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden

VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)

Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)

Web Assistant 2.0.0.604 (HKLM\...\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1) (Version: 2.0.0.604 - IncrediBar) <==== ATTENTION

WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)

WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)

WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)

WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)

Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)

WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 16.4.3508.0205 - společnost Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3508.0205 - společnost Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 16.4.3508.0205 - Корпорация Майкрософт) Hidden

Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Temel Parçalar (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live 程式集 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Liven peruspaketti (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Liven sähköposti (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

Yume Nikki 0.10 English v3 (HKCU\...\Yume Nikki 0.10 English v3) (Version:  - )

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Основные компоненты Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Почта Windows Live (x32 Version: 16.4.3508.0205 - Корпорация Майкрософт) Hidden

Фотоальбом (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Фотогалерия (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Фотографии (общедоступная версия) (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

גלריית התמונות (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

بريد Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

معرض الصور (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

28-02-2014 15:38:23 Windows Update

07-03-2014 21:13:30 Windows Update

11-03-2014 15:42:23 Windows Update

15-03-2014 13:47:39 Windows Update

18-03-2014 21:46:41 Windows Update

23-03-2014 13:48:00 Installed GTA2

25-03-2014 08:40:28 Windows Update

27-03-2014 20:26:31 Removed Movie Studio Platinum 13.0 (64-bit)

28-03-2014 15:27:22 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {05702E51-CEE3-4CD5-A274-0AD9DE2B987D} - System32\Tasks\AdobeAAMUpdater-1.0-Paula-chan-PC-Paula-chan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)

Task: {212763EE-95DF-40D8-86CF-643071D649DE} - System32\Tasks\{C8E74612-CA1A-4743-BF08-47BCED463146} => C:\Users\Paula-chan\Desktop\Keygen by TheSoulboy12\Keygen by thesoulboy12\Keygen.exe

Task: {23E74613-2D58-4CB6-8177-6CDD5EAAF562} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1307518205-1141766383-1528977106-1000

Task: {5380924A-D158-4140-B24A-20F1DDC1D25A} - System32\Tasks\{FB772E16-6194-48F6-8C13-C02D2712B5B4} => C:\Users\Paula-chan\Desktop\Keygen by TheSoulboy12\Keygen by thesoulboy12\Keygen.exe

Task: {5A6D64D4-1419-4E8E-AB24-F01AB815E432} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)

Task: {6B8D3FFA-1BA0-49C8-9C92-E445B414B218} - System32\Tasks\PileFile logon => C:\Users\PAULA-~1\AppData\Local\Temp\Goat Simulator InstallerDownload_4AB6\Goat_Simulator_Installer_Downloader.exe [2014-03-31] () <==== ATTENTION

Task: {7F9C2F47-78DB-4847-8642-7B57AF208834} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION

Task: {9F067AEB-E4A4-4646-909A-9C80AE6E8980} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)

Task: {A315615E-8157-46FA-98D4-2B8E15DB4094} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-01-03] () <==== ATTENTION

Task: {B59A8E32-8CDA-495E-8908-28CC594430C6} - System32\Tasks\Oxy => C:\Users\Paula-chan\AppData\Roaming\Oxy\Updater.exe [2014-03-31] () <==== ATTENTION

Task: {BEF45BAF-D4C0-450B-AF37-D7CC9006AC11} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)

Task: {C6B564D2-90C6-4A4D-9B24-AAFD07B2234D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-09] (Google Inc.)

Task: {C70C6581-772E-442C-AB0A-92FDDA52F5C2} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)

Task: {E47BB288-775E-4D62-9C79-DF92D4B3DB37} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)

Task: {ED7E3F1B-0E16-4CFC-A362-FE930D249661} - System32\Tasks\PileFile reminder => C:\Users\PAULA-~1\AppData\Local\Temp\Goat Simulator InstallerDownload_4AB6\Goat_Simulator_Installer_Downloader.exe [2014-03-31] () <==== ATTENTION

Task: {F366D71F-854C-46E8-B510-74B8CCBBAEAE} - System32\Tasks\{F452B5D8-347B-4F23-92E7-35758CD66B08} => C:\Users\Paula-chan\Desktop\Keygen by TheSoulboy12\Keygen by thesoulboy12\Keygen.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-02-05 15:22 - 2012-02-05 15:22 - 01564368 _____ () C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe

2013-08-14 10:31 - 2013-08-14 10:31 - 00335312 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll

2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll

2012-06-25 17:27 - 2012-12-11 14:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll

2011-10-20 11:00 - 2011-08-09 01:44 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-09-27 05:45 - 2012-12-11 20:15 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

2012-11-04 16:25 - 2012-11-04 16:25 - 00041160 _____ () C:\Program Files\Rainmeter\Rainmeter.exe

2012-11-04 16:25 - 2012-11-04 16:25 - 00736968 _____ () C:\Program Files\Rainmeter\Rainmeter.dll

2012-11-04 16:22 - 2012-11-04 16:22 - 00026624 _____ () C:\Program Files\Rainmeter\Plugins\InputText.dll

2012-11-04 16:23 - 2012-11-04 16:23 - 00020480 _____ () C:\Program Files\Rainmeter\Plugins\WiFiStatus.DLL

2012-11-04 16:23 - 2012-11-04 16:23 - 00025088 _____ () C:\Program Files\Rainmeter\Plugins\QuotePlugin.DLL

2011-10-13 08:52 - 2011-10-13 08:52 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-03-14 15:21 - 2011-03-14 15:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll

2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll

2011-08-24 19:03 - 2011-08-24 19:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

2011-01-17 17:19 - 2012-02-18 19:41 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2014-02-19 19:10 - 2014-02-19 19:10 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll

2011-10-20 10:18 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

2014-03-31 19:55 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll

2014-03-31 19:55 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll

2014-03-31 19:55 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll

2014-03-31 19:55 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

2014-03-31 19:55 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

2014-03-31 19:55 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/31/2014 07:45:16 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 07:41:46 PM) (Source: Application Hang) (User: )

Description: Programm chrome.exe, Version 33.0.1750.154 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 1dc8
 

Startzeit: 01cf4d084875d9f4
 

Endzeit: 3
 

Anwendungspfad: C:\Users\Paula-chan\AppData\Local\Google\Chrome\Application\chrome.exe
 

Berichts-ID: ac385cdd-b8fb-11e3-bc44-dc0ea11b19b4
 

Error: (03/31/2014 06:52:19 PM) (Source: CVHSVC) (User: )

Description: Nur zur Information.

(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

Error: (03/31/2014 06:42:38 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:48:01 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:39:22 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:38:08 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: avkcks.exe, Version: 1.0.0.1, Zeitstempel: 0x46c04a9c

Name des fehlerhaften Moduls: avkcks.exe, Version: 1.0.0.1, Zeitstempel: 0x46c04a9c

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00001674

ID des fehlerhaften Prozesses: 0x590

Startzeit der fehlerhaften Anwendung: 0xavkcks.exe0

Pfad der fehlerhaften Anwendung: avkcks.exe1

Pfad des fehlerhaften Moduls: avkcks.exe2

Berichtskennung: avkcks.exe3
 

Error: (03/31/2014 03:35:06 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:16:48 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:14:02 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

System errors:

=============

Error: (03/31/2014 07:47:49 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "1%" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (03/31/2014 06:44:55 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "1%" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (03/31/2014 06:42:10 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "IePlugin Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (03/31/2014 03:50:40 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "1%" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (03/31/2014 03:47:18 PM) (Source: BugCheck) (User: )

Description: 0x000000f4 (0x0000000000000003, 0xfffffa80080b6b30, 0xfffffa80080b6e10, 0xfffff80002bcf7b0)C:\Windows\MEMORY.DMP033114-31808-01
 

Error: (03/31/2014 03:47:10 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "IePlugin Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%2
 

Error: (03/31/2014 03:42:48 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B68-F52A-11D8-B9A5-505054503030}
 

Error: (03/31/2014 03:38:28 PM) (Source: DCOM) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 

Error: (03/31/2014 03:38:28 PM) (Source: DCOM) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 

Error: (03/31/2014 03:38:24 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 

%%1068
 
 

Microsoft Office Sessions:

=========================

Error: (03/31/2014 07:45:16 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 07:41:46 PM) (Source: Application Hang)(User: )

Description: chrome.exe33.0.1750.1541dc801cf4d084875d9f43C:\Users\Paula-chan\AppData\Local\Google\Chrome\Application\chrome.exeac385cdd-b8fb-11e3-bc44-dc0ea11b19b4
 

Error: (03/31/2014 06:52:19 PM) (Source: CVHSVC)(User: )

Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

Error: (03/31/2014 06:42:38 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:48:01 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:39:22 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:38:08 PM) (Source: Application Error)(User: )

Description: avkcks.exe1.0.0.146c04a9cavkcks.exe1.0.0.146c04a9cc00000050000167459001cf4ce66ad813d0c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exec:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exeb1957c5c-b8d9-11e3-bd08-dc0ea11b19b4
 

Error: (03/31/2014 03:35:06 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:16:48 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (03/31/2014 03:14:02 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 46%

Total physical RAM: 5995.86 MB

Available physical RAM: 3229.58 MB

Total Pagefile: 11989.9 MB

Available Pagefile: 8433.3 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:268.07 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 12F8515A)

Partition 1: (Not Active) - (Size=16 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich hoffe ich habe es richtig gemacht :)

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Danke für die Hilfe, habe alles gemacht.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 01.04.2014

Suchlauf-Zeit: 15:46:06

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.0.1000

Malware Datenbank: v2014.04.01.02

Rootkit Datenbank: v2014.03.27.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Paula-chan
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 279464

Verstrichene Zeit: 1 Std, 19 Min, 6 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

# AdwCleaner v3.023 - Bericht erstellt am 01/04/2014 um 16:20:28

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzername : Paula-chan - PAULA-CHAN-PC

# Gestartet von : C:\Users\Paula-chan\Downloads\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : APNMCP
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\apn

Ordner Gelöscht : C:\ProgramData\Ask

Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar

Ordner Gelöscht : C:\ProgramData\WPM

Ordner Gelöscht : C:\Program Files (x86)\Ask.com

Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork

Ordner Gelöscht : C:\Program Files (x86)\Conduit

Ordner Gelöscht : C:\Program Files (x86)\Perion

Ordner Gelöscht : C:\Program Files (x86)\SearchProtect

Ordner Gelöscht : C:\Program Files (x86)\Common Files\337

Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility

Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

Ordner Gelöscht : C:\Program Files\Web Assistant

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Local\Babylon

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Local\Conduit

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Local\SearchProtect

Ordner Gelöscht : C:\Users\PAULA-~1\AppData\Local\Temp\apn

Ordner Gelöscht : C:\Users\PAULA-~1\AppData\Local\Temp\AskSearch

Ordner Gelöscht : C:\Users\PAULA-~1\AppData\Local\Temp\BabylonToolbar

Ordner Gelöscht : C:\Users\PAULA-~1\AppData\Local\Temp\boost_interprocess

Ordner Gelöscht : C:\Users\PAULA-~1\AppData\Local\Temp\Desk365

Ordner Gelöscht : C:\Users\PAULA-~1\AppData\Local\Temp\OCS

Ordner Gelöscht : C:\Users\Paula-chan\AppData\LocalLow\AskToolbar

Ordner Gelöscht : C:\Users\Paula-chan\AppData\LocalLow\Conduit

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\dvdvideosoftiehelpers

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Oxy

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\SupTab

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\ConduitCommon

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Smartbar

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\CT2851647

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\ffxtlbr@incredibar.com

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\Extensions\toolbar@ask.com

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Ordner Gelöscht : C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo

[!] Ordner Gelöscht : C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo

[!] Ordner Gelöscht : C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo

Datei Gelöscht : C:\END

Datei Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\searchplugins\Askcom.xml

Datei Gelöscht : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\user.js

Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\Paula-chan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD8812D4-E5B8-41C6-94D4-59872A484BF1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022342291}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033343391}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD8812D4-E5B8-41C6-94D4-59872A484BF1}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD8812D4-E5B8-41C6-94D4-59872A484BF1}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CD8812D4-E5B8-41C6-94D4-59872A484BF1}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Schlüssel Gelöscht : HKCU\Software\APN DTX

Schlüssel Gelöscht : HKCU\Software\APN

Schlüssel Gelöscht : HKCU\Software\Ask.com

Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork

Schlüssel Gelöscht : HKCU\Software\Conduit

Schlüssel Gelöscht : HKCU\Software\Cr_Installer

Schlüssel Gelöscht : HKCU\Software\Escolade

Schlüssel Gelöscht : HKCU\Software\IM

Schlüssel Gelöscht : HKCU\Software\ImInstaller

Schlüssel Gelöscht : HKCU\Software\OCS

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar

Schlüssel Gelöscht : HKLM\Software\APN

Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\Software\Conduit

Schlüssel Gelöscht : HKLM\Software\Desksvc

Schlüssel Gelöscht : HKLM\Software\hdcode

Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar

Schlüssel Gelöscht : HKLM\Software\supTab

Schlüssel Gelöscht : HKLM\Software\supWPM

Schlüssel Gelöscht : HKLM\Software\Uniblue

Schlüssel Gelöscht : HKLM\Software\V9

Schlüssel Gelöscht : HKLM\Software\Web Assistant

Schlüssel Gelöscht : HKLM\Software\Wpm

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.16521
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 

-\\ Mozilla Firefox v
 

[ Datei : C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default\prefs.js ]
 

Zeile gelöscht : user_pref("CT2269050.FirstTime", "true");

Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");

Zeile gelöscht : user_pref("CT2269050.UserID", "UN80019814975569787");

Zeile gelöscht : user_pref("CT2269050.autoDisableScopes", 0);

Zeile gelöscht : user_pref("CT2269050.fixUrls", true);

Zeile gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");

Zeile gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");

Zeile gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");

Zeile gelöscht : user_pref("CT2269050.settingsINI", true);

Zeile gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");

Zeile gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");

Zeile gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");

Zeile gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");

Zeile gelöscht : user_pref("CT2851647..clientLogIsEnabled", false);

Zeile gelöscht : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

Zeile gelöscht : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

Zeile gelöscht : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Zeile gelöscht : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Zeile gelöscht : user_pref("CT2851647.CTID", "CT2851647");

Zeile gelöscht : user_pref("CT2851647.CurrentServerDate", "22-11-2012");

Zeile gelöscht : user_pref("CT2851647.DSChangedManually", false);

Zeile gelöscht : user_pref("CT2851647.DSInstall", true);

Zeile gelöscht : user_pref("CT2851647.DialogsAlignMode", "LTR");

Zeile gelöscht : user_pref("CT2851647.DialogsGetterLastCheckTime", "Thu Nov 22 2012 20:42:48 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.DownloadReferralCookieData", "");

Zeile gelöscht : user_pref("CT2851647.EMailNotifierPollDate", "Thu Nov 22 2012 20:42:45 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedLastCount2532783744689806690", 213);

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156812186649977", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156813040823546", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156813130095866", "Thu Nov 22 2012 20:42:46 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156813224203613", "Thu Nov 22 2012 20:42:46 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156813230837251", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156813454291735", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156813729834876", "Thu Nov 22 2012 20:42:46 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156813860870021", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156814264681793", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156814863075366", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedPollDate2429156815257761081", "Thu Nov 22 2012 20:42:46 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.FeedTTL2429156813040823546", 15);

Zeile gelöscht : user_pref("CT2851647.FeedTTL2429156813130095866", 10);

Zeile gelöscht : user_pref("CT2851647.FeedTTL2429156813454291735", 5);

Zeile gelöscht : user_pref("CT2851647.FeedTTL2429156814264681793", 5);

Zeile gelöscht : user_pref("CT2851647.FirstServerDate", "27-5-2012");

Zeile gelöscht : user_pref("CT2851647.FirstTime", true);

Zeile gelöscht : user_pref("CT2851647.FirstTimeFF3", true);

Zeile gelöscht : user_pref("CT2851647.FixPageNotFoundErrors", true);

Zeile gelöscht : user_pref("CT2851647.GroupingServerCheckInterval", 1440);

Zeile gelöscht : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Zeile gelöscht : user_pref("CT2851647.HPInstall", true);

Zeile gelöscht : user_pref("CT2851647.HasUserGlobalKeys", true);

Zeile gelöscht : user_pref("CT2851647.HomePageProtectorEnabled", true);

Zeile gelöscht : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://mystart.incredibar.com/mb178?a=6OyMZv7uR0&i=26");

Zeile gelöscht : user_pref("CT2851647.Initialize", true);

Zeile gelöscht : user_pref("CT2851647.InitializeCommonPrefs", true);

Zeile gelöscht : user_pref("CT2851647.InstallationAndCookieDataSentCount", 3);

Zeile gelöscht : user_pref("CT2851647.InstallationId", "fftEB5A.tmp.exe");

Zeile gelöscht : user_pref("CT2851647.InstallationType", "XPE");

Zeile gelöscht : user_pref("CT2851647.InstalledDate", "Sun May 27 2012 19:51:05 GMT+0200");

Zeile gelöscht : user_pref("CT2851647.IsAlertDBUpdated", true);

Zeile gelöscht : user_pref("CT2851647.IsGrouping", false);

Zeile gelöscht : user_pref("CT2851647.IsInitSetupIni", true);

Zeile gelöscht : user_pref("CT2851647.IsMulticommunity", false);

Zeile gelöscht : user_pref("CT2851647.IsOpenThankYouPage", true);

Zeile gelöscht : user_pref("CT2851647.IsOpenUninstallPage", false);

Zeile gelöscht : user_pref("CT2851647.IsProtectorsInit", true);

Zeile gelöscht : user_pref("CT2851647.LanguagePackLastCheckTime", "Thu Nov 22 2012 20:42:48 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);

Zeile gelöscht : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");

Zeile gelöscht : user_pref("CT2851647.LastLogin_3.12.0.8", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.LatestVersion", "3.16.0.3");

Zeile gelöscht : user_pref("CT2851647.Locale", "de");

Zeile gelöscht : user_pref("CT2851647.MCDetectTooltipHeight", "83");

Zeile gelöscht : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Zeile gelöscht : user_pref("CT2851647.MCDetectTooltipWidth", "295");

Zeile gelöscht : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);

Zeile gelöscht : user_pref("CT2851647.OriginalFirstVersion", "3.12.0.8");

Zeile gelöscht : user_pref("CT2851647.SavedHomepage", "hxxp://de.ask.com/?l=dis&o=1586&gct=hp");

Zeile gelöscht : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");

Zeile gelöscht : user_pref("CT2851647.SearchEngineBeforeUnload", "Ask.com");

Zeile gelöscht : user_pref("CT2851647.SearchFromAddressBarIsInit", true);

Zeile gelöscht : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=");

Zeile gelöscht : user_pref("CT2851647.SearchInNewTabEnabled", true);

Zeile gelöscht : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);

Zeile gelöscht : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Thu Nov 22 2012 20:42:44 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

Zeile gelöscht : user_pref("CT2851647.SearchProtectorEnabled", true);

Zeile gelöscht : user_pref("CT2851647.SearchProtectorToolbarDisabled", false);

Zeile gelöscht : user_pref("CT2851647.SendProtectorDataViaLogin", true);

Zeile gelöscht : user_pref("CT2851647.ServiceMapLastCheckTime", "Thu Nov 22 2012 20:42:45 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.SettingsLastCheckTime", "Thu Nov 22 2012 20:42:43 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.SettingsLastUpdate", "1352142245");

Zeile gelöscht : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");

Zeile gelöscht : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);

Zeile gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Thu Nov 22 2012 20:42:43 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1331806000");

Zeile gelöscht : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);

Zeile gelöscht : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");

Zeile gelöscht : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]

Zeile gelöscht : user_pref("CT2851647.UserID", "UN63200146362813212");

Zeile gelöscht : user_pref("CT2851647.WeatherNetwork", "");

Zeile gelöscht : user_pref("CT2851647.WeatherPollDate", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.WeatherUnit", "C");

Zeile gelöscht : user_pref("CT2851647.alertChannelId", "1243681");

Zeile gelöscht : user_pref("CT2851647.autoDisableScopes", 0);

Zeile gelöscht : user_pref("CT2851647.backendstorage.cbcountry_000", "4445");

Zeile gelöscht : user_pref("CT2851647.backendstorage.cbfirsttime", "53756E204D617920323720323031322031393A35313A303620474D542B30323030");

Zeile gelöscht : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]

Zeile gelöscht : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Thu Nov 22 2012 20:42:49 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.homepageProtectorEnableByLogin", true);

Zeile gelöscht : user_pref("CT2851647.initDone", true);

Zeile gelöscht : user_pref("CT2851647.isAppTrackingManagerOn", true);

Zeile gelöscht : user_pref("CT2851647.myStuffEnabled", true);

Zeile gelöscht : user_pref("CT2851647.myStuffPublihserMinWidth", 400);

Zeile gelöscht : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

Zeile gelöscht : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);

Zeile gelöscht : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

Zeile gelöscht : user_pref("CT2851647.navigateToUrlOnSearch", false);

Zeile gelöscht : user_pref("CT2851647.oldAppsList", "129351532244963279,129351532245275780,1000234,129791456886122866,1000034,129416031642500897,129351532245744535,2532783744689806690,129351532247619549,12935153224761[...]

Zeile gelöscht : user_pref("CT2851647.revertSettingsEnabled", true);

Zeile gelöscht : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);

Zeile gelöscht : user_pref("CT2851647.searchProtectorEnableByLogin", true);

Zeile gelöscht : user_pref("CT2851647.testingCtid", "");

Zeile gelöscht : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Thu Nov 22 2012 20:42:48 GMT+0100");

Zeile gelöscht : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Thu Nov 22 2012 20:42:48 GMT+0100");

Zeile gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");

Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "uTorrentBar_DE Customized Web Search");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647", "\"c0d1d4054600b9e9acfea80be6b9274f3\"");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", "\"1334672089\"");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"0343677cfb1cd1:0\"");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");

Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"4c5784a6c422779465551b626ad7059c\"");

Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Paula-chan\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\vrkrs3uy.default\\conduitCommon\\modules\\3.12.0.8");

Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");

Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");

Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");

Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");

Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "42a51a34-8108-4d96-9a4d-58f4dc4db594");

Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");

Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 22 2012 20:42:47 GMT+0100");

Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", false);

Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");

Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 22 2012 20:42:45 GMT+0100");

Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "eff807eb-9f63-4efb-9cb8-badc92380bcc");

Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://de.ask.com/?l=dis&o=1586&gct=hp");

Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6OyMZv7uR0&loc=FF_NT");

Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");

Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "uTorrentBar_DE Customized Web Search");

Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");

Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://mystart.incredibar.com/mb178?a=6OyMZv7uR0&i=26");

Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");

Zeile gelöscht : user_pref("extensions.enabledAddons", "{c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.12.0.8,crossriderapp3491@crossrider.com:0.81.19,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10,{872b5b88-9db5-4310-bdd0-a[...]

Zeile gelöscht : user_pref("CT2269050.autoDisableScopes",  0);
 

-\\ Google Chrome v33.0.1750.154
 

[ Datei : C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [36746 octets] - [01/04/2014 16:19:37]

AdwCleaner[S0].txt - [34264 octets] - [01/04/2014 16:20:28]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34325 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Home Premium x64

Ran by Paula-chan on 01.04.2014 at 16:48:24,46

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1307518205-1141766383-1528977106-1000\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1307518205-1141766383-1528977106-1000\Software\web assistant

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DD0BCCE8-BE1E-4C35-A094-E580C08FC880}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2059CF48-25F3-40d7-9D37-24A3142FD20B}

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 

~~~ Files
 

Successfully deleted: [File] C:\Windows\syswow64\shoE2FA.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoF75F.tmp

Successfully deleted: [File] C:\Windows\syswow64\shoF7D5.tmp
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Users\Paula-chan\appdata\local\cre"

Successfully deleted: [Folder] "C:\Users\Paula-chan\appdata\local\software"

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{0008D88B-9EC5-4311-835B-5BA4E29383FE}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{03E185E6-2647-4028-B386-AB7A035E3104}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{05490FEC-E618-4B8A-BE44-30F449E3E41E}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{056E8499-E8AB-4AD7-8EC9-67A1B5FB977E}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{06E99417-5435-4265-AD23-61DF75CF254B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{0DCB473D-C2C2-4C71-A2CA-416277E0DFEA}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{0FEB9CAB-EAE8-43AB-812E-B8474A73A95B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{11832866-634A-4BF3-A155-E25D896D9C46}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{15900437-95E5-44A9-94D5-CE23552AEB6C}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{1862A034-2B24-4845-BB35-B86C292BC3BB}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{1B5FED07-05B2-43C9-8B18-6454F7022A90}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{1B9CEAB5-1498-4AEF-B462-07AC990D6D47}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{1D6B701D-E410-4EAB-9C16-D28C056A43F8}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{212B7BB4-0F52-4A12-A178-1C83AD8CF1D8}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{21B804EF-D58B-41B3-9A88-44DCA8E3861A}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{22B9791D-2C01-40C6-BA2A-4ED1BC6794C4}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2403E973-4392-4CAF-9452-E2534BD019BA}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{290AE06F-D451-4EFC-8E18-5C85BC3B43A7}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2ADC2005-8CB3-446E-AC2D-73730555E637}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2B0F04F1-39D7-4995-8B24-4D78D0729B0C}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2C221F82-F248-4C69-8BD0-3BE84E00259D}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2C354CF9-30C5-492D-8CD0-384DF59C19B6}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2DD039FC-BD10-400A-8714-5210EDF99D4B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2E2E2BE2-51B5-485A-8D6B-2C6A4EF410E7}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{2FEE49F4-0322-42B9-A965-A1B7E1125B74}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{35B1F873-BD54-4809-AD7E-1959BF77456C}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{38095CDE-CC0D-41EB-8429-23A9E9CE1C78}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{38EAEB90-5CF3-4FEA-961F-B9A9007527AD}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{3E66238D-9C77-4634-866F-A6F16292694E}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{3FD2B006-1FF2-4841-91C3-31066FCAC3CE}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{41D6EED1-B569-4267-AC3C-F4DEA1FC1E59}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{430B1BEF-5C5D-4780-A855-4A56399616A7}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4573D9E0-F6DE-432D-A39F-939F6A5C827A}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{45F27310-3F73-4B83-8761-519903BC2578}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{469656BC-CFA2-40D7-BA31-343C4D9D6706}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4830EA40-1186-43E4-9F4B-16366EC6C89E}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{48D84646-1285-4FD5-A0CF-6E3075847699}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4923754A-10D7-4572-A0C0-2848C3BAA382}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4A3DB198-7D1A-4B2C-BD58-7C0D803E31EA}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4A640841-5DED-420E-B2EC-850D7090357F}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4B579526-6AA3-48B3-93F5-B7D8F33752CF}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4E1DB5A9-99E6-4F79-9E33-6B4644FBD339}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{4E513E54-E660-4207-8F9F-A35D2AE4A9A1}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{50255C60-4628-4001-8232-B1448B2609A0}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{52C36717-CADD-4CCC-8B51-7BDE54047440}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{52EF1FA8-9900-46A5-AF55-2D37ED06DCAC}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{53438443-097B-4D8A-AD4A-D92A924A60DF}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{55705C1F-15D7-42BB-94D9-B5BDC8405D16}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{571DB20A-1E55-477D-B538-6FE7B6C61BDE}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{5808680B-CC22-4704-AC1A-24CCCEF05F3D}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{5BC4EA1A-62F3-46CD-84F7-AC09EA91990C}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{62F607D9-5BFB-4AB7-8E58-40BB3822A69E}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{63DC115D-7696-46D3-A8F3-954F41B889F9}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{6608F8CB-DB10-4A7C-B09E-F24D8E14EC6C}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{66EEEAD0-C790-43C4-9C6C-5335F7CFED6D}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{69732482-CA59-4587-8032-68B2603B52B4}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{6A79C021-4BD8-45CC-89B1-E30C6B790A86}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{7035878F-68A8-42AC-B648-36D4F112A257}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{70A99846-B002-4266-BBF4-3227C8212B22}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{77C62850-C033-4678-BFB0-CF5DD99B681F}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{78439E2A-4008-49ED-941E-DE12BF3DBDAE}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{78896E85-BF46-42C1-B82C-F13CEFC3CF0D}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{7980EE19-BC87-435D-A105-B1D7C174AA71}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{79B07726-FA82-4F8F-9766-BEA6C8A7B588}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{79F9ABB6-1D04-41E7-91B4-ABD8B2BF6C41}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{8116BA05-AADE-40AB-9D39-08E8C183EDA5}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{8397D400-91C1-4967-8334-5E58182C9334}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{848154AC-9C16-4B87-BEB5-22B7BDFD4B75}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{874E2AA0-B6C6-4F2A-8310-1CA08BE74213}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{89D68F04-7D79-4F18-B44F-CB0C1EB9BB56}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{8D5DE053-8159-485B-8C17-7C442F329291}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{8E04D6AD-083C-45A0-A788-97076F05A703}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{8F0A9D14-0C17-4537-A474-382C17CEF1A0}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{91167A24-04E6-4561-93D9-CCC2593E287B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{944F460D-3EE4-4D3E-95CB-3B4377D9B570}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{96AC1DC1-4405-41B0-A4DA-B5A51A75B820}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{9BCADD3D-1353-4404-8B3D-1CCE462C5EAE}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{9C694E28-3EA1-405E-94E4-7FB94D26D9F7}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{9E0C4959-0F0D-4D8C-8100-F31DD9223E2F}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A46CDDFC-733D-4BAC-8C64-59C21BB7B612}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A4D75C2F-9BF2-493A-99F6-4789150971A8}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A5686F02-2865-4BE1-8924-CAEDD6B6D94B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A593F948-2925-444C-9633-904C7665DA6D}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A688BC14-616B-4518-A889-20DAB8209EF2}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A7323DE4-76EF-415D-8E64-DDC2B11DE239}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A73AF5C5-6605-49B1-BB5A-4C552EA58379}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{A9F26AC9-6C00-4690-981A-C56D0DF3AF9C}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{AB05F70A-A39E-47DC-BC5D-BB0D281B1B56}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{ADDE0177-E398-45DE-8AA0-576E5F66712B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{B97D7528-8843-4289-B80A-C1CB6D196A55}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{BB1BAC0E-1F87-461E-B7C3-9F17B4A398D4}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{BDE2CC15-E2F4-4C1B-8DEC-A4BC01D8E844}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{C03CAE2C-C5B7-48F6-8B86-5AA047FC46C3}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{C2CF1BAD-1984-46C5-9B5D-C458EAA3C2E9}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{C3867CD5-2332-4AB8-95EC-9829C7DD88AA}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{C3899490-8C27-4CAF-B5FB-555003453BA5}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{C3E33DA7-690F-44B5-A5F2-C83C435B976A}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{CA0E7BED-F576-4EBA-8F9D-EE627C840AD0}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{CFE1D140-09E0-4481-89A7-52D8D60A7D3B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{D20E4869-7740-468E-901E-51673BB77B6B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{D224164E-6C7F-40AC-AD07-698A9348A28C}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{DA09706B-09D2-46D6-A240-42A58C67EA6B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{DB78272E-9F90-48BA-81A0-8FEFAE7A80E6}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{DF6D1554-9532-48BA-B8DE-36E9EDB19692}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{E0718D40-9537-4991-A3E4-61A2513FB64B}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{E57EB1A0-7999-40C5-93CA-773D9C37B700}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{E8D50DC2-1528-4F69-9399-552F4CDBB11A}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{EAF27170-A68A-4038-8640-AFE973AB3A5F}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{ECE30E01-F39B-431A-866D-86A17C0DBFBC}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{ED84028C-18F2-422E-94E9-C5DA44112D57}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{F16D310B-550F-4F7B-A776-E6A611C6D797}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{F2B573F0-6761-4E69-B823-0A53CF238E85}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{F66D3A87-CA79-40F6-8CCB-7B42B2C520CF}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{F866514B-48B1-4513-9AB4-054389169422}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{FBC89227-CAA3-41F4-8FA5-3305466DFEA0}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{FC5B49F4-F616-4587-BF63-B8DA8E135174}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{FEB3ECBE-1E87-445A-A603-E854B3D9B60F}

Successfully deleted: [Empty Folder] C:\Users\Paula-chan\appdata\local\{FFBE018A-7B42-4D22-8E2E-E18E3D2FB9F0}
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 01.04.2014 at 16:54:09,11

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Paula-chan (administrator) on PAULA-CHAN-PC on 01-04-2014 16:58:34

Running from C:\Users\Paula-chan\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN LLC.) C:\Users\Paula-chan\AppData\Local\VNT\vntldr.exe

() C:\Users\PAULA-~1\AppData\Local\Temp\Download_733B\Goat_Simulator_Installer_Downloader.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)

HKLM\...\Run: [PLFSetL] - C:\Windows\\PLFSetL.exe

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)

HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)

HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-12-11] ()

HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [196048 2014-03-19] (APN LLC.)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [Google+ Auto Backup] - "C:\Users\Paula-chan\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [GoogleChromeAutoLaunch_3B05FA9084BEB65019B27C284C96A728] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976 2014-03-15] (Google Inc.)

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

Startup: C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR Extension: (Ask Toolbar) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajepeddfdaihpmdgnickofffkdlpb [2014-03-31]

CHR Extension: (Theme Creator) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-03-31]

CHR Extension: (Google Docs) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31]

CHR Extension: (Google Drive) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]

CHR Extension: (YouTube) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31]

CHR Extension: (Google-Suche) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31]

CHR Extension: (AdBlock) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-31]

CHR Extension: (Akira Isogawa) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmggajponoffjmhekbonemlgidfgdao [2014-03-31]

CHR Extension: (Auto Replay for YouTube™) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-03-31]

CHR Extension: (Little Alchemy) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-03-31]

CHR Extension: (Google Wallet) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]

CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2014-03-31]

CHR Extension: (Google Mail) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31]

CHR HKCU\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\Paula-chan\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx [2014-03-31]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-31]

CHR HKLM-x32\...\Chrome\Extension: [aaaajepeddfdaihpmdgnickofffkdlpb] - C:\ProgramData\AskPartnerNetwork\Toolbar\FF3-V7\CRX\ToolbarCR.crx [2014-03-31]

CHR HKLM-x32\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\Paula-chan\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx [2014-03-31]

CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2012-12-24]
 

==================== Services (Whitelisted) =================
 

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2562208 2013-10-15] (G Data Software AG)

R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

S2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2014-03-18] (G Data Software AG)

R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2014-03-18] (G Data Software AG)

R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2014-03-18] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2014-03-18] (G Data Software AG)

R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2014-03-18] (G Data Software AG)

R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]

S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-01 16:54 - 2014-04-01 16:54 - 00015178 _____ () C:\Users\Paula-chan\Documents\JRT.txt

2014-04-01 16:54 - 2014-04-01 16:54 - 00015178 _____ () C:\Users\Paula-chan\Desktop\JRT.txt

2014-04-01 16:47 - 2014-04-01 16:47 - 01038974 _____ (Thisisu) C:\Users\Paula-chan\Downloads\JRT.exe

2014-04-01 16:47 - 2014-04-01 16:47 - 01038974 _____ (Thisisu) C:\Users\Paula-chan\Desktop\JRT.exe

2014-04-01 16:44 - 2014-04-01 16:44 - 00000000 ____D () C:\Windows\ERUNT

2014-04-01 16:34 - 2014-04-01 16:34 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy

2014-04-01 16:32 - 2014-04-01 16:32 - 00034566 _____ () C:\Users\Paula-chan\Documents\AdwCleaner[S0].txt

2014-04-01 16:31 - 2014-04-01 16:34 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Oxy

2014-04-01 16:19 - 2014-04-01 16:21 - 00000000 ____D () C:\AdwCleaner

2014-04-01 16:18 - 2014-04-01 16:18 - 00001160 _____ () C:\Users\Paula-chan\Documents\mbam.txt

2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Paula-chan\Downloads\adwcleaner.exe

2014-04-01 14:09 - 2014-04-01 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-01 14:08 - 2014-04-01 14:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Paula-chan\Downloads\revosetup95.exe

2014-03-31 21:02 - 2014-03-31 21:04 - 00041599 _____ () C:\Users\Paula-chan\Downloads\Addition.txt

2014-03-31 21:01 - 2014-04-01 16:58 - 00019648 _____ () C:\Users\Paula-chan\Downloads\FRST.txt

2014-03-31 21:00 - 2014-04-01 16:58 - 00000000 ____D () C:\FRST

2014-03-31 20:59 - 2014-03-31 20:59 - 02157056 _____ (Farbar) C:\Users\Paula-chan\Downloads\FRST64.exe

2014-03-31 20:59 - 2014-03-31 20:59 - 00000482 _____ () C:\Users\Paula-chan\Downloads\defogger_disable.log

2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 _____ () C:\Users\Paula-chan\defogger_reenable

2014-03-31 20:58 - 2014-03-31 20:58 - 00050477 _____ () C:\Users\Paula-chan\Downloads\Defogger.exe

2014-03-31 20:17 - 2014-04-01 14:25 - 00000000 ___RD () C:\Users\Paula-chan\Desktop\Programme

2014-03-31 19:52 - 2014-04-01 16:57 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-31 19:52 - 2014-03-31 19:52 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-31 19:52 - 2014-03-31 19:52 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-31 19:51 - 2014-04-01 16:30 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-31 19:39 - 2014-03-31 19:42 - 00000000 ____D () C:\Users\Paula-chan\Documents\Default

2014-03-31 15:54 - 2014-04-01 14:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-31 15:54 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-31 15:54 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-31 15:54 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 15:51 - 2014-03-31 15:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Paula-chan\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-31 15:47 - 2014-03-31 15:47 - 00271720 _____ () C:\Windows\Minidump\033114-31808-01.dmp

2014-03-31 15:24 - 2014-03-31 15:24 - 00000000 ____D () C:\ProgramData\CDB

2014-03-31 15:23 - 2014-03-31 15:25 - 00000000 ____D () C:\rei

2014-03-31 15:23 - 2014-03-31 15:23 - 00000000 ____D () C:\Program Files\Reimage

2014-03-31 15:20 - 2014-03-31 15:25 - 00000155 _____ () C:\Windows\Reimage.ini

2014-03-31 15:03 - 2014-03-31 15:03 - 00003622 _____ () C:\Windows\System32\Tasks\Oxy

2014-03-31 15:02 - 2014-03-31 15:02 - 00003630 _____ () C:\Windows\System32\Tasks\PileFile reminder

2014-03-31 15:02 - 2014-03-31 15:02 - 00003240 _____ () C:\Windows\System32\Tasks\PileFile logon

2014-03-27 21:53 - 2014-03-27 22:36 - 00002588 _____ () C:\Users\Paula-chan\Documents\Register Movie Studio Platinum.htm

2014-03-27 21:51 - 2014-03-29 17:32 - 00000000 ____D () C:\Users\Paula-chan\Documents\Movie Studio Platinum 13.0 Projects

2014-03-27 21:45 - 2014-03-27 21:45 - 00000000 ____D () C:\Program Files\Sony

2014-03-23 15:49 - 2014-03-23 15:49 - 00000000 ____D () C:\Program Files (x86)\directx

2014-03-23 15:48 - 2014-03-23 15:48 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2014-03-20 23:18 - 2014-03-20 23:18 - 00000000 ____D () C:\Users\Paula-chan\Downloads\kage_pro_osu_skin_by_juvia_fullbuster_by_lyra_kizzle08-d6vf3in

2014-03-18 21:37 - 2014-03-18 21:37 - 02700064 _____ () C:\Users\Paula-chan\Downloads\colour_me___challenge_by_ryky-d7aop7x.psd

2014-03-17 23:22 - 2014-03-18 21:26 - 00274419 _____ () C:\Users\Paula-chan\Documents\april.odt

2014-03-16 13:46 - 2014-03-20 21:09 - 03421415 _____ () C:\Users\Paula-chan\Documents\bday.odt

2014-03-14 17:34 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-14 17:34 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-14 17:34 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-14 17:34 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-14 17:34 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-14 17:34 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-14 17:34 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-14 17:34 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-14 17:34 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-14 17:34 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-14 17:34 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-14 17:34 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-14 17:34 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-14 17:34 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-14 17:34 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-14 17:34 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-14 17:34 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-14 17:34 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-14 17:34 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-14 17:34 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-14 17:34 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-14 17:34 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-14 17:34 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-14 17:34 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-14 17:34 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-14 17:34 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-14 17:34 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-14 17:34 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-14 17:34 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-14 17:34 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-14 17:34 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-14 17:34 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-14 17:34 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-14 17:34 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-14 17:34 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-14 17:34 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-14 17:34 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-14 17:34 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-14 17:34 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-14 17:34 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-14 17:34 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-14 17:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-14 17:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-14 17:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-14 17:32 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-14 17:32 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-14 17:32 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-14 17:32 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-01 16:58 - 2014-03-31 21:01 - 00019648 _____ () C:\Users\Paula-chan\Downloads\FRST.txt

2014-04-01 16:58 - 2014-03-31 21:00 - 00000000 ____D () C:\FRST

2014-04-01 16:57 - 2014-03-31 19:52 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-01 16:54 - 2014-04-01 16:54 - 00015178 _____ () C:\Users\Paula-chan\Documents\JRT.txt

2014-04-01 16:54 - 2014-04-01 16:54 - 00015178 _____ () C:\Users\Paula-chan\Desktop\JRT.txt

2014-04-01 16:47 - 2014-04-01 16:47 - 01038974 _____ (Thisisu) C:\Users\Paula-chan\Downloads\JRT.exe

2014-04-01 16:47 - 2014-04-01 16:47 - 01038974 _____ (Thisisu) C:\Users\Paula-chan\Desktop\JRT.exe

2014-04-01 16:44 - 2014-04-01 16:44 - 00000000 ____D () C:\Windows\ERUNT

2014-04-01 16:38 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-01 16:38 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-01 16:34 - 2014-04-01 16:34 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy

2014-04-01 16:34 - 2014-04-01 16:31 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Oxy

2014-04-01 16:32 - 2014-04-01 16:32 - 00034566 _____ () C:\Users\Paula-chan\Documents\AdwCleaner[S0].txt

2014-04-01 16:32 - 2012-02-03 16:03 - 00000000 ____D () C:\ProgramData\clear.fi

2014-04-01 16:30 - 2014-03-31 19:51 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-01 16:30 - 2010-11-21 05:47 - 00677648 _____ () C:\Windows\PFRO.log

2014-04-01 16:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-01 16:30 - 2009-07-14 06:51 - 00128535 _____ () C:\Windows\setupact.log

2014-04-01 16:22 - 2011-12-13 11:17 - 01341578 _____ () C:\Windows\WindowsUpdate.log

2014-04-01 16:21 - 2014-04-01 16:19 - 00000000 ____D () C:\AdwCleaner

2014-04-01 16:21 - 2012-02-02 22:18 - 00001009 _____ () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-04-01 16:20 - 2012-02-05 15:22 - 00000000 ____D () C:\ProgramData\ICQ

2014-04-01 16:20 - 2011-12-13 20:10 - 00700134 _____ () C:\Windows\system32\perfh007.dat

2014-04-01 16:20 - 2011-12-13 20:10 - 00149984 _____ () C:\Windows\system32\perfc007.dat

2014-04-01 16:20 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-01 16:18 - 2014-04-01 16:18 - 00001160 _____ () C:\Users\Paula-chan\Documents\mbam.txt

2014-04-01 16:17 - 2012-04-05 15:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Paula-chan\Downloads\adwcleaner.exe

2014-04-01 14:26 - 2014-03-31 15:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-01 14:25 - 2014-03-31 20:17 - 00000000 ___RD () C:\Users\Paula-chan\Desktop\Programme

2014-04-01 14:09 - 2014-04-01 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-01 14:08 - 2014-04-01 14:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Paula-chan\Downloads\revosetup95.exe

2014-03-31 21:04 - 2014-03-31 21:02 - 00041599 _____ () C:\Users\Paula-chan\Downloads\Addition.txt

2014-03-31 20:59 - 2014-03-31 20:59 - 02157056 _____ (Farbar) C:\Users\Paula-chan\Downloads\FRST64.exe

2014-03-31 20:59 - 2014-03-31 20:59 - 00000482 _____ () C:\Users\Paula-chan\Downloads\defogger_disable.log

2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 _____ () C:\Users\Paula-chan\defogger_reenable

2014-03-31 20:59 - 2012-02-02 22:16 - 00000000 ____D () C:\Users\Paula-chan

2014-03-31 20:58 - 2014-03-31 20:58 - 00050477 _____ () C:\Users\Paula-chan\Downloads\Defogger.exe

2014-03-31 19:57 - 2012-04-30 18:19 - 00000000 ____D () C:\Users\Paula-chan\AppData\Local\Google

2014-03-31 19:54 - 2012-08-01 17:57 - 00000000 ____D () C:\Program Files (x86)\Google

2014-03-31 19:52 - 2014-03-31 19:52 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-31 19:52 - 2014-03-31 19:52 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-31 19:42 - 2014-03-31 19:39 - 00000000 ____D () C:\Users\Paula-chan\Documents\Default

2014-03-31 18:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-31 15:53 - 2014-03-31 15:51 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Paula-chan\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-31 15:47 - 2014-03-31 15:47 - 00271720 _____ () C:\Windows\Minidump\033114-31808-01.dmp

2014-03-31 15:47 - 2012-06-28 20:20 - 00000000 ____D () C:\Windows\Minidump

2014-03-31 15:47 - 2012-06-28 20:19 - 401884526 _____ () C:\Windows\MEMORY.DMP

2014-03-31 15:25 - 2014-03-31 15:23 - 00000000 ____D () C:\rei

2014-03-31 15:25 - 2014-03-31 15:20 - 00000155 _____ () C:\Windows\Reimage.ini

2014-03-31 15:24 - 2014-03-31 15:24 - 00000000 ____D () C:\ProgramData\CDB

2014-03-31 15:23 - 2014-03-31 15:23 - 00000000 ____D () C:\Program Files\Reimage

2014-03-31 15:04 - 2011-06-11 01:58 - 00773680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2014-03-31 15:04 - 2011-06-11 01:58 - 00420912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2014-03-31 15:03 - 2014-03-31 15:03 - 00003622 _____ () C:\Windows\System32\Tasks\Oxy

2014-03-31 15:02 - 2014-03-31 15:02 - 00003630 _____ () C:\Windows\System32\Tasks\PileFile reminder

2014-03-31 15:02 - 2014-03-31 15:02 - 00003240 _____ () C:\Windows\System32\Tasks\PileFile logon

2014-03-30 21:45 - 2012-02-27 23:18 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\SoftGrid Client

2014-03-29 17:32 - 2014-03-27 21:51 - 00000000 ____D () C:\Users\Paula-chan\Documents\Movie Studio Platinum 13.0 Projects

2014-03-28 17:19 - 2014-01-26 21:36 - 00000000 ____D () C:\Users\Paula-chan\AppData\Local\VNT

2014-03-27 22:36 - 2014-03-27 21:53 - 00002588 _____ () C:\Users\Paula-chan\Documents\Register Movie Studio Platinum.htm

2014-03-27 22:30 - 2012-02-08 18:01 - 00000000 ____D () C:\ProgramData\Sony

2014-03-27 22:29 - 2012-02-08 17:02 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Sony

2014-03-27 22:21 - 2012-02-08 17:03 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-03-27 21:45 - 2014-03-27 21:45 - 00000000 ____D () C:\Program Files\Sony

2014-03-27 20:58 - 2014-01-26 21:36 - 00000000 ____D () C:\Program Files (x86)\VNT

2014-03-24 21:03 - 2013-05-16 18:18 - 00000000 ___RD () C:\Users\Paula-chan\Desktop\Games

2014-03-24 11:51 - 2012-09-27 20:38 - 00000000 ____D () C:\Users\Paula-chan\Documents\Schule

2014-03-23 21:47 - 2012-02-05 16:01 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\vlc

2014-03-23 15:49 - 2014-03-23 15:49 - 00000000 ____D () C:\Program Files (x86)\directx

2014-03-23 15:49 - 2011-10-20 11:07 - 00029527 _____ () C:\Windows\DirectX.log

2014-03-23 15:48 - 2014-03-23 15:48 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2014-03-23 15:48 - 2011-10-20 10:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-03-23 15:47 - 2013-10-29 14:39 - 00000000 ____D () C:\Users\Paula-chan\Downloads\Games

2014-03-21 13:07 - 2012-06-09 12:30 - 00000000 ____D () C:\Program Files (x86)\osu!

2014-03-20 23:18 - 2014-03-20 23:18 - 00000000 ____D () C:\Users\Paula-chan\Downloads\kage_pro_osu_skin_by_juvia_fullbuster_by_lyra_kizzle08-d6vf3in

2014-03-20 21:09 - 2014-03-16 13:46 - 03421415 _____ () C:\Users\Paula-chan\Documents\bday.odt

2014-03-20 12:42 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-18 23:49 - 2013-08-14 23:58 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 23:47 - 2012-04-24 16:26 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-18 21:37 - 2014-03-18 21:37 - 02700064 _____ () C:\Users\Paula-chan\Downloads\colour_me___challenge_by_ryky-d7aop7x.psd

2014-03-18 21:30 - 2013-06-01 15:09 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00063320 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys

2014-03-18 21:26 - 2014-03-17 23:22 - 00274419 _____ () C:\Users\Paula-chan\Documents\april.odt

2014-03-17 23:22 - 2013-09-23 21:17 - 00000000 ____D () C:\Users\Paula-chan\Documents\Sonstiges

2014-03-16 13:29 - 2012-09-27 20:37 - 00000000 ____D () C:\Users\Paula-chan\Documents\Zeichnungen

2014-03-16 12:13 - 2009-07-14 06:45 - 00354000 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-16 12:12 - 2013-03-14 20:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-16 12:12 - 2013-03-14 20:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-15 21:33 - 2013-10-11 13:33 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale

2014-03-12 19:04 - 2012-02-07 21:05 - 00000000 ____D () C:\Users\Paula-chan\AppData\Local\Adobe

2014-03-12 19:03 - 2012-04-05 15:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 19:03 - 2012-04-05 15:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-12 19:03 - 2011-10-20 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-05 09:26 - 2014-03-31 15:54 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-05 09:26 - 2014-03-31 15:54 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-05 09:26 - 2014-03-31 15:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 

Some content of TEMP:

====================

C:\Users\Paula-chan\AppData\Local\Temp\ApnStub.exe

C:\Users\Paula-chan\AppData\Local\Temp\AskPIP_FF_.exe

C:\Users\Paula-chan\AppData\Local\Temp\AskSLib.dll

C:\Users\Paula-chan\AppData\Local\Temp\contentDATs.exe

C:\Users\Paula-chan\AppData\Local\Temp\dotNetFx35setup.exe

C:\Users\Paula-chan\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Paula-chan\AppData\Local\Temp\drm_dyndata_7380007.dll

C:\Users\Paula-chan\AppData\Local\Temp\GuardICQ.exe

C:\Users\Paula-chan\AppData\Local\Temp\htmlayout.dll

C:\Users\Paula-chan\AppData\Local\Temp\incredibar_installer.exe

C:\Users\Paula-chan\AppData\Local\Temp\IZArc4.1.6.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\Keygen.exe

C:\Users\Paula-chan\AppData\Local\Temp\MyBabylonTB_I.exe

C:\Users\Paula-chan\AppData\Local\Temp\Quarantine.exe

C:\Users\Paula-chan\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Paula-chan\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Paula-chan\AppData\Local\Temp\setup.exe

C:\Users\Paula-chan\AppData\Local\Temp\SIMEEIInstaller.exe

C:\Users\Paula-chan\AppData\Local\Temp\tbDVDV.dll

C:\Users\Paula-chan\AppData\Local\Temp\tbuTor.dll

C:\Users\Paula-chan\AppData\Local\Temp\tmp6327.tmp.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmp7916.tmp.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmpAB5F.tmp.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmpDB71.exe

C:\Users\Paula-chan\AppData\Local\Temp\uninst.exe

C:\Users\Paula-chan\AppData\Local\Temp\UpdateCheckerSetup.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.5-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.6-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.7-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.8-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vpsetup.exe

C:\Users\Paula-chan\AppData\Local\Temp\_is2970.exe

C:\Users\Paula-chan\AppData\Local\Temp\_is5D0D.exe

C:\Users\Paula-chan\AppData\Local\Temp\_is6ED9.exe

C:\Users\Paula-chan\AppData\Local\Temp\_isA1DA.exe

C:\Users\Paula-chan\AppData\Local\Temp\_isBFD5.exe

C:\Users\Paula-chan\AppData\Local\Temp\_isD81.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-20 19:23
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Leider habe ich immer noch Probleme mit dem Virus :(
Nach dem Hochfahren öffnet sich von selbst das Programm Pilefile Reminder obwohl ich es bereits mit Revo deinstalliert habe. Außerdem kommt wenn ich Chrome öffne als Startseite Qone8.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=5be304ba45247f479ca95065cbc17722

# engine=17724

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-04-02 05:25:21

# local_time=2014-04-02 07:25:21 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776573 100 94 96052 148089371 0 0

# scanned=256057

# found=1

# cleaned=0

# scan_time=16112

sh=B70F371A8C6416FC7C9735F478FC3EEF399B1F27 ft=1 fh=d73ad9000665fbf8 vn="multiple threats" ac=I fn="C:\Windows\Temp\RegistryOptimizer.exe"

Code:

 Results of screen317's Security Check version 0.99.80  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

G Data InternetSecurity 2014   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 JavaFX 2.1.1    

 Java 7 Update 51  

 Adobe Flash Player 12.0.0.77  

 Adobe Reader 10.1.9 Adobe Reader out of Date!  

 Google Chrome 33.0.1750.154  
 ````````Process Check: objlist.exe by Laurent````````  

 G Data InternetSecurity Firewall GDFwSvcx64.exe 

 G Data InternetSecurity Firewall GDFirewallTray.exe 

 Symantec Norton Online Backup NOBuAgent.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014

Ran by Paula-chan (administrator) on PAULA-CHAN-PC on 02-04-2014 20:17:36

Running from C:\Users\Paula-chan\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

() C:\Program Files\Rainmeter\Rainmeter.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN LLC.) C:\Users\Paula-chan\AppData\Local\VNT\vntldr.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G DATA\AVKProxy\GdBgInx64.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe

(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe

(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)

HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)

HKLM\...\Run: [PLFSetL] - C:\Windows\\PLFSetL.exe

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-13] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)

HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)

HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)

HKLM-x32\...\Run: [GDFirewallTray] - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-12-11] ()

HKLM-x32\...\Run: [G Data AntiVirus Tray] - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)

HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [196048 2014-03-19] (APN LLC.)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [uTorrent] - "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED

HKU\S-1-5-21-1307518205-1141766383-1528977106-1000\...\Run: [Google+ Auto Backup] - "C:\Users\Paula-chan\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

Startup: C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)

BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Paula-chan\AppData\Roaming\Mozilla\Firefox\Profiles\vrkrs3uy.default

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR Extension: (Ask Toolbar) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajepeddfdaihpmdgnickofffkdlpb [2014-03-31]

CHR Extension: (Theme Creator) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2014-03-31]

CHR Extension: (Google Docs) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31]

CHR Extension: (Google Drive) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]

CHR Extension: (YouTube) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31]

CHR Extension: (Google-Suche) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31]

CHR Extension: (AdBlock) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-03-31]

CHR Extension: (Akira Isogawa) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igmggajponoffjmhekbonemlgidfgdao [2014-03-31]

CHR Extension: (Auto Replay for YouTube™) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-03-31]

CHR Extension: (Little Alchemy) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2014-03-31]

CHR Extension: (Google Wallet) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]

CHR Extension: (Google Mail) - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31]

CHR HKCU\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\Paula-chan\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx [2014-03-31]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-31]

CHR HKLM-x32\...\Chrome\Extension: [aaaajepeddfdaihpmdgnickofffkdlpb] - C:\ProgramData\AskPartnerNetwork\Toolbar\FF3-V7\CRX\ToolbarCR.crx [2014-03-31]

CHR HKLM-x32\...\Chrome\Extension: [anpiogajjmckmlehhpjnojhebaidkeod] - C:\Users\Paula-chan\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx [2014-03-31]

CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2012-12-24]

CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Paula-chan\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-02]

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://start.qone8.com/?type=sc&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX
 

==================== Services (Whitelisted) =================
 

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)

R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)

R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2562208 2013-10-15] (G Data Software AG)

R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2942808 2013-10-17] (G Data Software AG)

R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)

R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [688240 2014-03-31] (Cherished Technololgy LIMITED)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)

R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-02] (Cherished Technololgy LIMITED)

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

S2 MOBKbackup; "C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe" [X]
 

==================== Drivers (Whitelisted) ====================
 

R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [60248 2014-03-18] (G Data Software AG)

R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [130392 2014-03-18] (G Data Software AG)

R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [63320 2014-03-18] (G Data Software AG)

R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64856 2014-03-18] (G Data Software AG)

R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65368 2014-03-18] (G Data Software AG)

R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)

S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]

S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-02 20:07 - 2014-04-02 20:07 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\SupTab

2014-04-02 20:07 - 2014-04-02 20:07 - 00000000 ____D () C:\ProgramData\IePluginService

2014-04-02 20:07 - 2014-04-02 20:07 - 00000000 ____D () C:\Program Files (x86)\SupTab

2014-04-02 20:06 - 2014-04-02 20:06 - 00000000 ____D () C:\ProgramData\WPM

2014-04-02 20:04 - 2014-04-02 20:04 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\qone8

2014-04-02 19:38 - 2014-04-02 19:38 - 00000979 _____ () C:\Users\Paula-chan\Documents\checkup.txt

2014-04-02 19:32 - 2014-04-02 19:32 - 00987442 _____ () C:\Users\Paula-chan\Downloads\SecurityCheck.exe

2014-04-02 19:32 - 2014-04-02 19:32 - 00987442 _____ () C:\Users\Paula-chan\Desktop\SecurityCheck.exe

2014-04-02 14:28 - 2014-04-02 14:28 - 00000851 _____ () C:\Users\Paula-chan\.recently-used.xbel

2014-04-01 16:54 - 2014-04-01 16:54 - 00015178 _____ () C:\Users\Paula-chan\Documents\JRT.txt

2014-04-01 16:47 - 2014-04-01 16:47 - 01038974 _____ (Thisisu) C:\Users\Paula-chan\Downloads\JRT.exe

2014-04-01 16:44 - 2014-04-01 16:44 - 00000000 ____D () C:\Windows\ERUNT

2014-04-01 16:34 - 2014-04-01 16:34 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy

2014-04-01 16:32 - 2014-04-01 16:32 - 00034566 _____ () C:\Users\Paula-chan\Documents\AdwCleaner[S0].txt

2014-04-01 16:31 - 2014-04-02 20:04 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Oxy

2014-04-01 16:19 - 2014-04-01 16:21 - 00000000 ____D () C:\AdwCleaner

2014-04-01 16:18 - 2014-04-01 16:18 - 00001160 _____ () C:\Users\Paula-chan\Documents\mbam.txt

2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Paula-chan\Downloads\adwcleaner.exe

2014-04-01 14:09 - 2014-04-01 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-01 14:08 - 2014-04-01 14:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Paula-chan\Downloads\revosetup95.exe

2014-03-31 21:02 - 2014-03-31 21:04 - 00041599 _____ () C:\Users\Paula-chan\Downloads\Addition.txt

2014-03-31 21:01 - 2014-04-02 20:17 - 00022766 _____ () C:\Users\Paula-chan\Downloads\FRST.txt

2014-03-31 21:00 - 2014-04-02 20:17 - 00000000 ____D () C:\FRST

2014-03-31 20:59 - 2014-03-31 20:59 - 02157056 _____ (Farbar) C:\Users\Paula-chan\Downloads\FRST64.exe

2014-03-31 20:59 - 2014-03-31 20:59 - 00000482 _____ () C:\Users\Paula-chan\Downloads\defogger_disable.log

2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 _____ () C:\Users\Paula-chan\defogger_reenable

2014-03-31 20:58 - 2014-03-31 20:58 - 00050477 _____ () C:\Users\Paula-chan\Downloads\Defogger.exe

2014-03-31 20:17 - 2014-04-01 20:18 - 00000000 ___RD () C:\Users\Paula-chan\Desktop\Programme

2014-03-31 19:52 - 2014-04-02 19:57 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-31 19:52 - 2014-03-31 19:52 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-31 19:52 - 2014-03-31 19:52 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-31 19:51 - 2014-04-02 19:59 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-31 19:39 - 2014-03-31 19:42 - 00000000 ____D () C:\Users\Paula-chan\Documents\Default

2014-03-31 15:54 - 2014-04-01 14:26 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-31 15:54 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-31 15:54 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-31 15:54 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 15:51 - 2014-03-31 15:53 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Paula-chan\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-31 15:47 - 2014-03-31 15:47 - 00271720 _____ () C:\Windows\Minidump\033114-31808-01.dmp

2014-03-31 15:24 - 2014-03-31 15:24 - 00000000 ____D () C:\ProgramData\CDB

2014-03-31 15:23 - 2014-03-31 15:25 - 00000000 ____D () C:\rei

2014-03-31 15:23 - 2014-03-31 15:23 - 00000000 ____D () C:\Program Files\Reimage

2014-03-31 15:20 - 2014-03-31 15:25 - 00000155 _____ () C:\Windows\Reimage.ini

2014-03-31 15:03 - 2014-03-31 15:03 - 00003622 _____ () C:\Windows\System32\Tasks\Oxy

2014-03-31 15:02 - 2014-03-31 15:02 - 00003630 _____ () C:\Windows\System32\Tasks\PileFile reminder

2014-03-31 15:02 - 2014-03-31 15:02 - 00003240 _____ () C:\Windows\System32\Tasks\PileFile logon

2014-03-27 21:51 - 2014-03-29 17:32 - 00000000 ____D () C:\Users\Paula-chan\Documents\Movie Studio Platinum 13.0 Projects

2014-03-27 21:45 - 2014-03-27 21:45 - 00000000 ____D () C:\Program Files\Sony

2014-03-23 15:49 - 2014-03-23 15:49 - 00000000 ____D () C:\Program Files (x86)\directx

2014-03-23 15:48 - 2014-03-23 15:48 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2014-03-20 23:18 - 2014-03-20 23:18 - 00000000 ____D () C:\Users\Paula-chan\Downloads\kage_pro_osu_skin_by_juvia_fullbuster_by_lyra_kizzle08-d6vf3in

2014-03-18 21:37 - 2014-03-18 21:37 - 02700064 _____ () C:\Users\Paula-chan\Downloads\colour_me___challenge_by_ryky-d7aop7x.psd

2014-03-17 23:22 - 2014-03-18 21:26 - 00274419 _____ () C:\Users\Paula-chan\Documents\april.odt

2014-03-16 13:46 - 2014-03-20 21:09 - 03421415 _____ () C:\Users\Paula-chan\Documents\bday.odt

2014-03-14 17:34 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-14 17:34 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-14 17:34 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-03-14 17:34 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-03-14 17:34 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-03-14 17:34 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-03-14 17:34 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-03-14 17:34 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-03-14 17:34 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-03-14 17:34 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-03-14 17:34 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-03-14 17:34 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-03-14 17:34 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-14 17:34 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-03-14 17:34 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-03-14 17:34 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-14 17:34 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-03-14 17:34 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-03-14 17:34 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-03-14 17:34 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-03-14 17:34 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-03-14 17:34 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-03-14 17:34 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-03-14 17:34 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-03-14 17:34 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-03-14 17:34 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-03-14 17:34 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-03-14 17:34 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-03-14 17:34 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-03-14 17:34 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-03-14 17:34 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-03-14 17:34 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-03-14 17:34 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-03-14 17:34 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-03-14 17:34 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-03-14 17:34 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-03-14 17:34 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-03-14 17:34 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-03-14 17:34 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-03-14 17:34 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-03-14 17:34 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-03-14 17:34 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-03-14 17:34 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-03-14 17:34 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2014-03-14 17:32 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-03-14 17:32 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-03-14 17:32 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-03-14 17:32 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 

==================== One Month Modified Files and Folders =======
 

2014-04-02 20:18 - 2014-03-31 21:01 - 00022766 _____ () C:\Users\Paula-chan\Downloads\FRST.txt

2014-04-02 20:17 - 2014-03-31 21:00 - 00000000 ____D () C:\FRST

2014-04-02 20:17 - 2012-04-05 15:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-02 20:07 - 2014-04-02 20:07 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\SupTab

2014-04-02 20:07 - 2014-04-02 20:07 - 00000000 ____D () C:\ProgramData\IePluginService

2014-04-02 20:07 - 2014-04-02 20:07 - 00000000 ____D () C:\Program Files (x86)\SupTab

2014-04-02 20:07 - 2011-06-11 01:58 - 00773680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll

2014-04-02 20:07 - 2011-06-11 01:58 - 00420912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll

2014-04-02 20:07 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-02 20:07 - 2009-07-14 06:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-02 20:06 - 2014-04-02 20:06 - 00000000 ____D () C:\ProgramData\WPM

2014-04-02 20:04 - 2014-04-02 20:04 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\qone8

2014-04-02 20:04 - 2014-04-01 16:31 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Oxy

2014-04-02 20:04 - 2012-02-02 22:18 - 00001219 _____ () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-04-02 20:01 - 2012-02-03 16:03 - 00000000 ____D () C:\ProgramData\clear.fi

2014-04-02 19:59 - 2014-03-31 19:51 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-02 19:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-02 19:59 - 2009-07-14 06:51 - 00128703 _____ () C:\Windows\setupact.log

2014-04-02 19:58 - 2010-11-21 05:47 - 00678474 _____ () C:\Windows\PFRO.log

2014-04-02 19:57 - 2014-03-31 19:52 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-02 19:57 - 2011-12-13 11:17 - 01364399 _____ () C:\Windows\WindowsUpdate.log

2014-04-02 19:38 - 2014-04-02 19:38 - 00000979 _____ () C:\Users\Paula-chan\Documents\checkup.txt

2014-04-02 19:32 - 2014-04-02 19:32 - 00987442 _____ () C:\Users\Paula-chan\Downloads\SecurityCheck.exe

2014-04-02 19:32 - 2014-04-02 19:32 - 00987442 _____ () C:\Users\Paula-chan\Desktop\SecurityCheck.exe

2014-04-02 19:25 - 2011-12-13 20:10 - 00700134 _____ () C:\Windows\system32\perfh007.dat

2014-04-02 19:25 - 2011-12-13 20:10 - 00149984 _____ () C:\Windows\system32\perfc007.dat

2014-04-02 19:25 - 2009-07-14 07:13 - 01622236 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-02 14:50 - 2012-02-22 13:02 - 00000000 ____D () C:\Users\Paula-chan\.gimp-2.6

2014-04-02 14:28 - 2014-04-02 14:28 - 00000851 _____ () C:\Users\Paula-chan\.recently-used.xbel

2014-04-02 14:28 - 2012-02-02 22:16 - 00000000 ____D () C:\Users\Paula-chan

2014-04-01 22:26 - 2012-02-27 23:18 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\SoftGrid Client

2014-04-01 20:18 - 2014-03-31 20:17 - 00000000 ___RD () C:\Users\Paula-chan\Desktop\Programme

2014-04-01 16:54 - 2014-04-01 16:54 - 00015178 _____ () C:\Users\Paula-chan\Documents\JRT.txt

2014-04-01 16:47 - 2014-04-01 16:47 - 01038974 _____ (Thisisu) C:\Users\Paula-chan\Downloads\JRT.exe

2014-04-01 16:44 - 2014-04-01 16:44 - 00000000 ____D () C:\Windows\ERUNT

2014-04-01 16:34 - 2014-04-01 16:34 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy

2014-04-01 16:32 - 2014-04-01 16:32 - 00034566 _____ () C:\Users\Paula-chan\Documents\AdwCleaner[S0].txt

2014-04-01 16:21 - 2014-04-01 16:19 - 00000000 ____D () C:\AdwCleaner

2014-04-01 16:20 - 2012-02-05 15:22 - 00000000 ____D () C:\ProgramData\ICQ

2014-04-01 16:18 - 2014-04-01 16:18 - 00001160 _____ () C:\Users\Paula-chan\Documents\mbam.txt

2014-04-01 14:45 - 2014-04-01 14:45 - 01426178 _____ () C:\Users\Paula-chan\Downloads\adwcleaner.exe

2014-04-01 14:26 - 2014-03-31 15:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-01 14:09 - 2014-04-01 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-04-01 14:08 - 2014-04-01 14:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Paula-chan\Downloads\revosetup95.exe

2014-03-31 21:04 - 2014-03-31 21:02 - 00041599 _____ () C:\Users\Paula-chan\Downloads\Addition.txt

2014-03-31 20:59 - 2014-03-31 20:59 - 02157056 _____ (Farbar) C:\Users\Paula-chan\Downloads\FRST64.exe

2014-03-31 20:59 - 2014-03-31 20:59 - 00000482 _____ () C:\Users\Paula-chan\Downloads\defogger_disable.log

2014-03-31 20:59 - 2014-03-31 20:59 - 00000000 _____ () C:\Users\Paula-chan\defogger_reenable

2014-03-31 20:58 - 2014-03-31 20:58 - 00050477 _____ () C:\Users\Paula-chan\Downloads\Defogger.exe

2014-03-31 19:57 - 2012-04-30 18:19 - 00000000 ____D () C:\Users\Paula-chan\AppData\Local\Google

2014-03-31 19:54 - 2012-08-01 17:57 - 00000000 ____D () C:\Program Files (x86)\Google

2014-03-31 19:52 - 2014-03-31 19:52 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-31 19:52 - 2014-03-31 19:52 - 00003862 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-31 19:42 - 2014-03-31 19:39 - 00000000 ____D () C:\Users\Paula-chan\Documents\Default

2014-03-31 18:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-31 15:54 - 2014-03-31 15:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-03-31 15:53 - 2014-03-31 15:51 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Paula-chan\Downloads\mbam-setup-2.0.0.1000.exe

2014-03-31 15:47 - 2014-03-31 15:47 - 00271720 _____ () C:\Windows\Minidump\033114-31808-01.dmp

2014-03-31 15:47 - 2012-06-28 20:20 - 00000000 ____D () C:\Windows\Minidump

2014-03-31 15:47 - 2012-06-28 20:19 - 401884526 _____ () C:\Windows\MEMORY.DMP

2014-03-31 15:25 - 2014-03-31 15:23 - 00000000 ____D () C:\rei

2014-03-31 15:25 - 2014-03-31 15:20 - 00000155 _____ () C:\Windows\Reimage.ini

2014-03-31 15:24 - 2014-03-31 15:24 - 00000000 ____D () C:\ProgramData\CDB

2014-03-31 15:23 - 2014-03-31 15:23 - 00000000 ____D () C:\Program Files\Reimage

2014-03-31 15:03 - 2014-03-31 15:03 - 00003622 _____ () C:\Windows\System32\Tasks\Oxy

2014-03-31 15:02 - 2014-03-31 15:02 - 00003630 _____ () C:\Windows\System32\Tasks\PileFile reminder

2014-03-31 15:02 - 2014-03-31 15:02 - 00003240 _____ () C:\Windows\System32\Tasks\PileFile logon

2014-03-29 17:32 - 2014-03-27 21:51 - 00000000 ____D () C:\Users\Paula-chan\Documents\Movie Studio Platinum 13.0 Projects

2014-03-28 17:19 - 2014-01-26 21:36 - 00000000 ____D () C:\Users\Paula-chan\AppData\Local\VNT

2014-03-27 22:30 - 2012-02-08 18:01 - 00000000 ____D () C:\ProgramData\Sony

2014-03-27 22:29 - 2012-02-08 17:02 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Sony

2014-03-27 22:21 - 2012-02-08 17:03 - 00000000 ____D () C:\Program Files (x86)\Sony

2014-03-27 21:45 - 2014-03-27 21:45 - 00000000 ____D () C:\Program Files\Sony

2014-03-27 20:58 - 2014-01-26 21:36 - 00000000 ____D () C:\Program Files (x86)\VNT

2014-03-24 21:03 - 2013-05-16 18:18 - 00000000 ___RD () C:\Users\Paula-chan\Desktop\Games

2014-03-24 11:51 - 2012-09-27 20:38 - 00000000 ____D () C:\Users\Paula-chan\Documents\Schule

2014-03-23 21:47 - 2012-02-05 16:01 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\vlc

2014-03-23 15:49 - 2014-03-23 15:49 - 00000000 ____D () C:\Program Files (x86)\directx

2014-03-23 15:49 - 2011-10-20 11:07 - 00029527 _____ () C:\Windows\DirectX.log

2014-03-23 15:48 - 2014-03-23 15:48 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games

2014-03-23 15:48 - 2011-10-20 10:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-03-23 15:47 - 2013-10-29 14:39 - 00000000 ____D () C:\Users\Paula-chan\Downloads\Games

2014-03-21 13:07 - 2012-06-09 12:30 - 00000000 ____D () C:\Program Files (x86)\osu!

2014-03-20 23:18 - 2014-03-20 23:18 - 00000000 ____D () C:\Users\Paula-chan\Downloads\kage_pro_osu_skin_by_juvia_fullbuster_by_lyra_kizzle08-d6vf3in

2014-03-20 21:09 - 2014-03-16 13:46 - 03421415 _____ () C:\Users\Paula-chan\Documents\bday.odt

2014-03-20 12:42 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-18 23:49 - 2013-08-14 23:58 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-18 23:47 - 2012-04-24 16:26 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-03-18 21:37 - 2014-03-18 21:37 - 02700064 _____ () C:\Users\Paula-chan\Downloads\colour_me___challenge_by_ryky-d7aop7x.psd

2014-03-18 21:30 - 2013-06-01 15:09 - 00065368 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00130392 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00064856 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00063320 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys

2014-03-18 21:30 - 2012-04-01 22:35 - 00060248 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys

2014-03-18 21:26 - 2014-03-17 23:22 - 00274419 _____ () C:\Users\Paula-chan\Documents\april.odt

2014-03-17 23:22 - 2013-09-23 21:17 - 00000000 ____D () C:\Users\Paula-chan\Documents\Sonstiges

2014-03-16 13:29 - 2012-09-27 20:37 - 00000000 ____D () C:\Users\Paula-chan\Documents\Zeichnungen

2014-03-16 12:13 - 2009-07-14 06:45 - 00354000 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-16 12:12 - 2013-03-14 20:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-16 12:12 - 2013-03-14 20:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-15 21:33 - 2013-10-11 13:33 - 00000000 ____D () C:\Users\Paula-chan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale

2014-03-12 19:04 - 2012-02-07 21:05 - 00000000 ____D () C:\Users\Paula-chan\AppData\Local\Adobe

2014-03-12 19:03 - 2012-04-05 15:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-12 19:03 - 2012-04-05 15:04 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-03-12 19:03 - 2011-10-20 11:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-05 09:26 - 2014-03-31 15:54 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-03-05 09:26 - 2014-03-31 15:54 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-03-05 09:26 - 2014-03-31 15:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 

Some content of TEMP:

====================

C:\Users\Paula-chan\AppData\Local\Temp\ApnStub.exe

C:\Users\Paula-chan\AppData\Local\Temp\AskPIP_FF_.exe

C:\Users\Paula-chan\AppData\Local\Temp\AskSLib.dll

C:\Users\Paula-chan\AppData\Local\Temp\contentDATs.exe

C:\Users\Paula-chan\AppData\Local\Temp\dotNetFx35setup.exe

C:\Users\Paula-chan\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Paula-chan\AppData\Local\Temp\drm_dyndata_7380007.dll

C:\Users\Paula-chan\AppData\Local\Temp\GuardICQ.exe

C:\Users\Paula-chan\AppData\Local\Temp\htmlayout.dll

C:\Users\Paula-chan\AppData\Local\Temp\incredibar_installer.exe

C:\Users\Paula-chan\AppData\Local\Temp\IZArc4.1.6.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Paula-chan\AppData\Local\Temp\Keygen.exe

C:\Users\Paula-chan\AppData\Local\Temp\MyBabylonTB_I.exe

C:\Users\Paula-chan\AppData\Local\Temp\Quarantine.exe

C:\Users\Paula-chan\AppData\Local\Temp\ReimagePackage.exe

C:\Users\Paula-chan\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Paula-chan\AppData\Local\Temp\setup.exe

C:\Users\Paula-chan\AppData\Local\Temp\SIMEEIInstaller.exe

C:\Users\Paula-chan\AppData\Local\Temp\tbDVDV.dll

C:\Users\Paula-chan\AppData\Local\Temp\tbuTor.dll

C:\Users\Paula-chan\AppData\Local\Temp\tmp360F.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmp4B76.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmp4DB5.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmp6327.tmp.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmp7916.tmp.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmpAB5F.tmp.exe

C:\Users\Paula-chan\AppData\Local\Temp\tmpDB71.exe

C:\Users\Paula-chan\AppData\Local\Temp\uninst.exe

C:\Users\Paula-chan\AppData\Local\Temp\UpdateCheckerSetup.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.5-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.6-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.7-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vlc-2.0.8-win32.exe

C:\Users\Paula-chan\AppData\Local\Temp\vpsetup.exe

C:\Users\Paula-chan\AppData\Local\Temp\_is2970.exe

C:\Users\Paula-chan\AppData\Local\Temp\_is5D0D.exe

C:\Users\Paula-chan\AppData\Local\Temp\_is6ED9.exe

C:\Users\Paula-chan\AppData\Local\Temp\_isA1DA.exe

C:\Users\Paula-chan\AppData\Local\Temp\_isBFD5.exe

C:\Users\Paula-chan\AppData\Local\Temp\_isD81.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-01-20 19:23
 

==================== End Of Log ============================

--- --- ---

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Vielen Dank für die Hilfe :) jetzt funktioniert glaube ich wieder alles

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014

Ran by Paula-chan at 2014-04-03 15:51:13 Run:1

Running from C:\Users\Paula-chan\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}

URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396461871&from=mp3&uid=HitachiXHTS547550A9E384_J2150050HNW4PCHNW4PCX&q={searchTerms}

         

*****************
 

"C:\\PROGRA~2\\SupTab\\SEARCH~1.DLL" => Value Data removed successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} => Value deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.

HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
 

==== End of Fixlog ====

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Okay jetzt ist alles erledigt :)
Noch mal danke für die Hilfe!