Laptop very slow

Collapse
X
Collapse
 
  • Page of 6
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 6 template Next
  • siq
    PCHF Member
    • Jan 2017
    • 49
    #16
    RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Ücretsiz) by Adlice Software
    mail : Support Form | Contact • Adlice Software
    Geribildirim : http://forum.adlice.com
    Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
    Bolg : http://www.adlice.com

    İşletim Sistemi : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    -de başlatıldı : Normal mod
    Kullanıcı : Philipp [Yönetici]
    -den başlatıldı : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mod : Sil – Tarih : 02/03/2017 00:23:59 (Süreç : 00:36:14)

    ¤¤¤ İşlemler : 1 ¤¤¤
    [Adw.DNSUnlocker] ZAM.exe(2744) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe[7] → Öldürüldü [TermThr]

    ¤¤¤ Kayıt : 145 ¤¤¤
    [PUP.Ghokswa] (X86) HKEY_LOCAL_MACHINE\Software\Firefox → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\1ClickDow nload → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\APN PIP → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\DataMngr → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\DataMngr_ Toolbar → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\InstallCo re → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Search Settings → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Softonic → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\SweetIM → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Systweak → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\YTD → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\1ClickDow nload → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\APN PIP → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\DataMngr → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\DataMngr_ Toolbar → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\InstallCo re → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Search Settings → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Softonic → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\SweetIM → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Systweak → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\YTD → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\OCS → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\OCS → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Toolbar → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Toolbar → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Software\Search Settings → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Software\searchqutoolbar → Seçilmedi
    [PUP.Gen1] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Software\YTD → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Software\Search Settings → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Software\searchqutoolbar → Seçilmedi
    [PUP.Gen1] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\AppDataLo w\Software\YTD → Seçilmedi
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\Application Updater (“C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe”) → Seçilmedi
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\Application Updater (“C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe”) → Seçilmedi
    [PUM.Proxy] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Microsoft \Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 → Seçilmedi
    [PUM.Proxy] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Microsoft \Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 → Seçilmedi
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings | ProxyServer : 46.165.193.67:5056 → Seçilmedi
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings | ProxyServer : 46.165.193.67:5056 → Seçilmedi
    [PUM.HomePage] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Microsoft \Internet Explorer\Main | Start Page : Yandex — hızlı İnternet araması → Seçilmedi
    [PUM.HomePage] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Microsoft \Internet Explorer\Main | Start Page : Yandex — hızlı İnternet araması → Seçilmedi
    [PUM.HomePage] (X64) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Microsoft \Internet Explorer\Main | Default_Page_URL : http://www.v9.com/?utm_source=b&utm_...&ts=1350857397 → Seçilmedi
    [PUM.HomePage] (X86) HKEY_USERS\RK_Philipp_ON_F_1F6A\Software\Microsoft \Internet Explorer\Main | Default_Page_URL : http://www.v9.com/?utm_source=b&utm_...&ts=1350857397 → Seçilmedi
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces{F1198B90-493F-4495-879E-89672178C3BF} | NameServer : 8.8.8.8,1.1.1.1 ([-][AU]) → Seçilmedi
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces{F1198B90-493F-4495-879E-89672178C3BF} | NameServer : 8.8.8.8,1.1.1.1 ([-][AU]) → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {154E50E9-CF46-4D5A-BADF-8FC96D69EA96} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\Program Files (x86)\World of Warcraft\Temp\wow-4.2.0.2552-enUS-tools-downloader.exe|Name=Blizzard Downloader| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {A6284518-2AE7-4761-91DC-626726E5A8EA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\Program Files (x86)\World of Warcraft\Temp\wow-4.2.0.2552-enUS-tools-downloader.exe|Name=Blizzard Downloader| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | TCP Query User{A9983C15-8D44-4140-B48E-3EB68FC61B72}C:\users\philipp\appdata\local\temp\g w2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\users\philipp\appdata\local\ temp\gw2.exe|Name=Guild Wars 2 Game Client|Desc=Guild Wars 2 Game Client|Defer=User| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | UDP Query User{9893247F-591F-411A-A5A0-6D1D5E2A9585}C:\users\philipp\appdata\local\temp\g w2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\users\philipp\appdata\local \temp\gw2.exe|Name=Guild Wars 2 Game Client|Desc=Guild Wars 2 Game Client|Defer=User| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {C59BE5A2-C54D-4576-A0CD-AE620B030618} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1040\Agent.exe|Name=Blizzard Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {1EBF8FCA-8695-4942-93B1-6390A4F75E23} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1040\Agent.exe|Name=Blizzard Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {9BC543B4-45C4-4810-9109-911D926AEEE6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1544\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {7A8EF53F-3314-4268-8BA3-12D39F61E7F4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1544\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {DBBE1C86-2809-4AA7-AA3B-0D5C299D7942} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1637\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {271CEEBD-7901-494F-9FE7-96C9810A94DC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1637\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {12AA3395-A2A6-4B67-8B7C-CD00E14F7365} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1675\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {8DE6E3E3-18FA-4CE3-87CA-B09BA90906B5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1675\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {09BB82F7-18E0-405D-8642-6E4AA7CEE361} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1737\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {F93E54A2-C3FE-4F80-83DC-C434D5242BE4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1737\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {DBE3F464-04DC-470E-A92C-274B34722CB9} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users \Philipp\AppData\Local\Facebook\Video\Skype\Facebo okVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {AD41DB8E-80E7-431A-AE68-4050D1F40387} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.2000\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 01\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {D1FC718B-D72D-4EF5-96ED-E90A0B1C6A0E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.2000\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {4B2D6E05-483D-49F1-A66B-E23EE778AD00} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.1267\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {98D741DB-0D81-4D75-93F9-AA7BCE9ED5DA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.1267\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {D805F393-DF9F-42DB-8BD8-A10435FFD59E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2045\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {7CF97D17-A8A2-4D7E-9BEC-6243047FB5BF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2045\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {CBA6CFE4-87DA-4C0B-9DD5-CB24264D153C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {1F8EFC10-91D2-4DEF-9300-AA828DE18B26} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {65D1CA79-73C8-4C1C-A396-55114CC5C61C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {2E300A00-EF29-4879-AD3F-8C035C177F2F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | TCP Query User{C6D4FEE5-DA5E-4896-BBC1-4C31C77A28FE}C:\programdata\battle.net\agent\agent .2689\agent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\programdata\battle.net\agent \agent.2689\agent.exe|Name=Battle.net Update Agent Update Agent|Edge=TRUE|Defer=App| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | UDP Query User{F9912598-2E9B-4960-B43A-8E1CFC69772C}C:\programdata\battle.net\agent\agent .2689\agent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\programdata\battle.net\agen t\agent.2689\agent.exe|Name=Battle.net Update Agent Update Agent|Edge=TRUE|Defer=App| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {07A267BF-9BD3-4856-88D1-A924CF38EFBC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2787\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {04756382-6EB7-495C-85E9-516EED38F5FF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2787\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {3363AF0F-0FAE-4932-9BDC-F768D750CD20} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2880\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {FF75CEDC-9CF5-481D-9063-269F7C9A3EEB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2880\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {FBF504C5-7660-4CA0-9461-EE1588F6F15D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3023\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {9B3BB61E-72AA-4C6A-9524-F08E717DB6BB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3023\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {2BA43725-5873-4C4B-B214-D17575BED6C1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3109\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {9BE1D182-5C1A-4012-8196-D78F15784A37} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3109\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {C5343D04-4C9B-4307-A77C-075B8B2C9E8F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3235\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {B29A6550-56A1-491E-BB46-A0863A286D3F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3235\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {8FCE413C-7C8F-49D2-97AB-12AF69EBBE36} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3286\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {6D6C39D8-B4DC-471E-AD24-04DB637E2F52} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3286\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {D746C5F2-5646-488A-AA6A-9EFCB544C556} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3478\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {ECACD096-AD74-4AA4-A843-FDFB10ED1EE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3478\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {B57AD082-017F-4128-AF5E-A02D6F3AE087} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3634\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {07A18F29-12BC-4AAB-A245-B4291010C345} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3634\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {98CFEB0B-2567-4974-AD58-360ED70FB0BB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3688\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {D3C6F70D-7E00-41A4-9628-1D22289A2534} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3688\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {6C27E94F-9B54-4A90-9F4C-FBF097292328} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.3689\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {C07014D5-340A-473A-8A73-C045C7E3989F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.3689\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {05E61BB9-15E2-4964-ABBD-67110BF469F1} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Progr am Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| → Seçilmedi
    [PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {52F974BB-5934-4D2F-A4D9-CDD1DB7042F7} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Progr am Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {154E50E9-CF46-4D5A-BADF-8FC96D69EA96} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\Program Files (x86)\World of Warcraft\Temp\wow-4.2.0.2552-enUS-tools-downloader.exe|Name=Blizzard Downloader| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {A6284518-2AE7-4761-91DC-626726E5A8EA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\Program Files (x86)\World of Warcraft\Temp\wow-4.2.0.2552-enUS-tools-downloader.exe|Name=Blizzard Downloader| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | TCP Query User{A9983C15-8D44-4140-B48E-3EB68FC61B72}C:\users\philipp\appdata\local\temp\g w2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\users\philipp\appdata\local\ temp\gw2.exe|Name=Guild Wars 2 Game Client|Desc=Guild Wars 2 Game Client|Defer=User| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | UDP Query User{9893247F-591F-411A-A5A0-6D1D5E2A9585}C:\users\philipp\appdata\local\temp\g w2.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\users\philipp\appdata\local \temp\gw2.exe|Name=Guild Wars 2 Game Client|Desc=Guild Wars 2 Game Client|Defer=User| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {C59BE5A2-C54D-4576-A0CD-AE620B030618} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1040\Agent.exe|Name=Blizzard Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {1EBF8FCA-8695-4942-93B1-6390A4F75E23} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1040\Agent.exe|Name=Blizzard Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {9BC543B4-45C4-4810-9109-911D926AEEE6} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1544\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {7A8EF53F-3314-4268-8BA3-12D39F61E7F4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1544\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {DBBE1C86-2809-4AA7-AA3B-0D5C299D7942} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1637\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {271CEEBD-7901-494F-9FE7-96C9810A94DC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1637\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {12AA3395-A2A6-4B67-8B7C-CD00E14F7365} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1675\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {8DE6E3E3-18FA-4CE3-87CA-B09BA90906B5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1675\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {09BB82F7-18E0-405D-8642-6E4AA7CEE361} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.1737\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {F93E54A2-C3FE-4F80-83DC-C434D5242BE4} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.1737\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {DBE3F464-04DC-470E-A92C-274B34722CB9} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users \Philipp\AppData\Local\Facebook\Video\Skype\Facebo okVideoCalling.exe|Name=Facebook Video Calling Plugin|Edge=TRUE| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {AD41DB8E-80E7-431A-AE68-4050D1F40387} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.2000\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_F_29C0\ControlSet0 02\Services\SharedAccess\Parameters\FirewallPolicy \FirewallRules | {D1FC718B-D72D-4EF5-96ED-E90A0B1C6A0E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.2000\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {4B2D6E05-483D-49F1-A66B-E23EE778AD00} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.1267\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {98D741DB-0D81-4D75-93F9-AA7BCE9ED5DA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.1267\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {D805F393-DF9F-42DB-8BD8-A10435FFD59E} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2045\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {7CF97D17-A8A2-4D7E-9BEC-6243047FB5BF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2045\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {CBA6CFE4-87DA-4C0B-9DD5-CB24264D153C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {1F8EFC10-91D2-4DEF-9300-AA828DE18B26} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {65D1CA79-73C8-4C1C-A396-55114CC5C61C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {2E300A00-EF29-4879-AD3F-8C035C177F2F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.2380\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | TCP Query User{C6D4FEE5-DA5E-4896-BBC1-4C31C77A28FE}C:\programdata\battle.net\agent\agent .2689\agent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\programdata\battle.net\agent \agent.2689\agent.exe|Name=Battle.net Update Agent Update Agent|Edge=TRUE|Defer=App| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | UDP Query User{F9912598-2E9B-4960-B43A-8E1CFC69772C}C:\programdata\battle.net\agent\agent .2689\agent.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\programdata\battle.net\agen t\agent.2689\agent.exe|Name=Battle.net Update Agent Update Agent|Edge=TRUE|Defer=App| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {07A267BF-9BD3-4856-88D1-A924CF38EFBC} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2787\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {04756382-6EB7-495C-85E9-516EED38F5FF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2787\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {3363AF0F-0FAE-4932-9BDC-F768D750CD20} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.2880\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {FF75CEDC-9CF5-481D-9063-269F7C9A3EEB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.2880\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {FBF504C5-7660-4CA0-9461-EE1588F6F15D} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3023\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {9B3BB61E-72AA-4C6A-9524-F08E717DB6BB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3023\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {2BA43725-5873-4C4B-B214-D17575BED6C1} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3109\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {9BE1D182-5C1A-4012-8196-D78F15784A37} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3109\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {C5343D04-4C9B-4307-A77C-075B8B2C9E8F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3235\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {B29A6550-56A1-491E-BB46-A0863A286D3F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3235\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {8FCE413C-7C8F-49D2-97AB-12AF69EBBE36} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3286\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {6D6C39D8-B4DC-471E-AD24-04DB637E2F52} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3286\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {D746C5F2-5646-488A-AA6A-9EFCB544C556} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3478\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {ECACD096-AD74-4AA4-A843-FDFB10ED1EE7} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3478\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {B57AD082-017F-4128-AF5E-A02D6F3AE087} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3634\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {07A18F29-12BC-4AAB-A245-B4291010C345} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3634\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {98CFEB0B-2567-4974-AD58-360ED70FB0BB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Private|App=C:\ProgramData\Battle.net\Agent \Agent.3688\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {D3C6F70D-7E00-41A4-9628-1D22289A2534} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Private|App=C:\ProgramData\Battle.net\Agen t\Agent.3688\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {6C27E94F-9B54-4A90-9F4C-FBF097292328} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|P rofile=Public|App=C:\ProgramData\Battle.net\Agent\ Agent.3689\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {C07014D5-340A-473A-8A73-C045C7E3989F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17| Profile=Public|App=C:\ProgramData\Battle.net\Agent \Agent.3689\Agent.exe|Name=Battle.net Update Agent| → Seçilmedi
    [PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {05E61BB9-15E2-4964-ABBD-67110BF469F1} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Progr am Files (x86)\Firefox\bin\FirefoxUpdate.exe|Name=Update service| → Seçilmedi
    [PUP.Ghokswa] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\S haredAccess\Parameters\FirewallPolicy\FirewallRule s | {52F974BB-5934-4D2F-A4D9-CDD1DB7042F7} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Progr am Files (x86)\Firefox\Firefox.exe|Name=Firefox browser| → Seçilmedi
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 → Seçilmedi
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 → Seçilmedi
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_1F6C\Microsoft \Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll → Seçilmedi
    [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_1F6C\Microsoft \Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll → Seçilmedi

    ¤¤¤ Görevler : 0 ¤¤¤

    ¤¤¤ Dosyalar : 0 ¤¤¤

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Host Dosyaları : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Yüklendi) ¤¤¤

    ¤¤¤ Web tarayıcıları : 1 ¤¤¤
    [PUP.Gen2][Firefox:Addon] q87ndktt.default : Search and New Tab by Yahoo [jid1-16aeif9OQIRKxA@jetpack] → Seçilmedi

    ¤¤¤ MBR Kontrol : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
    — User —
    [MBR] c394a36c7930a9924d682575f61ab5cc
    [BSP] 851432715c4a2eb607f3604d5060c77b : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 … OK
    User = LL2 … OK

    +++++ PhysicalDrive1: SAMSUNG HM641JI ATA Device +++++
    — User —
    [MBR] 5460c99fa12c0c8e521f96d5f92dff68
    [BSP] 10ee15797d2d9e4ad56c0324fc70ab9a : Kiwi MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 236544 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 484648960 | Size: 352537 MB
    3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1206644736 | Size: 21296 MB
    User = LL1 … OK
    User = LL2 … OK

      Comment

      • siq
        PCHF Member
        • Jan 2017
        • 49
        #17
        [HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
        Ran by Philipp (03-02-2017 01:03:23) Run:1
        Running from C:\Users\Philipp\Desktop\Neuer Ordner
        Loaded Profiles: Philipp (Available Profiles: Philipp)
        Boot Mode: Normal[/HEADING]
        fixlist content:

        Start
        Closeprocesses:
        CreateRestorePoint:
        Emptytemp:
        RemoveProxy:
        Task: {1DAFFC61-3EF0-4495-84D1-F1569C723896} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
        Task: {24E0F572-4BCA-4EEC-A9A5-2D830CFA9E96} - System32\Tasks{4F74156E-5C02-4302-B31E-378AF64F0780} => pcalua.exe -a “C:\Users\Philipp\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe” -d “C:\Users\Philipp\Desktop\Call of Duty 4 - Modern Warfare”
        Task: {501CE107-2313-4E8F-BDC8-7CA2EDD7EBE6} - System32\Tasks{5CC848DF-F2F0-4C76-8299-F30E2EC5C77C} => C:\Users\Philipp\Desktop\Battlefield 3 cd1\Setup.exe
        Task: {5AD94776-848A-4574-A0AE-35DD77108857} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundete ctor => C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
        Task: {6220FCAE-162D-4042-AB17-6973161CECC9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
        C:\Windows\system32\GWX
        Task: {69796D42-6E7A-400E-ABED-6E89C0747C6A} - System32\Tasks{1483BBE9-6C43-420B-BCA7-97229B092656} => pcalua.exe -a “C:\Program Files (x86)\Steam\bin\steamservice.exe” -d “C:\Program Files (x86)\Steam” -c /installscript “C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\runasadmin.vdf” 34030
        Task: {6CD57B76-ED4E-4186-864B-C3D8A0F1B7B3} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\Game Booster 3\AutoUpdate.exe
        Task: {85AE1598-1934-4800-88DE-2070662EBA52} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
        Task: {958C25CA-C68C-47FD-B09B-8BA6D19BA2C7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-06-06] (Microsoft Corporation)
        Task: {9645015F-A137-47D1-9CBA-B0531A2EE4AD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
        Task: {9CEA9C83-B856-4975-8C0F-FE0D185A205D} - System32\Tasks{BB987285-0C54-468D-BC8C-2D27676CFAF0} => pcalua.exe -a C:\Users\Philipp\Downloads\pulsingcolorsviz.exe -d C:\Users\Philipp\Downloads
        Task: {A00325D4-D3C1-430E-B1F6-DCFCF85658C8} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-12-20] (Samsung Electronics)
        Task: {A0173E21-C978-4EA4-A189-7FA5617412B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
        Task: {A61D7A33-8B39-49F9-B558-12B1D500CA5F} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe
        Task: {B64BD4E4-A656-40D9-871D-7456C350A532} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
        Task: {D7EC70C1-9A44-4010-93E1-A25B01C49C7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-01-14] (Adobe Systems Incorporated)
        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
        C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
        HKLM-x32...\Run: =>
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\MountPoints2: {2265df16-a931-11e3-b156-001bb1fb806a} - D:\LaunchU3.exe -a
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\MountPoints2: {513fb52a-fbb6-11e3-8c6a-001bb1fb806a} - E:\autorun.exe
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\MountPoints2: {5c844a5e-08c5-11e3-9f11-001bb1fb806a} - D:\setup.exe
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\MountPoints2: {5dff3592-0827-11e3-9da5-f7c11e16234c} - D:\LaunchU3.exe -a
        HKU\S-1-5-18...\Run: [Advanced SystemCare 8] => “C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe” /Auto
        AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Keine Datei
        AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => Keine Datei
        IFEO\MRT.exe: [Debugger] C:\Windows\TEMP\wea99E1.tmp\Gubed.exe -Yrrehs
        C:\Program Files (x86)\IObit
        ProxyServer: [S-1-5-21-3041798318-2634963116-1215314133-1000] => 46.165.193.67:5056
        Tcpip..\Interfaces{416F4EA8-7EBE-4A41-BD73-DD7E680B9773}: [NameServer] 8.8.8.8,8.8.4.4
        Tcpip..\Interfaces{416F4EA8-7EBE-4A41-BD73-DD7E680B9773}: [DhcpNameServer] 192.168.0.1
        Tcpip..\Interfaces{86E2278C-9D4E-452E-A530-758555FCFA95}: [NameServer] 208.67.222.222,208.67.220.220
        Tcpip..\Interfaces{B7ACAEB6-863B-46ED-A180-28629DDF698D}: [NameServer] 8.8.8.8,8.8.4.4
        Tcpip..\Interfaces{CAFCA011-AF78-404E-B7ED-C6ECA9CFCAEA}: [NameServer] 8.8.8.8,8.8.4.4
        Tcpip..\Interfaces{F1198B90-493F-4495-879E-89672178C3BF}: [NameServer] 8.8.8.8,1.1.1.1
        HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E
        HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E
        HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1439801536&from=mych123&uid= samsungxssdx840xseries_s19mnsad653469e&z=b2df7eec4 54393cf996b982gazbc0tbb6e2g3w3ccb
        HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439801536&from=mych123&uid= samsungxssdx840xseries_s19mnsad653469e&z=b2df7eec4 54393cf996b982gazbc0tbb6e2g3w3ccb
        HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1439801536&from=mych123&uid= samsungxssdx840xseries_s19mnsad653469e&z=b2df7eec4 54393cf996b982gazbc0tbb6e2g3w3ccb
        HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439801536&from=mych123&uid= samsungxssdx840xseries_s19mnsad653469e&z=b2df7eec4 54393cf996b982gazbc0tbb6e2g3w3ccb
        HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1439801536&from=mych123&uid= samsungxssdx840xseries_s19mnsad653469e&z=b2df7eec4 54393cf996b982gazbc0tbb6e2g3w3ccb
        HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1439801536&from=mych123&uid= samsungxssdx840xseries_s19mnsad653469e&z=b2df7eec4 54393cf996b982gazbc0tbb6e2g3w3ccb
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E
        URLSearchHook: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 - (Kein Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - Keine Datei
        SearchScopes: HKLM → DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        SearchScopes: HKLM → {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        SearchScopes: HKLM-x32 → DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        SearchScopes: HKLM-x32 → {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        SearchScopes: HKLM-x32 → {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1431342801&from=zzgbkk123&uid=samsu ngxssdx840xseries_s19mnsad653469e&z=2786be88f055d5 8044b1affg7zec6g9cbz3o5b5e5o&q={searchTerms}
        SearchScopes: HKLM-x32 → {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
        SearchScopes: HKU.DEFAULT → DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1431342801&from=zzgbkk123&uid=samsu ngxssdx840xseries_s19mnsad653469e&z=2786be88f055d5 8044b1affg7zec6g9cbz3o5b5e5o&q={searchTerms}
        SearchScopes: HKU.DEFAULT → {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1431342801&from=zzgbkk123&uid=samsu ngxssdx840xseries_s19mnsad653469e&z=2786be88f055d5 8044b1affg7zec6g9cbz3o5b5e5o&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 → DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 → {1F618914-7A35-432E-BE19-45C108B76D6F} URL = hxxp://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&fl=1&vl=lang_tr&ilc=12&type=198484&p={searchTerm s}
        SearchScopes: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 → {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1484592351&z=333dd69f3d02d97ff6c7535gd z3bbzbw3t1occ4wfg&from=archer1028&uid=SamsungXSSDX 840XSeries_S19MNSAD653469E&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 → {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=1431342801&from=zzgbkk123&uid=samsu ngxssdx840xseries_s19mnsad653469e&z=2786be88f055d5 8044b1affg7zec6g9cbz3o5b5e5o&q={searchTerms}
        SearchScopes: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 → {4C84612E-4AD3-4561-9D1E-D8D077D411AB} URL =
        SearchScopes: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 → {5D4E1ED7-9C0F-4634-A78A-569B1ED9EC0C} URL =
        SearchScopes: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000 → {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
        BHO-x32: Kein Name → {03EB0E9C-7A91-4381-A220-9B52B641CDB1} → Keine Datei
        Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Keine Datei
        Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
        FF NewTab: Mozilla\Firefox\Profiles\q87ndktt.default → hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\q87ndktt.default → nice
        FF DefaultSearchUrl: Mozilla\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\q87ndktt.default → nice
        FF Homepage: Mozilla\Firefox\Profiles\q87ndktt.default → hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg
        FF Keyword.URL: Mozilla\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006
        FF Extension: (xRocket Toolbar) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\arthurj8283@gmail.com [2017-01-17] [ist nicht signiert]
        FF Extension: (convert2mp3.net YouTube2MP3 Converter) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\info@convert2mp3.net.xpi [2016-11-20]
        FF Extension: (Search and New Tab by Yahoo) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-19]
        FF Extension: (Video DownloadHelper) - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-11-26]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\searchplugins\amisites.xm l [2017-01-22]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\searchplugins\luck.xml [2017-01-17]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\searchplugins\nice-.xml [2016-06-21]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\searchplugins\v9-.xml [2015-05-14]
        FF user.js: detected! => C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\user.js [2017-01-17]
        FF NewTab: Firefox\Firefox\Profiles\q87ndktt.default → hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg
        FF DefaultSearchEngine: Firefox\Firefox\Profiles\q87ndktt.default → luck
        FF DefaultSearchUrl: Firefox\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006
        FF SearchEngineOrder.1: Firefox\Firefox\Profiles\q87ndktt.default → luck
        FF SelectedSearchEngine: Firefox\Firefox\Profiles\q87ndktt.default → luck
        FF Homepage: Firefox\Firefox\Profiles\q87ndktt.default → hxxp://www.searchinme.com/?type=hp&ts=1484761039475&z=&from=official&uid=Sam sungXSSDX840XSeries_S19MNSAD653469E
        FF Keyword.URL: Firefox\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006
        FF Extension: (FF Adr) - C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-18] [ist nicht signiert]
        FF Extension: (xRocket Toolbar) - C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\arthurj8283@gmail.com [2017-01-18] [ist nicht signiert]
        FF Extension: (Firefox Hotfix) - C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-11-26]
        FF Extension: (convert2mp3.net YouTube2MP3 Converter) - C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\info@convert2mp3.net.xpi [2016-11-20]
        FF Extension: (Search and New Tab by Yahoo) - C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-19]
        FF Extension: (English (US) Language Pack) - C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-01-18] [ist nicht signiert]
        FF Extension: (Video DownloadHelper) - C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-11-26]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\searchplugins\amisites.xm l [2017-01-16]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\searchplugins\luck.xml [2017-01-17]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\searchplugins\nice-.xml [2016-06-21]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\searchplugins\searchinme. xml [2017-01-18]
        FF SearchPlugin: C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\searchplugins\v9-.xml [2015-05-14]
        FF HKLM-x32...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\57p5pubn.default\extensions\quick_start@gmail.com => nicht gefunden
        FF HKLM-x32...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\extensions\detgdp@gmail.com => nicht gefunden
        FF HKLM-x32...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\extensions\arthurj8283@gmail.com
        FF Plugin: @microsoft.com/GENUINE → disabled [Keine Datei]
        FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
        FF Plugin HKU\S-1-5-21-3041798318-2634963116-1215314133-1000: Ubisoft | Welcome to the official Ubisoft website → C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Keine Datei]
        CHR HomePage: Default → hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg
        CHR StartupUrls: Default → “hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg
        CHR Extension: ( https://www.facebook.com/ ) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciig nkeokb [2014-11-16]
        CHR Extension: (Google-Suche) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-04-01]
        CHR Extension: (Google Tabellen) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-02-05]
        CHR Extension: (Google Docs Offline) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-06-15]
        CHR Extension: (Video Download Helper) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodn heapah [2014-12-18]
        CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-01-25]
        CHR HKLM...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
        CHR HKLM...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijk igpfjh.crx [2015-01-19]
        CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
        CHR HKLM-x32...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
        CHR HKLM-x32...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx
        CHR HKLM-x32...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
        CHR HKLM-x32...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
        CHR HKLM-x32...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx
        R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [721408 2017-01-22] () [Datei ist nicht signiert]
        C:\Program Files (x86)\WinArcher
        R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [106160 2017-01-18] ()
        C:\Program Files (x86)\Firefox
        R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [155136 2017-01-23] () [Datei ist nicht signiert]
        R2 Gubed_WMI; C:\Program Files (x86)\Gubed_WMI\Gubed_WMI.exe [109056 2016-12-23] () [Datei ist nicht signiert]
        C:\Program Files (x86)\Gubed
        R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [566272 2017-01-25] () [Datei ist nicht signiert] <==== ACHTUNG
        C:\Program Files (x86)\Common Files\Services\iThemes.dll
        S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
        C:\Program Files (x86)\IObit
        R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
        C:\Program Files (x86)\AVG
        C:\ProgramData\Microsoft\Blend\14.0\1033\ResourceC acher.dll
        S3 rpcapd; “%ProgramFiles(x86)%\WinPcap\rpcapd.exe” -d -f “%ProgramFiles(x86)%\WinPcap\rpcapd.ini”
        R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2017-01-09] (AVG Netherlands B.V.)
        S3 aswHdsKe; ??\C:\Windows\system32\drivers\aswHdsKe.sys
        S3 BRDriver64_1_3_3_E02B25FC; ??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC \BRDriver64.sys
        S3 EagleX64; ??\C:\Windows\system32\drivers\EagleX64.sys
        S3 vpnva; system32\DRIVERS\vpnva64-6.sys
        2017-02-01 00:25 - 2017-02-01 00:25 - 00002760 _____ C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMa intenance
        2017-01-31 22:05 - 2017-01-31 22:05 - 00002640 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
        2017-01-31 22:05 - 2017-01-31 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
        2017-01-31 22:05 - 2017-01-09 16:43 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
        2017-01-31 22:05 - 2017-01-09 16:39 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
        2017-01-31 22:05 - 2017-01-09 16:39 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
        2017-01-31 22:03 - 2017-01-31 22:03 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
        2017-01-31 22:03 - 2017-01-31 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
        2017-01-31 22:02 - 2017-01-31 22:04 - 00000000 ____D C:\Program Files (x86)\AVG
        2017-01-31 22:02 - 2017-01-31 22:02 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
        2017-01-31 22:01 - 2017-01-31 22:04 - 00000000 ____D C:\Users\Philipp\AppData\Local\AvgSetupLog
        2017-01-31 22:01 - 2017-01-31 22:04 - 00000000 ____D C:\Users\Philipp\AppData\Local\Avg
        2017-01-31 22:01 - 2017-01-31 22:04 - 00000000 ____D C:\ProgramData\Avg
        2017-01-31 22:01 - 2017-01-31 22:01 - 00000000 ____D C:\Program Files (x86)\UltimateShoppingSearch
        2017-02-01 00:41 - 2014-02-23 11:10 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
        2017-01-31 22:07 - 2013-10-08 16:19 - 00000000 ____D C:\Program Files (x86)\IObit
        2017-01-31 21:14 - 2016-10-30 12:58 - 00302501 ____N C:\Windows\Minidump\013117-11481-01.dmp
        2017-01-31 21:14 - 2013-08-18 17:58 - 00000000 ____D C:\Windows\Minidump
        2017-01-31 20:14 - 2014-04-25 12:00 - 00000000 ____D C:\Windows\system32\log
        2017-01-31 20:02 - 2016-11-19 19:27 - 00000000 ____D C:\Program Files (x86)\Yahoo!
        Task: {1DAFFC61-3EF0-4495-84D1-F1569C723896} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
        Task: {24E0F572-4BCA-4EEC-A9A5-2D830CFA9E96} - System32\Tasks{4F74156E-5C02-4302-B31E-378AF64F0780} => pcalua.exe -a “C:\Users\Philipp\Desktop\Call of Duty 4 - Modern Warfare\iw3mp.exe” -d “C:\Users\Philipp\Desktop\Call of Duty 4 - Modern Warfare”
        Task: {2FA7325B-6E8F-41C0-BD24-7A4D8F5E959C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
        Task: {31D1AFD7-FE73-42F7-8C56-CE56B4EE2076} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
        Task: {501CE107-2313-4E8F-BDC8-7CA2EDD7EBE6} - System32\Tasks{5CC848DF-F2F0-4C76-8299-F30E2EC5C77C} => C:\Users\Philipp\Desktop\Battlefield 3 cd1\Setup.exe
        Task: {5AD94776-848A-4574-A0AE-35DD77108857} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundete ctor => C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
        Task: {69796D42-6E7A-400E-ABED-6E89C0747C6A} - System32\Tasks{1483BBE9-6C43-420B-BCA7-97229B092656} => pcalua.exe -a “C:\Program Files (x86)\Steam\bin\steamservice.exe” -d “C:\Program Files (x86)\Steam” -c /installscript “C:\Program Files (x86)\Steam\steamapps\common\Napoleon Total War\runasadmin.vdf” 34030
        Task: {6CD57B76-ED4E-4186-864B-C3D8A0F1B7B3} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\Game Booster 3\AutoUpdate.exe
        Task: {74CA4679-074A-4E10-8222-FCEC9691901F} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-01-09] (AVG Technologies CZ, s.r.o.)
        Task: {958C25CA-C68C-47FD-B09B-8BA6D19BA2C7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-06-06] (Microsoft Corporation)
        Task: {9CEA9C83-B856-4975-8C0F-FE0D185A205D} - System32\Tasks{BB987285-0C54-468D-BC8C-2D27676CFAF0} => pcalua.exe -a C:\Users\Philipp\Downloads\pulsingcolorsviz.exe -d C:\Users\Philipp\Downloads
        Task: {A00325D4-D3C1-430E-B1F6-DCFCF85658C8} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-12-20] (Samsung Electronics)
        Task: {A0173E21-C978-4EA4-A189-7FA5617412B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
        Task: {B64BD4E4-A656-40D9-871D-7456C350A532} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
        Task: {BB2885EB-93BB-43CE-AF9D-8126074614B3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers \ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation)
        Task: {D7EC70C1-9A44-4010-93E1-A25B01C49C7D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-01-14] (Adobe Systems Incorporated)
        Task: {E30865BE-0448-4595-A5C6-CB203265BCD6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_ex e => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
        Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
        c:\programdata\microsoft\blend\14.0\1033\resourcec acher.dll
        C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
        2016-11-10 23:33 - 2016-10-20 09:47 - 01819240 _____ () C:\Program Files (x86)\Cuppat\Application\libglesv2.dll
        2016-11-10 23:33 - 2016-10-20 09:47 - 00093288 _____ () C:\Program Files (x86)\Cuppat\Application\libegl.dll
        2017-01-13 20:49 - 2017-01-13 20:49 - 17835096 _____ () C:\Users\Philipp\AppData\Local\Cuppat\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
        C:\Program Files (x86)\Cuppat
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\008i.com → 008i.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\008k.com → 008k.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\00hq.com → 00hq.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\0190-dialers.com → 0190-dialers.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\01i.info → 01i.info
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\02pmnzy5eo29bfk4.com → 02pmnzy5eo29bfk4.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\05p.com → 05p.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\07ic5do2myz3vzpk.com → 07ic5do2myz3vzpk.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\08nigbmwk43i01y6.com → 08nigbmwk43i01y6.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\093qpeuqpmz6ebfa.com → 093qpeuqpmz6ebfa.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\0calories.net → 0calories.net
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\0cj.net → 0cj.net
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\0scan.com → 0scan.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1-britney-spears-nude.com → 1-britney-spears-nude.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1-domains-registrations.com → 1-domains-registrations.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1-se.com → 1-se.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1001movie.com → 1001movie.com
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\1001night.biz → 1001night.biz
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\100gal.net → 100gal.net
        IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000...\100sexlinks.com → 100sexlinks.com
        MSCONFIG\startupreg: LogMeIn Hamachi Ui => “C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe” --auto-start
        2013-12-19 13:14 - 2013-12-19 13:14 - 0041984 ___SH () C:\Users\Philipp\AppData\Roaming\Thumbs.db
        2013-12-31 10:53 - 2013-12-31 10:53 - 0001472 _____ () C:\Users\Philipp\AppData\Local\recently-used.xbel
        2014-08-01 09:53 - 2014-08-01 09:53 - 0000000 _____ () C:\Users\Philipp\AppData\Local{6C70D7F2-E50B-475B-AD48-51E2586180D1}
        2016-07-11 09:03 - 2016-07-11 09:03 - 0000000 _____ () C:\Users\Philipp\AppData\Local{82BEEB85-1B4A-4EE7-92A9-DFC693E3988F}
        C:\Users\Public\D3DX9_37.dll
        C:\Users\Public\xinput1_3.dll
        Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
        Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
        CMD: netsh advfirewall reset
        CMD: netsh advfirewall set allprofiles state ON
        CMD: ipconfig /flushdns
        CMD: netsh winsock reset catalog
        CMD: netsh int ip reset c:\resetlog.txt
        CMD: ipconfig /release
        CMD: ipconfig /renew
        CMD: netsh int ipv4 reset
        CMD: netsh int ipv6 reset
        CMD: bitsadmin /reset /allusers
        EmptyTemp:
        reboot:
        end

        Processes closed successfully.
        Restore point was successfully created.

        ========= RemoveProxy: =========

        HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
        HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
        HKU\RK_Philipp_ON_F_1F6A\Software\Microsoft\Window s\CurrentVersion\Internet Settings\ProxyEnable => value removed successfully
        HKU\RK_Philipp_ON_F_1F6A\SOFTWARE\Microsoft\Window s\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
        HKU\RK_Philipp_ON_F_1F6A\SOFTWARE\Microsoft\Window s\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyServer => value removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

        ========= End of RemoveProxy: =========

        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{1DAFFC6 1-3EF0-4495-84D1-F1569C723896} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1DAFFC6 1-3EF0-4495-84D1-F1569C723896} => key removed successfully
        C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{24E0F57 2-4BCA-4EEC-A9A5-2D830CFA9E96} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{24E0F57 2-4BCA-4EEC-A9A5-2D830CFA9E96} => key removed successfully
        C:\Windows\System32\Tasks{4F74156E-5C02-4302-B31E-378AF64F0780} => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{4F74156E-5C02-4302-B31E-378AF64F0780} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{501CE10 7-2313-4E8F-BDC8-7CA2EDD7EBE6} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{501CE10 7-2313-4E8F-BDC8-7CA2EDD7EBE6} => key removed successfully
        C:\Windows\System32\Tasks{5CC848DF-F2F0-4C76-8299-F30E2EC5C77C} => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{5CC848DF-F2F0-4C76-8299-F30E2EC5C77C} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{5AD9477 6-848A-4574-A0AE-35DD77108857} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5AD9477 6-848A-4574-A0AE-35DD77108857} => key removed successfully
        C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\rundetector => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\rundetector => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6220FCA E-162D-4042-AB17-6973161CECC9} => key not found.
        C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeReminderTime => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeReminde rTime => key removed successfully
        C:\Windows\system32\GWX => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{69796D4 2-6E7A-400E-ABED-6E89C0747C6A} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{69796D4 2-6E7A-400E-ABED-6E89C0747C6A} => key removed successfully
        C:\Windows\System32\Tasks{1483BBE9-6C43-420B-BCA7-97229B092656} => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{1483BBE9-6C43-420B-BCA7-97229B092656} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{6CD57B7 6-ED4E-4186-864B-C3D8A0F1B7B3} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6CD57B7 6-ED4E-4186-864B-C3D8A0F1B7B3} => key removed successfully
        C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Boo ster_AutoUpdate => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{85AE159 8-1934-4800-88DE-2070662EBA52} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{85AE159 8-1934-4800-88DE-2070662EBA52} => key removed successfully
        C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task _itype.exe => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t_MKC_Logon_Task_itype.exe => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{958C25C A-C68C-47FD-B09B-8BA6D19BA2C7} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{958C25C A-C68C-47FD-B09B-8BA6D19BA2C7} => key removed successfully
        C:\Windows\System32\Tasks\Microsoft\Windows\Applic ation Experience\ProgramDataUpdater => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Application Experience\ProgramDataUpdater => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9645015 F-A137-47D1-9CBA-B0531A2EE4AD} => key not found.
        C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeTime => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9CEA9C8 3-B856-4975-8C0F-FE0D185A205D} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9CEA9C8 3-B856-4975-8C0F-FE0D185A205D} => key removed successfully
        C:\Windows\System32\Tasks{BB987285-0C54-468D-BC8C-2D27676CFAF0} => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{BB987285-0C54-468D-BC8C-2D27676CFAF0} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{A00325D 4-D3C1-430E-B1F6-DCFCF85658C8} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A00325D 4-D3C1-430E-B1F6-DCFCF85658C8} => key removed successfully
        C:\Windows\System32\Tasks\SUPBackground => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPBackg round => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{A0173E2 1-C978-4EA4-A189-7FA5617412B9} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A0173E2 1-C978-4EA4-A189-7FA5617412B9} => key removed successfully
        C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A61D7A3 3-8B39-49F9-B558-12B1D500CA5F} => key not found.
        C:\Windows\System32\Tasks\WinTOOL => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WinTOOL => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{B64BD4E 4-A656-40D9-871D-7456C350A532} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B64BD4E 4-A656-40D9-871D-7456C350A532} => key removed successfully
        C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{D7EC70C 1-9A44-4010-93E1-A25B01C49C7D} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D7EC70C 1-9A44-4010-93E1-A25B01C49C7D} => key removed successfully
        C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully
        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe => moved successfully
        C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe => moved successfully
        HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\ => value removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{2265df16-a931-11e3-b156-001bb1fb806a} => key removed successfully
        HKCR\CLSID{2265df16-a931-11e3-b156-001bb1fb806a} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{513fb52a-fbb6-11e3-8c6a-001bb1fb806a} => key removed successfully
        HKCR\CLSID{513fb52a-fbb6-11e3-8c6a-001bb1fb806a} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{5c844a5e-08c5-11e3-9f11-001bb1fb806a} => key removed successfully
        HKCR\CLSID{5c844a5e-08c5-11e3-9f11-001bb1fb806a} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2{5dff3592-0827-11e3-9da5-f7c11e16234c} => key removed successfully
        HKCR\CLSID{5dff3592-0827-11e3-9da5-f7c11e16234c} => key not found.
        HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\A dvanced SystemCare 8 => value removed successfully
        “C:\PROGRA~2\SupTab\SEARCH~2.DLL” => Value data not found.
        “C:\PROGRA~2\SupTab\SEARCH~1.DLL” => Value data not found.
        HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MRT.exe => key not found.
        C:\Program Files (x86)\IObit => moved successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ProxyServer => value not found.
        HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{416F4EA8-7EBE-4A41-BD73-DD7E680B9773}\NameServer => value removed successfully
        HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{416F4EA8-7EBE-4A41-BD73-DD7E680B9773}\DhcpNameServer => value removed successfully
        HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{86E2278C-9D4E-452E-A530-758555FCFA95}\NameServer => value removed successfully
        HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{B7ACAEB6-863B-46ED-A180-28629DDF698D}\NameServer => value removed successfully
        HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{CAFCA011-AF78-404E-B7ED-C6ECA9CFCAEA}\NameServer => value removed successfully
        HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces{F1198B90-493F-4495-879E-89672178C3BF}\NameServer => value removed successfully
        HKLM\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
        HKLM\Software\Microsoft\Internet Explorer\Main\Search Page => value restored successfully
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\Search Page => value restored successfully
        HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value restored successfully
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\Default_Page_URL => value restored successfully
        HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL => value restored successfully
        HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\Default_Search_URL => value restored successfully
        HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page => value removed successfully
        HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value removed successfully
        HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Start Page => value removed successfully
        HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value removed successfully
        HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Start Page => value removed successfully
        HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Internet Explorer\Main\Search Page => value restored successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Internet Explorer\Main\Start Page => value restored successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value restored successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => value not found.
        HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
        HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
        HKCR\CLSID{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
        HKCR\Wow6432Node\CLSID{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
        HKCR\Wow6432Node\CLSID{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key removed successfully
        HKCR\Wow6432Node\CLSID{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
        HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
        HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
        HKCR\CLSID{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{1F618914-7A35-432E-BE19-45C108B76D6F} => key not found.
        HKCR\CLSID{1F618914-7A35-432E-BE19-45C108B76D6F} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
        HKCR\CLSID{33BB0A4E-99AF-4226-BDF6-49120163DE86} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
        HKCR\CLSID{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{4C84612E-4AD3-4561-9D1E-D8D077D411AB} => key not found.
        HKCR\CLSID{4C84612E-4AD3-4561-9D1E-D8D077D411AB} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{5D4E1ED7-9C0F-4634-A78A-569B1ED9EC0C} => key not found.
        HKCR\CLSID{5D4E1ED7-9C0F-4634-A78A-569B1ED9EC0C} => key not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key removed successfully
        HKCR\CLSID{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => key not found.
        HKCR\Wow6432Node\CLSID{03EB0E9C-7A91-4381-A220-9B52B641CDB1} => key not found.
        HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
        HKCR\CLSID{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
        HKCR\Wow6432Node\PROTOCOLS\Handler\skype4com => key not found.
        HKCR\Wow6432Node\CLSID{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found.
        FF NewTab: Mozilla\Firefox\Profiles\q87ndktt.default → hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg => not found
        FF DefaultSearchEngine: Mozilla\Firefox\Profiles\q87ndktt.default → nice => not found
        FF DefaultSearchUrl: Mozilla\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006 => not found
        FF SelectedSearchEngine: Mozilla\Firefox\Profiles\q87ndktt.default → nice => not found
        FF Homepage: Mozilla\Firefox\Profiles\q87ndktt.default → hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg => not found
        FF Keyword.URL: Mozilla\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006 => not found
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\arthurj8283@gmail.com => moved successfully
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\arthurj8283@gmail.com => path removed successfully
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\info@convert2mp3.net.xpi => moved successfully
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\info@convert2mp3.net.xpi => path removed successfully
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi => not found.
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
        “C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\ Profiles\q87ndktt.default\searchplugins\amisites.x ml” => not found.
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\searchplugins\luck.xml => moved successfully
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\searchplugins\nice-.xml => moved successfully
        C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\P rofiles\q87ndktt.default\searchplugins\v9-.xml => moved successfully
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\user.js => not found.
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\user.js => not found.
        FF NewTab: Firefox\Firefox\Profiles\q87ndktt.default → hxxp://www.nicesearches.com?type=hp&ts=1479229082&from=3e 881114&uid=samsungxssdx840xseries_s19mnsad653469e& z=0144affb50a92f61e40d0d9gdz4m2t0o8o9t7ebbbg => not found
        FF DefaultSearchEngine: Firefox\Firefox\Profiles\q87ndktt.default → luck => not found
        FF DefaultSearchUrl: Firefox\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006 => not found
        FF SearchEngineOrder.1: Firefox\Firefox\Profiles\q87ndktt.default → luck => not found
        FF SelectedSearchEngine: Firefox\Firefox\Profiles\q87ndktt.default → luck => not found
        FF Homepage: Firefox\Firefox\Profiles\q87ndktt.default → hxxp://www.searchinme.com/?type=hp&ts=1484761039475&z=&from=official&uid=Sam sungXSSDX840XSeries_S19MNSAD653469E => not found
        FF Keyword.URL: Firefox\Firefox\Profiles\q87ndktt.default → hxxps://www.google.com/search/?trackid=sp-006 => not found
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi => not found.
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\arthurj8283@gmail.com => not found.
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\firefox-hotfix@mozilla.org.xpi => not found.
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\info@convert2mp3.net.xpi => not found.
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi => not found.
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi => not found.
        C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\P rofiles\q87ndktt.default\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => not found.
        “C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\ Profiles\q87ndktt.default\searchplugins\amisites.x ml” => not found.
        “C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\ Profiles\q87ndktt.default\searchplugins\luck.xml” => not found.
        “C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\ Profiles\q87ndktt.default\searchplugins\nice-.xml” => not found.
        “C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\ Profiles\q87ndktt.default\searchplugins\searchinme .xml” => not found.
        “C:\Users\Philipp\AppData\Roaming\Firefox\Firefox\ Profiles\q87ndktt.default\searchplugins\v9-.xml” => not found.
        HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensio ns\quick_start@gmail.com => value removed successfully
        HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensio ns\detgdp@gmail.com => value removed successfully
        HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensio ns\arthurj8283@gmail.com => value removed successfully
        HKLM\Software\MozillaPlugins@microsoft.com/GENUINE => key removed successfully
        HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=3 => key removed successfully
        C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
        HKLM\Software\Wow6432Node\MozillaPlugins@tools.google.com/Google Update;version=9 => key removed successfully
        C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\MozillaPlugins\ubisoft.com/uplaypc => key removed successfully
        C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found.
        Chrome HomePage => not found.
        Chrome StartupUrls => not found.
        C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\celnaknmndcdcjcagffhbhciig nkeokb => not found
        C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf => not found
        C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap => not found
        C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi => not found
        C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldcccbolclahdbkahlppenfodn heapah => not found
        C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda => moved successfully
        HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeo hchalpbbcdekjklbdgfkk => key removed successfully
        HKLM\SOFTWARE\Google\Chrome\Extensions\noajmlkipcl meolfcnflkjhijkigpfjh => key not found.
        C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijk igpfjh.crx => moved successfully
        HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
        HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \hbcennhacfaagdopikcegfcobcadeocj => key not found.
        HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \icdlfehblmklkikfigmjhbmmpmkmpooj => key not found.
        HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \mhkaekfpcppmmioggniknbnbdbcigpkk => key not found.
        HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \pelmeidfhdlhlbjimpabfcbnnojbboma => key not found.
        HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \pfndaklgolladniicklehhancnlgocpp => key not found.
        Archer => service not found.
        “C:\Program Files (x86)\WinArcher” => not found.
        FirefoxU => service not found.
        “C:\Program Files (x86)\Firefox” => not found.
        GubedZL => service not found.
        Gubed_WMI => service not found.
        “C:\Program Files (x86)\Gubed” => not found.
        iThemes5 => service not found.
        “C:\Program Files (x86)\Common Files\Services\iThemes.dll” => not found.
        HKLM\System\CurrentControlSet\Services\LiveUpdateS vc => key removed successfully
        LiveUpdateSvc => service removed successfully
        “C:\Program Files (x86)\IObit” => not found.
        avgsvc => service not found.
        C:\Program Files (x86)\AVG => moved successfully
        “C:\ProgramData\Microsoft\Blend\14.0\1033\Resource Cacher.dll” => not found.
        HKLM\System\CurrentControlSet\Services\rpcapd => key removed successfully
        rpcapd => service removed successfully
        TuneUpUtilitiesDrv => service not found.
        HKLM\System\CurrentControlSet\Services\aswHdsKe => key removed successfully
        aswHdsKe => service removed successfully
        HKLM\System\CurrentControlSet\Services\BRDriver64_ 1_3_3_E02B25FC => key removed successfully
        BRDriver64_1_3_3_E02B25FC => service removed successfully
        HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
        EagleX64 => service removed successfully
        HKLM\System\CurrentControlSet\Services\vpnva => key removed successfully
        vpnva => service removed successfully
        C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMa intenance => moved successfully
        “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk” => not found.
        “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp” => not found.
        “C:\Windows\system32\TURegOpt.exe” => not found.
        “C:\Windows\system32\authuitu.dll” => not found.
        “C:\Windows\SysWOW64\authuitu.dll” => not found.
        “C:\Users\Public\Desktop\AVG.lnk” => not found.
        “C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen” => not found.
        “C:\Program Files (x86)\AVG” => not found.
        “C:\Windows\System32\Tasks\AVG EUpdate Task” => not found.
        C:\Users\Philipp\AppData\Local\AvgSetupLog => moved successfully
        C:\Users\Philipp\AppData\Local\Avg => moved successfully
        C:\ProgramData\Avg => moved successfully
        C:\Program Files (x86)\UltimateShoppingSearch => moved successfully
        C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
        “C:\Program Files (x86)\IObit” => not found.
        C:\Windows\Minidump\013117-11481-01.dmp => moved successfully
        C:\Windows\Minidump => moved successfully
        C:\Windows\system32\log => moved successfully
        C:\Program Files (x86)\Yahoo! => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1DAFFC6 1-3EF0-4495-84D1-F1569C723896} => key not found.
        C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineCore => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{24E0F57 2-4BCA-4EEC-A9A5-2D830CFA9E96} => key not found.
        C:\Windows\System32\Tasks{4F74156E-5C02-4302-B31E-378AF64F0780} => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{4F74156E-5C02-4302-B31E-378AF64F0780} => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2FA7325 B-6E8F-41C0-BD24-7A4D8F5E959C} => key not found.
        C:\Windows\System32\Tasks\AVG EUpdate Task => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{31D1AFD 7-FE73-42F7-8C56-CE56B4EE2076} => key not found.
        C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeTime => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{501CE10 7-2313-4E8F-BDC8-7CA2EDD7EBE6} => key not found.
        C:\Windows\System32\Tasks{5CC848DF-F2F0-4C76-8299-F30E2EC5C77C} => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{5CC848DF-F2F0-4C76-8299-F30E2EC5C77C} => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5AD9477 6-848A-4574-A0AE-35DD77108857} => key not found.
        C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ gwx\rundetector => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\gwx\rundetector => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{69796D4 2-6E7A-400E-ABED-6E89C0747C6A} => key not found.
        C:\Windows\System32\Tasks{1483BBE9-6C43-420B-BCA7-97229B092656} => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{1483BBE9-6C43-420B-BCA7-97229B092656} => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{6CD57B7 6-ED4E-4186-864B-C3D8A0F1B7B3} => key not found.
        C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Boo ster_AutoUpdate => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{74CA467 9-074A-4E10-8222-FCEC9691901F} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{74CA467 9-074A-4E10-8222-FCEC9691901F} => key removed successfully
        C:\Windows\System32\Tasks\AVGPCTuneUp_Task_BkGndMa intenance => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGPCTun eUp_Task_BkGndMaintenance => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{958C25C A-C68C-47FD-B09B-8BA6D19BA2C7} => key not found.
        C:\Windows\System32\Tasks\Microsoft\Windows\Applic ation Experience\ProgramDataUpdater => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Application Experience\ProgramDataUpdater => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9CEA9C8 3-B856-4975-8C0F-FE0D185A205D} => key not found.
        C:\Windows\System32\Tasks{BB987285-0C54-468D-BC8C-2D27676CFAF0} => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{BB987285-0C54-468D-BC8C-2D27676CFAF0} => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A00325D 4-D3C1-430E-B1F6-DCFCF85658C8} => key not found.
        C:\Windows\System32\Tasks\SUPBackground => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPBackg round => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A0173E2 1-C978-4EA4-A189-7FA5617412B9} => key not found.
        C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUp dateTaskMachineUA => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{B64BD4E 4-A656-40D9-871D-7456C350A532} => key not found.
        C:\Windows\System32\Tasks\Adobe Acrobat Update Task => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BB2885E B-93BB-43CE-AF9D-8126074614B3} => key not found.
        C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ GWXTriggers\ScheduleUpgradeReminderTime => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\GWXTriggers\ScheduleUpgradeReminde rTime => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D7EC70C 1-9A44-4010-93E1-A25B01C49C7D} => key not found.
        C:\Windows\System32\Tasks\Adobe Flash Player Updater => not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key not found.
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{E30865B E-0448-4595-A5C6-CB203265BCD6} => key removed successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E30865B E-0448-4595-A5C6-CB203265BCD6} => key removed successfully
        C:\Windows\System32\Tasks\Microsoft_Hardware_Launc h_ipoint_exe => moved successfully
        HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t_Hardware_Launch_ipoint_exe => key removed successfully
        C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
        “c:\programdata\microsoft\blend\14.0\1033\resource cacher.dll” => not found.
        “C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll” => not found.
        C:\Program Files (x86)\Cuppat\Application\libglesv2.dll => moved successfully
        C:\Program Files (x86)\Cuppat\Application\libegl.dll => moved successfully
        C:\Users\Philipp\AppData\Local\Cuppat\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll => moved successfully
        C:\Program Files (x86)\Cuppat => moved successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\008i.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\008k.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\00hq.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\0190-dialers.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\01i.info => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\02pmnzy5eo29bfk4.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\05p.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\07ic5do2myz3vzpk.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\08nigbmwk43i01y6.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\093qpeuqpmz6ebfa.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\0calories.net => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\0cj.net => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\0scan.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1-britney-spears-nude.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1-domains-registrations.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1-se.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1001movie.com => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\1001night.biz => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\100gal.net => key removed successfully
        HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\100sexlinks.com => key removed successfully
        HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui => key removed successfully
        C:\Users\Philipp\AppData\Roaming\Thumbs.db => moved successfully
        C:\Users\Philipp\AppData\Local\recently-used.xbel => moved successfully
        C:\Users\Philipp\AppData\Local{6C70D7F2-E50B-475B-AD48-51E2586180D1} => moved successfully
        C:\Users\Philipp\AppData\Local{82BEEB85-1B4A-4EE7-92A9-DFC693E3988F} => moved successfully
        C:\Users\Public\D3DX9_37.dll => moved successfully
        C:\Users\Public\xinput1_3.dll => moved successfully

        ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

        Der Vorgang wurde erfolgreich beendet.

        ========= End of Reg: =========

        ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f =========

        Der Vorgang wurde erfolgreich beendet.

        ========= End of Reg: =========

        ========= netsh advfirewall reset =========

        OK.

        ========= End of CMD: =========

        ========= netsh advfirewall set allprofiles state ON =========

        OK.

        ========= End of CMD: =========

        ========= ipconfig /flushdns =========

        Windows-IP-Konfiguration

        Der DNS-Aufl”sungscache wurde geleert.

        ========= End of CMD: =========

        ========= netsh winsock reset catalog =========

        Der Winsock-Katalog wurde zurckgesetzt.
        Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.

        ========= End of CMD: =========

        ========= netsh int ip reset c:\resetlog.txt =========

        Global wird zurckgesetzt, OK!
        Schnittstelle wird zurckgesetzt, OK!
        Unicastadresse wird zurckgesetzt, OK!
        Route wird zurckgesetzt, OK!
        Starten Sie den Computer neu, um die Aktion abzuschlieáen.

        ========= End of CMD: =========

        ========= ipconfig /release =========

        Windows-IP-Konfiguration

        Es kann kein Vorgang auf Drahtlosnetzwerkverbindung 2 ausgefhrt werden, solange dessen Medium nicht
        verbunden ist.

        Ethernet-Adapter LAN-Verbindung:

        Medienstatus. . . . . . . . . . . : Medium getrennt
        Verbindungsspezifisches DNS-Suffix:

        Ethernet-Adapter Hamachi:

        Verbindungsspezifisches DNS-Suffix: www.youtube.de
        IPv6-Adresse. . . . . . . . . . . : 2620:9b::191e:9649
        Verbindungslokale IPv6-Adresse . : fe80::499e:3325:fea6:3498%21
        Standardgateway . . . . . . . . . : 2620:9b::1900:1
        25.0.0.1

        Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

        Medienstatus. . . . . . . . . . . : Medium getrennt
        Verbindungsspezifisches DNS-Suffix:

        Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

        Verbindungsspezifisches DNS-Suffix:
        Verbindungslokale IPv6-Adresse . : fe80::a597:d9e3:f83e:e196%15
        Standardgateway . . . . . . . . . :

        ========= End of CMD: =========

        ========= ipconfig /renew =========

        Windows-IP-Konfiguration

        Es kann kein Vorgang auf LAN-Verbindung ausgefhrt werden, solange dessen Medium nicht
        verbunden ist.
        Es kann kein Vorgang auf Drahtlosnetzwerkverbindung 2 ausgefhrt werden, solange dessen Medium nicht
        verbunden ist.

        Ethernet-Adapter LAN-Verbindung:

        Medienstatus. . . . . . . . . . . : Medium getrennt
        Verbindungsspezifisches DNS-Suffix:

        Ethernet-Adapter Hamachi:

        Verbindungsspezifisches DNS-Suffix: www.youtube.de
        IPv6-Adresse. . . . . . . . . . . : 2620:9b::191e:9649
        Verbindungslokale IPv6-Adresse . : fe80::499e:3325:fea6:3498%21
        IPv4-Adresse . . . . . . . . . . : 25.30.150.73
        Subnetzmaske . . . . . . . . . . : 255.0.0.0
        Standardgateway . . . . . . . . . : 2620:9b::1900:1
        25.0.0.1

        Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

        Medienstatus. . . . . . . . . . . : Medium getrennt
        Verbindungsspezifisches DNS-Suffix:

        Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

        Verbindungsspezifisches DNS-Suffix:
        Verbindungslokale IPv6-Adresse . : fe80::a597:d9e3:f83e:e196%15
        IPv4-Adresse . . . . . . . . . . : 192.168.0.100
        Subnetzmaske . . . . . . . . . . : 255.255.255.0
        Standardgateway . . . . . . . . . : 192.168.0.1

        ========= End of CMD: =========

        ========= netsh int ipv4 reset =========

        Schnittstelle wird zurckgesetzt, OK!
        Starten Sie den Computer neu, um die Aktion abzuschlieáen.

        ========= End of CMD: =========

        ========= netsh int ipv6 reset =========

        Schnittstelle wird zurckgesetzt, OK!
        Unicastadresse wird zurckgesetzt, OK!
        Route wird zurckgesetzt, OK!
        Starten Sie den Computer neu, um die Aktion abzuschlieáen.

        ========= End of CMD: =========

        ========= bitsadmin /reset /allusers =========

        BITSADMIN version 3.0 [ 7.5.7601 ]
        BITS administration utility.
        (C) Copyright 2000-2006 Microsoft Corp.

        BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
        Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

        Unable to cancel {45382896-53DE-4301-9C8E-DB783E57F6C3}.
        0 out of 1 jobs canceled.

        ========= End of CMD: =========

        =========== EmptyTemp: ==========

        BITS transfer queue => 8388608 B
        DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5001535 B
        Java, Flash, Steam htmlcache => 460749227 B
        Windows/system/drivers => 64791865 B
        Edge => 0 B
        Chrome => 338944923 B
        Firefox => 135174023 B
        Opera => 0 B

        Temp, IE cache, history, cookies, recent:
        Users => 0 B
        Default => 0 B
        Public => 0 B
        ProgramData => 0 B
        systemprofile => 42320371 B
        systemprofile32 => 1473 B
        LocalService => 115860 B
        NetworkService => 98560 B
        Philipp => 1111642348 B
        UpdatusUser => 0 B

        RecycleBin => 0 B
        EmptyTemp: => 2 GB temporary data Removed.

        ================================

        The system needed a reboot.

        ==== End of Fixlog 01:05:48 ====

          Comment

          • siq
            PCHF Member
            • Jan 2017
            • 49
            #18
            The download for the Autologger cannot be opened

              Comment

              • Malnutrition
                PCHF Moderator
                • Jul 2016
                • 7041
                #19
                Uploading it for you.

                Free File Transfer | Send Large Files Instantly | SendSpace
                https://www.sendspace.com/file/nfqwep
                SendSpace lets you transfer large files quickly and securely for free. Enjoy hassle-free file sharing today.


                Also, alternate download link here.

                  Comment

                  • siq
                    PCHF Member
                    • Jan 2017
                    • 49
                    #20
                    It still says that the document cannot be opened

                      Comment

                      • Malnutrition
                        PCHF Moderator
                        • Jul 2016
                        • 7041
                        #21
                        Originally posted by siq
                        It still says that the document cannot be opened
                        Unzip it with 7zip

                          Comment

                          • Malnutrition
                            PCHF Moderator
                            • Jul 2016
                            • 7041
                            #22
                            If you are still unable to use Autologger…

                            Download uVS English Version To your desktop
                            Create a new folder on desktop.
                            Unzip it there.
                            Right click Start [MEDIA=imgur]L8goZMW[/MEDIA] and run as admin.
                            Select start under current User.
                            [MEDIA=imgur]4XlNKga[/MEDIA]
                            Then Select File. [MEDIA=imgur]iDTfLbb[/MEDIA]
                            The Select: Save Os Image with Checking digitial Signature (Slow)
                            [MEDIA=imgur]CRn1knJ[/MEDIA]
                            Allow completion this can take some time.
                            Then go back to the folder where you Saved – Unzipped – UVS
                            Upload your system image. Here in your next reply.
                            It will look something similar to this.
                            [MEDIA=imgur]tBCHqxH[/MEDIA]

                              Comment

                              • siq
                                PCHF Member
                                • Jan 2017
                                • 49
                                #23
                                Originally posted by Malnutrition
                                If you are still unable to use Autologger…
                                Nah, got it working

                                  Comment

                                  • siq
                                    PCHF Member
                                    • Jan 2017
                                    • 49
                                    #24
                                    script ver. 2016.10.20
                                    DefaultLanguage = 0407
                                    Autologger’s localization was made in English.
                                    Log collection started at 2017.02.03-01:39:57
                                    C:\Users\Philipp\Desktop\Neuer Ordner (2)\AutoLogger (2)\AutoLogger
                                    C:\Users\Philipp\AppData\Local\Temp
                                    AutoLogger has been run with local Administrator rights.
                                    Elevation of privileges of rights is successful.
                                    This is not a Server System.
                                    Last update was on = 2017.02.02
                                    Current date is = 2017.02.03
                                    Database is up-to-date.
                                    Your system is x64, the standard script #2 will be executed now.

                                    script ver. 2016.10.22
                                    Autologger’s localization was made in English.
                                    Second stage scan start time2017.02.03-01:39:57
                                    C:\Users\Philipp\Desktop\Neuer Ordner (2)\AutoLogger (2)\AutoLogger
                                    C:\Users\Philipp\AppData\Local\Temp
                                    Script running will be continued after 20 seconds…
                                    Added key for creation of dumps at the application crash.
                                    Parameter for silent dumps creation at the application crash was added.
                                    Google Chrome default browser.
                                    Google Chrome exited with return code 5
                                    iexplore.exe exited with return code 259
                                    HiJackThis fork (SZ team) scan will start right now. Start time is 2017.02.03-01:44:15
                                    HijackThis exited with return code 0
                                    RSIT scan will start right now. Start time is 2017.02.03-01:44:21
                                    RSIT exited with return code 0
                                    CheckBrowsersLNK scan will be executed now. Start time is 2017.02.03-01:45:41
                                    Check Browsers LNK exited with return code 0
                                    CheckBrowsersLNK finished its scan.
                                    Now logs will be packed into zip-archive. Current time is 2017.02.03-01:46:03
                                    File C:\Users\Philipp\Desktop\Neuer Ordner (2)\AutoLogger (2)\AutoLogger\CollectionLog-2017.02.03-01.46\Check_Browsers_LNK.log, packed result = 0
                                    File C:\Users\Philipp\Desktop\Neuer Ordner (2)\AutoLogger (2)\AutoLogger\CollectionLog-2017.02.03-01.46\HiJackThis.log, packed result = 0
                                    File C:\Users\Philipp\Desktop\Neuer Ordner (2)\AutoLogger (2)\AutoLogger\CollectionLog-2017.02.03-01.46\info.txt, packed result = 0
                                    File C:\Users\Philipp\Desktop\Neuer Ordner (2)\AutoLogger (2)\AutoLogger\CollectionLog-2017.02.03-01.46\log.txt, packed result = 0
                                    File C:\Users\Philipp\Desktop\Neuer Ordner (2)\AutoLogger (2)\AutoLogger\CollectionLog-2017.02.03-01.46\virusinfo_syscheck.zip, packed result = 0
                                    Key for creation of dumps at the application crash was deleted.
                                    Parameter for silent dumps creation at the application crash was deleted.

                                      Comment

                                      • Malnutrition
                                        PCHF Moderator
                                        • Jul 2016
                                        • 7041
                                        #25
                                        Alright, post the log when ready.

                                          Comment

                                          • Malnutrition
                                            PCHF Moderator
                                            • Jul 2016
                                            • 7041
                                            #26
                                            No, In the folder you should have this:

                                            Forums - PC Help Forum
                                            https://pchelpforum.net/attachments/upload_2017-2-2_18-29-15-png.1473/
                                            PCHF Forums

                                            I need you to upload that for me.

                                            It contains [ATTACH]1480[/ATTACH]whiich i need.

                                              Comment

                                              • Malnutrition
                                                PCHF Moderator
                                                • Jul 2016
                                                • 7041
                                                #27
                                                I need this one.
                                                Upload the entire log.
                                                [ATTACH]1481[/ATTACH]

                                                  Comment

                                                  • siq
                                                    PCHF Member
                                                    • Jan 2017
                                                    • 49
                                                    #28
                                                    Is this it?

                                                      Comment

                                                      • Malnutrition
                                                        PCHF Moderator
                                                        • Jul 2016
                                                        • 7041
                                                        #29
                                                        Yes indeed.

                                                          Comment

                                                          • Malnutrition
                                                            PCHF Moderator
                                                            • Jul 2016
                                                            • 7041
                                                            #30
                                                            Step 1: HijackThis Fix.

                                                            Locate the HijackThis file from within the Autologger Folder.
                                                            Close all other open programs prior to running this tool!!
                                                            Right Click Run as Administrator.
                                                            Click Scan.
                                                            Then checkmark the items listed below.

                                                            O3 - Toolbar: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
                                                            O4 - MSConfig\startupreg: [AvgUi] “C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe” /lps=fmw (2017/02/02)
                                                            O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
                                                            O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
                                                            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
                                                            O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
                                                            O22 - ScheduledTask: (Ready) Microsoft Compatibility Appraiser - \Microsoft\Windows\Application Experience - C:\Windows\system32\CompatTelRunner.exe
                                                            O22 - ScheduledTask: (Ready) launchtrayprocess - \Microsoft\Windows\Setup\gwx - C:\Windows\system32\GWX\GWX.exe /tasklaunch (file missing)
                                                            O22 - ScheduledTask: (Ready) refreshgwxconfig - \Microsoft\Windows\Setup\gwx - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
                                                            O22 - ScheduledTask: (Ready) refreshgwxconfig-B - \Microsoft\Windows\Setup\GWXTriggers - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
                                                            O22 - ScheduledTask: (Ready) refreshgwxconfigandcontent - \Microsoft\Windows\Setup\gwx - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
                                                            O22 - ScheduledTask: (Ready) refreshgwxcontent - \Microsoft\Windows\Setup\gwx - C:\Windows\system32\GWX\GWXConfigManager.exe /RefreshContent (file missing)
                                                            O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                            O23 - Service S2: Google Update-Dienst (gupdate) - (gupdate) - Microsoft Corporation - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
                                                            O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe (file missing)
                                                            O23 - Service S3: Google Update-Dienst (gupdatem) - (gupdatem) - Microsoft Corporation - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)

                                                            Now click on fix checked.
                                                            After the fix is complete, then reboot your machine.


                                                            Step 2: ClearLNK

                                                            Download ClearLNK save it to your desktop.
                                                            Drag the file Check_Browsers_LNK from your Collection log made earlier.
                                                            As per picture.
                                                            A report on the work as a file ClearLNK- .log
                                                            Will be produced, post that log.


                                                            https://up2sha.re/uploads/2015/3/BPD7B3BAgEQl.gif

                                                            Step 3: AVZ Fix
                                                            Copy the content of the code box below.
                                                            Code:
                                                            begin
SetAVZGuardStatus(True);
 DeleteService('gupdatem');
 DeleteService('gupdate');
 DeleteFile('C:\Program Files (x86)\Google\Update\GoogleUpdate.exe','32');
 DeleteFile('C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe','32');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi','command');
 DeleteFile('C:\Program Files (x86)\Cuppat\Application\chrome.exe','32');
 DeleteFile('C:\Windows\system32\GWX\GWX.exe','32');
 DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess','64');
 DeleteFile('C:\Windows\system32\GWX\GWXConfigManager.exe','32');
 DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig','64');
 DeleteFile('C:\Windows\system32\GWX\GWXDetector.exe','32');
 DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent','64');
 DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent','64');
 DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B','64');
ExecuteSysClean;
RebootWindows(true);
end.
                                                            Open the folder you unzipped Autologger in. Double click the AVZ4 folder Right click AVZ run as admin.
                                                            Go to file – Custom Scripts.
                                                            [ATTACH]1483[/ATTACH]
                                                            Paste the content of your clipboard into the Custom Script Area.
                                                            Click the Run Button. [ATTACH]1484[/ATTACH]
                                                            The program will reboot your machine.

                                                            Step 4:Universal Virus Sniffer Scan

                                                            Download uVS English Version To your desktop
                                                            Create a new folder on desktop.
                                                            Unzip it there.
                                                            Right click Start [MEDIA=imgur]L8goZMW[/MEDIA] and run as admin.
                                                            Select start under current User.
                                                            [MEDIA=imgur]4XlNKga[/MEDIA]
                                                            Then Select File. [MEDIA=imgur]iDTfLbb[/MEDIA]
                                                            The Select: Save Os Image with Checking digitial Signature (Slow)
                                                            [MEDIA=imgur]CRn1knJ[/MEDIA]
                                                            Allow completion this can take some time.
                                                            Then go back to the folder where you Saved – Unzipped – UVS
                                                            Upload your system image. Here in your next reply.
                                                            It will look something similar to this.
                                                            [MEDIA=imgur]tBCHqxH[/MEDIA]

                                                              Comment

                                                              Previous 1 2 3 4 5 6 template Next
                                                              Working...

                                                                We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                                By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                                I Agree