|
Plagegeister aller Art und deren Bekämpfung: Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVASTWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.01.2015, 02:09 | #1 |
| Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVAST Guten Tag, mein Avast meldete heute das zwei Malwares gefunden wurde, diese ich anschließend mit Avast überprüft habe. Leider finde ich keine Logs vom ersten Scan. Danach habe ich einen zweiten Scan durchgeführt der keine Funde hatte. Leider finde ich wieder keine logs! Werde morgen einen weiteren Scan durchführen, habe nun das Häckchen für die Logs angeschaltet. Führe grad einen Malwarebytes Scan durch und schicke beim beenden die Logs. Können sie mir schon mal weitere Informationen geben wie ich fortfahren soll? Weitere Scans wie mit FRST, Combofix, Securitycheck, JRT? Name von infizierten Dateien sind: Power_Management_x64.msi Power_Management_x86.msi im Pfad: C:\OEM\Preload\Autorun\APP\Power Management schon mal danke! Grüße |
16.01.2015, 02:14 | #2 |
| Logs MB Hab sie als Anhang, weiß leider nicht wie man sonst logs schickt.
__________________ |
16.01.2015, 02:20 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVAST Hi und
__________________Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
16.01.2015, 14:23 | #4 |
| Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVAST Da noch keiner geantwortet hat, habe ich mir ein paar andere Fragen durchgelesen und habe zunächst auch ein FRST Scan durchgeführt. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01 Ran by Phu at 2015-01-16 14:18:51 Running from C:\Users\Phu\Desktop\Antiviren Programme Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated) abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated) abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.06.2003.0 - Acer Incorporated) abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.01.2005.1 - Acer Incorporated) Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated) Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8103 - Acer Incorporated) Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated) Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3010 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated) Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated) Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.01.3003 - Acer Incorporated) Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.01.3003 - Acer Incorporated) Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated) ActiveState ActivePython 2.7.8.10 (32-bit) (HKLM-x32\...\{EF34E11A-5977-4234-BCDF-6328CA642BC4}) (Version: 2.7.10 - ActiveState Software Inc.) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.103.2020.206 - Alps Electric) AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated) Apowersoft Gratis - Audiorekorder V2.3.2 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.3.2 - APOWERSOFT LIMITED) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version: - ) AudioConverter Studio 8.2 (HKLM-x32\...\AudioConverter Studio_is1) (Version: - ManiacTools.com) Avast License by ZeNiX [2012-03-14] (HKLM-x32\...\Avast_2050_ZeNiX [2012-03-14]_is1) (Version: - ) avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Call of Duty Modern Warfare 2 (HKLM-x32\...\Call of Duty Modern Warfare 2_is1) (Version: - Activision) Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch) Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version: - Infinity Ward) Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version: - Infinity Ward) Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward) Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) CF_Full_1154 (HKLM-x32\...\{5BD22BA3-CD71-432B-87BD-86C83DA27E1D}_is1) (Version: - VTCGame) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.) DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) DayZ Commander (HKLM-x32\...\{7B2CA5E9-763C-4FCE-81EE-13E81ABFE908}) (Version: 0.92.115 - Dotjosh Studios) DayZLauncher version 0.0.0.7 (HKLM-x32\...\{E31045B4-9DB5-44DF-9EBD-BD4CFDE640FD}_is1) (Version: 0.0.0.7 - Maca134) D-com 3G (HKLM-x32\...\D-com 3G) (Version: D-com 3G - ) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden Gyazo 2.3 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated) iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.8.2414.748 - ) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation) Intel(R) Smart Connect Technology (HKLM\...\{26AA61D4-B04D-4E0D-8E20-94A8FF2EE64D}) (Version: 4.2.40.2439 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden Magic Bullet Suite 32-bit (HKLM-x32\...\InstallShield_{A93C9142-A903-4038-884C-F4F34D44ACB6}) (Version: 11.1.1 - Red Giant Software) Magic Bullet Suite 32-bit (x32 Version: 11.1.1 - Red Giant Software) Hidden Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Language Pack 2013 - German/Deutsch (HKLM\...\Office15.OMUI.de-de) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com) Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG) NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden Pokki (HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Pokki) (Version: 0.269.5.367 - Pokki) <==== ATTENTION! Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21238 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden Six Updater (HKLM-x32\...\{AD42165D-FF3C-4975-A130-7AA2801AB5DD}) (Version: 2.09.7042 - Six Projects) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Startfenster (HKLM\...\Startfenster) (Version: - Startfenster) <==== ATTENTION! Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector) The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vegas Pro 10.0 (HKLM-x32\...\{6E0E4D61-11EC-11E0-B454-0013D3D69929}) (Version: 10.0.469 - Sony) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) VPNAutoconnect (HKLM-x32\...\{8E557F21-99AE-440D-8058-CD8CB3302E13}) (Version: 1.15 - globalip) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) WinRAR 5.11 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) Wondershare Dr.Fone für iOS(Build 5.5.0.13) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 5.5.0.13 - Wondershare Software Co.,Ltd.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3522562343-2792028621-2258892311-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 25-12-2014 00:08:58 Geplanter Prüfpunkt 06-01-2015 23:19:00 Installed Cepstral Matthias 6.2.3 14-01-2015 16:50:14 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0191E396-A5B0-4C36-B096-F9351C5E3419} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-21] () Task: {0A0A4CCD-F9EB-445E-846F-C6FF0A7BB1F1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-01-18] (Acer Incorporate) Task: {18D3D124-F8FB-4A3F-BDFD-53D2A418263E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {1BE30B2D-7A34-4932-BEA4-42D44E296297} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated) Task: {231AFAC0-A17D-458F-868B-261888F3718D} - System32\Tasks\{5020AECC-BC0F-4FBE-850F-5349570A67B2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?source=lightinstaller&page=tsPlugin Task: {330D5E04-7306-4699-AAFD-9B1BC60BC062} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {4C9D6B42-A8F9-4A7D-9FEE-36851FC623F0} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] () Task: {4F610D30-20C5-4FED-B26E-0C919793BBB7} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer) Task: {629A6E0C-B132-473D-ABAF-E0D7127B0B76} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {68525B9B-26DE-4083-8F0F-5979027DA7DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.) Task: {6D6D1FAD-8930-45B7-9C69-4FC597B55B2B} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] () Task: {77523E02-BD88-47B7-A2F2-F443C52F0C5E} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate) Task: {79FA9456-5C95-4BCD-9F02-7818773E06F0} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.) Task: {7B54914B-6415-40F3-8C0D-44608AA082E0} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Common\Red Giant Link.exe [2011-11-18] () Task: {800E8B60-9E81-462E-93A1-2259827E22A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated) Task: {879BFC58-EC01-47B2-AF1B-2B34D1F1396B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8D31D11C-4AF6-4DE0-B214-64F39CB639D3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-11] (Microsoft Corporation) Task: {ABB5B00B-1DFE-42E3-B765-E07EED964B0B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-15] (Google Inc.) Task: {B3FEB35E-7D91-4F35-938D-182C5229457E} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-01-24] (TODO: <Company name>) Task: {B562FA56-E4A7-4C1B-8B84-0310B28BA6D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-25] (Piriform Ltd) Task: {C5194B24-846A-44A4-BF02-50C1574EC884} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated) Task: {D0D268B6-3447-4AB2-A1AA-01AD45B27F52} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25] (AVAST Software) Task: {D6D72C4B-1D1E-4C3D-8BB7-B8F844FE88A5} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-04] (Acer Incorporate) Task: {E4ABF38D-A727-49B4-8E1A-5F3BC29579B5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-11-16 14:38 - 2010-11-16 14:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2013-08-12 18:06 - 2013-08-12 18:06 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2013-08-12 18:06 - 2013-08-12 18:06 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2013-08-12 18:06 - 2013-08-12 18:06 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll 2014-12-16 04:00 - 2014-12-16 07:00 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-06-09 11:50 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2014-12-17 21:12 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-11-12 15:47 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll 2013-07-08 17:53 - 2013-07-08 17:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll 2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe 2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe 2014-08-25 16:10 - 2012-03-12 15:44 - 00217600 _____ () C:\Program Files\AVAST Software\Avast\USERENV.dll 2014-08-25 16:04 - 2014-08-25 16:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2015-01-15 22:27 - 2015-01-15 22:27 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011502\algo.dll 2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-06-09 11:15 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-01-09 14:19 - 2015-01-09 14:19 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll 2014-12-19 21:16 - 2014-12-19 21:16 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll 2014-12-29 13:25 - 2014-12-29 13:25 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll 2014-12-29 13:26 - 2014-12-29 13:26 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll 2014-12-29 13:26 - 2014-12-29 13:26 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll 2014-12-29 13:26 - 2014-12-29 13:26 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll 2014-12-19 21:10 - 2014-12-19 21:10 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll 2014-08-25 16:04 - 2014-08-25 16:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll 2014-06-09 11:56 - 2014-01-03 13:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll 2015-01-15 21:15 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll 2015-01-15 21:15 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll 2015-01-15 21:15 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll 2015-01-15 21:15 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Phu\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "ISCTSystray.lnk" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\StartupApproved\StartupFolder: => "Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\StartupApproved\Run: => "Gyazo" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\StartupApproved\Run: => "ApplePhotoStreams" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" ========================= Accounts: ========================== Administrator (S-1-5-21-3522562343-2792028621-2258892311-500 - Administrator - Disabled) Gast (S-1-5-21-3522562343-2792028621-2258892311-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3522562343-2792028621-2258892311-1003 - Limited - Enabled) Phu (S-1-5-21-3522562343-2792028621-2258892311-1001 - Administrator - Enabled) => C:\Users\Phu ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/16/2015 02:16:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bf5f0 ID des fehlerhaften Prozesses: 0xd0 Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0 Pfad der fehlerhaften Anwendung: AcerPortal.exe1 Pfad des fehlerhaften Moduls: AcerPortal.exe2 Berichtskennung: AcerPortal.exe3 Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5 Error: (01/16/2015 02:15:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHU-PC) Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“. Error: (01/16/2015 00:41:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: db0 Startzeit: 01d0311c145ca050 Endzeit: 4294967295 Anwendungspfad: C:\Windows\syswow64\wwahost.exe Berichts-ID: 08b00d50-9d10-11e4-82e3-c45444832e4f Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (01/15/2015 11:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d44 Startzeit: 01d03115cb096a63 Endzeit: 4294967295 Anwendungspfad: C:\Windows\syswow64\wwahost.exe Berichts-ID: bf23ec8a-9d09-11e4-82e3-c45444832e4f Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (01/15/2015 11:26:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15d4 Startzeit: 01d031119a31ebb9 Endzeit: 4294967295 Anwendungspfad: C:\Windows\syswow64\wwahost.exe Berichts-ID: 8e8c3235-9d05-11e4-82e3-c45444832e4f Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error: (01/15/2015 10:40:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bf5f0 ID des fehlerhaften Prozesses: 0x1b28 Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0 Pfad der fehlerhaften Anwendung: AcerPortal.exe1 Pfad des fehlerhaften Moduls: AcerPortal.exe2 Berichtskennung: AcerPortal.exe3 Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5 Error: (01/15/2015 07:16:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: BackgroundAgent.exe, Version: 1.0.1.6, Zeitstempel: 0x5494253a Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.8387, Zeitstempel: 0x51ea24a5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00056b1d ID des fehlerhaften Prozesses: 0x1dbc Startzeit der fehlerhaften Anwendung: 0xBackgroundAgent.exe0 Pfad der fehlerhaften Anwendung: BackgroundAgent.exe1 Pfad des fehlerhaften Moduls: BackgroundAgent.exe2 Berichtskennung: BackgroundAgent.exe3 Vollständiger Name des fehlerhaften Pakets: BackgroundAgent.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: BackgroundAgent.exe5 Error: (01/15/2015 06:31:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bf5f0 ID des fehlerhaften Prozesses: 0x1920 Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0 Pfad der fehlerhaften Anwendung: AcerPortal.exe1 Pfad des fehlerhaften Moduls: AcerPortal.exe2 Berichtskennung: AcerPortal.exe3 Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5 Error: (01/15/2015 03:55:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: AcerPortal.exe, Version: 3.0.4.2002, Zeitstempel: 0x54942c87 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.3.9600.17331, Zeitstempel: 0x54023318 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001bf5f0 ID des fehlerhaften Prozesses: 0xe48 Startzeit der fehlerhaften Anwendung: 0xAcerPortal.exe0 Pfad der fehlerhaften Anwendung: AcerPortal.exe1 Pfad des fehlerhaften Moduls: AcerPortal.exe2 Berichtskennung: AcerPortal.exe3 Vollständiger Name des fehlerhaften Pakets: AcerPortal.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AcerPortal.exe5 Error: (01/14/2015 06:30:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfc6 Name des fehlerhaften Moduls: mfmp4srcsnk.dll, Version: 12.0.9600.17334, Zeitstempel: 0x5407ae99 Ausnahmecode: 0xc0000094 Fehleroffset: 0x0000000000096125 ID des fehlerhaften Prozesses: 0x11d4 Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0 Pfad der fehlerhaften Anwendung: DllHost.exe1 Pfad des fehlerhaften Moduls: DllHost.exe2 Berichtskennung: DllHost.exe3 Vollständiger Name des fehlerhaften Pakets: DllHost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DllHost.exe5 System errors: ============= Error: (01/16/2015 02:17:46 PM) (Source: DCOM) (EventID: 10010) (User: PHU-PC) Description: Microsoft.WindowsLive.Mail.wwa Error: (01/15/2015 07:16:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Januar 2015 (KB890830) Error: (01/14/2015 06:13:11 PM) (Source: DCOM) (EventID: 10010) (User: PHU-PC) Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58} Error: (01/14/2015 05:51:34 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0xc000021a (0xffffc001b5d76e40, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP011415-20140-01 Error: (01/14/2015 05:51:32 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 14.01.2015 um 17:47:00 unerwartet heruntergefahren. Error: (01/14/2015 05:49:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Systemereignissebroker" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Computers. Error: (01/14/2015 05:49:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Stromversorgung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers. Error: (01/14/2015 05:49:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Plug & Play" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/14/2015 05:49:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Lokaler Sitzungs-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (01/14/2015 05:49:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "DCOM-Server-Prozessstart" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Computers. Microsoft Office Sessions: ========================= Error: (01/16/2015 02:16:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0d001d0318eb47a239cC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dllf2a3fa54-9d81-11e4-82e3-c45444832e4f Error: (01/16/2015 02:15:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHU-PC) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142 Error: (01/16/2015 00:41:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.17031db001d0311c145ca0504294967295C:\Windows\syswow64\wwahost.exe08b00d50-9d10-11e4-82e3-c45444832e4fMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (01/15/2015 11:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.17031d4401d03115cb096a634294967295C:\Windows\syswow64\wwahost.exebf23ec8a-9d09-11e4-82e3-c45444832e4fMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (01/15/2015 11:26:36 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: wwahost.exe6.3.9600.1703115d401d031119a31ebb94294967295C:\Windows\syswow64\wwahost.exe8e8c3235-9d05-11e4-82e3-c45444832e4fMicrosoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp Error: (01/15/2015 10:40:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f01b2801d0310bea3a73cbC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll28494b82-9cff-11e4-82e3-c45444832e4f Error: (01/15/2015 07:16:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BackgroundAgent.exe1.0.1.65494253aMSVCR90.dll9.0.30729.838751ea24a5c000000500056b1d1dbc01d030e8d510b08eC:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_5094ca96bcb6b2bb\MSVCR90.dll9fd56012-9ce2-11e4-82e2-c45444832e4f Error: (01/15/2015 06:31:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0192001d030e90fce61faC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll4e60a4bf-9cdc-11e4-82e2-c45444832e4f Error: (01/15/2015 03:55:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0e4801d030d34ede0464C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll8d1c15a3-9cc6-11e4-82e2-c45444832e4f Error: (01/14/2015 06:30:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: DllHost.exe6.3.9600.163845215dfc6mfmp4srcsnk.dll12.0.9600.173345407ae99c0000094000000000009612511d401d0301fba83f39dC:\Windows\system32\DllHost.exeC:\Windows\System32\mfmp4srcsnk.dllf837a674-9c12-11e4-82e2-c45444832e4f CodeIntegrity Errors: =================================== Date: 2014-08-22 07:04:24.693 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-08-15 06:53:40.299 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-08-05 09:20:07.101 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-23 10:01:26.458 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-18 08:26:18.531 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-07-16 02:53:41.068 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz Percentage of memory in use: 31% Total physical RAM: 8072.27 MB Available physical RAM: 5492.7 MB Total Pagefile: 16264.27 MB Available Pagefile: 13267.02 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:898.59 GB) (Free:611.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 95695C9D) Partition: GPT Partition Type. ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01 Ran by Phu (administrator) on PHU-PC on 16-01-2015 14:18:09 Running from C:\Users\Phu\Desktop\Antiviren Programme Loaded Profiles: Phu (Available profiles: Phu) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe (Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Pokki) C:\Users\Phu\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe (Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [688984 2013-09-30] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-25] (AVAST Software) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] () HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Run: [Gyazo] => [X] HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.) HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6480664 2014-09-25] (Piriform Ltd) HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22067296 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\RunOnce: [Application Restart #1] => C:\Users\Phu\AppData\Local\Pokki\Engine\HostAppService.exe [7843656 2015-01-01] (Pokki) HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\MountPoints2: {a67318b2-0e53-11e4-826b-c45444832e4f} - "D:\AutoRun.exe" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\MountPoints2: {a673194e-0e53-11e4-826b-c45444832e4f} - "D:\AutoRun.exe" HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\...\MountPoints2: {d4a71936-6a7b-11e4-82b4-c45444832e4f} - "D:\SETUP.EXE" /AUTORUN Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) Startup: C:\Users\Phu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.de HKU\S-1-5-21-3522562343-2792028621-2258892311-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl SearchScopes: HKLM -> DefaultScope {3A27A470-C4EC-431F-84DC-2AE42998C813} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {3A27A470-C4EC-431F-84DC-2AE42998C813} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-3522562343-2792028621-2258892311-1001 -> DefaultScope {3A27A470-C4EC-431F-84DC-2AE42998C813} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3522562343-2792028621-2258892311-1001 -> {3A27A470-C4EC-431F-84DC-2AE42998C813} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3522562343-2792028621-2258892311-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = SearchScopes: HKU\S-1-5-21-3522562343-2792028621-2258892311-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-25] Chrome: ======= CHR HomePage: Default -> CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (ProxFlow) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-10-09] CHR Extension: (Google Docs) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-15] CHR Extension: (Google Drive) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-15] CHR Extension: (Adblock Plus) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-16] CHR Extension: (Google-Suche) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-15] CHR Extension: (Avast Online Security) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-25] CHR Extension: (Google Wallet) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-15] CHR Extension: (Google Mail) - C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-15] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-25] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-08-25] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [782208 2015-01-15] () R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-01-18] (Acer Incorporate) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-12-16] () R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-04] (Acer Incorporate) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-04] (Acer Incorporate) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-24] (acer) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-25] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-08-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-25] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-08-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-25] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-25] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-25] () S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-11-12] (Disc Soft Ltd) S3 ew_mbbusbdev; C:\Windows\system32\DRIVERS\ew_mbbusbdev.sys [115584 2010-09-27] (MBB Technologies Co., Ltd.) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118728 2013-09-18] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] () R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated) S3 mbbdatacard; C:\Windows\system32\DRIVERS\ewusbmdm.sys [226048 2012-12-11] (MBB Technologies Co., Ltd.) R3 mbb_enumerator; C:\Windows\System32\drivers\ew_mbbbusenum.sys [90112 2012-12-14] (MBB Technologies Co., Ltd.) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation) R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation) S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA) R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [427736 2013-08-09] (Realsil Semiconductor Corporation) U0 txdjsvw; C:\Windows\System32\drivers\qjbk.sys [79064 2015-01-16] (Malwarebytes Corporation) S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X] S3 X6va024; \??\C:\Windows\SysWOW64\Drivers\X6va024 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 02:10 - 2015-01-16 02:10 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\qjbk.sys 2015-01-16 01:57 - 2015-01-16 01:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-16 01:56 - 2015-01-16 01:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Phu\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-16 01:56 - 2015-01-16 01:56 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-16 01:56 - 2015-01-16 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-16 01:56 - 2015-01-16 01:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-16 01:56 - 2015-01-16 01:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-16 01:56 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-16 01:56 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-16 01:56 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-16 01:44 - 2015-01-16 14:18 - 00000000 ____D () C:\FRST 2015-01-16 01:43 - 2015-01-16 01:43 - 05609736 _____ (Swearware) C:\Users\Phu\Downloads\ComboFix.exe 2015-01-15 19:24 - 2015-01-15 19:24 - 00782208 _____ () C:\Users\Phu\Downloads\BEService_x64 (1).exe 2015-01-15 19:24 - 2015-01-15 19:24 - 00634752 _____ () C:\Users\Phu\Downloads\BEService (1).exe 2015-01-15 17:20 - 2015-01-15 17:20 - 00000000 ____D () C:\Users\Phu\Downloads\DayZ_Namalsk-0.75 2015-01-15 17:09 - 2015-01-15 17:19 - 896577489 _____ () C:\Users\Phu\Downloads\DayZ_Namalsk-0.75.rar 2015-01-14 21:31 - 2015-01-14 21:33 - 15614112 _____ (AnyMP4 Studio ) C:\Users\Phu\Downloads\free-iphone-data-recovery.exe 2015-01-14 21:30 - 2015-01-14 21:30 - 28651576 _____ (Wondershare Software Co.,Ltd. ) C:\Users\Phu\Downloads\ios-data-recovery.exe 2015-01-14 18:08 - 2015-01-14 21:32 - 00001331 _____ () C:\Users\Public\Desktop\Wondershare Dr.Fone für iOS.lnk 2015-01-14 18:08 - 2015-01-14 21:32 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp 2015-01-14 18:08 - 2015-01-14 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2015-01-14 18:08 - 2015-01-14 21:32 - 00000000 ____D () C:\Program Files (x86)\Wondershare 2015-01-14 18:08 - 2015-01-14 18:09 - 00000000 ____D () C:\ProgramData\Wondershare 2015-01-14 18:08 - 2015-01-14 18:08 - 01125448 _____ (Wondershare) C:\Users\Phu\Downloads\drfone_setup_full1284.exe 2015-01-14 18:08 - 2015-01-14 18:08 - 00000000 ____D () C:\Users\Public\Documents\Wondershare 2015-01-14 18:08 - 2015-01-14 18:08 - 00000000 ____D () C:\Users\Phu\AppData\Local\Wondershare 2015-01-14 18:08 - 2014-08-08 16:15 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll 2015-01-14 18:08 - 2014-08-08 16:15 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys 2015-01-14 18:04 - 2015-01-14 18:04 - 28155894 _____ () C:\Users\Phu\Downloads\Trampoline-v2.5-DUCHESS-AppAddict-iOS6.0-(Clutch-1.4.6).ipa 2015-01-14 17:51 - 2015-01-14 17:51 - 713164247 _____ () C:\Windows\MEMORY.DMP 2015-01-14 17:51 - 2015-01-14 17:51 - 00312416 _____ () C:\Windows\Minidump\011415-20140-01.dmp 2015-01-14 15:51 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 15:51 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 15:51 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys 2015-01-14 15:51 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 15:51 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-14 15:51 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-01-14 15:51 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 15:51 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-14 15:51 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 15:51 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-14 15:51 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-14 15:51 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 15:51 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-14 15:51 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 15:51 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2015-01-14 15:51 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe 2015-01-14 15:51 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe 2015-01-14 15:51 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-01-14 15:51 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-01-14 15:51 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-01-14 15:51 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-01-14 15:51 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 15:51 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 15:51 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 15:51 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 15:51 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 15:51 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll 2015-01-14 15:51 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 15:51 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-14 15:51 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-14 15:51 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 15:42 - 2015-01-14 15:43 - 00002001 _____ () C:\Users\Public\Desktop\abMedia.lnk 2015-01-13 15:56 - 2015-01-13 15:56 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud 2015-01-13 15:56 - 2015-01-13 15:56 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk 2015-01-07 15:32 - 2015-01-07 15:32 - 00764800 _____ () C:\Users\Phu\Downloads\BEService_x64.exe 2015-01-07 15:32 - 2015-01-07 15:32 - 00647040 _____ () C:\Users\Phu\Downloads\BEService.exe 2015-01-06 23:25 - 2015-01-06 23:26 - 00000000 ____D () C:\Users\Phu\Downloads\DARF 2015-01-06 23:11 - 2015-01-06 23:13 - 00311000 _____ () C:\Users\Phu\Downloads\Farid Bang - Lutsch (Prod. Juh-Dee) (2014).mp3.sfk 2015-01-06 23:07 - 2015-01-06 23:11 - 159208792 _____ (Microsoft Corporation) C:\Users\Phu\Downloads\Cepstral_Matthias_windows_6.2.3.767.exe 2015-01-06 23:03 - 2015-01-06 23:03 - 09998490 _____ () C:\Users\Phu\Downloads\balabolka_CB-DL-Manager [1].exe 2015-01-06 23:03 - 2015-01-06 23:03 - 00823792 _____ ( ) C:\Users\Phu\Downloads\balabolka_CB-DL-Manager.exe 2015-01-06 19:21 - 2015-01-06 19:21 - 18308353 _____ () C:\Users\Phu\Downloads\SoundCloud-v2.7.2-KBar-(Cracked) .ipa 2015-01-06 16:03 - 2015-01-06 16:03 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\Sony Creative Software Inc 2015-01-05 21:12 - 2015-01-05 21:12 - 00195688 _____ () C:\Users\Phu\Downloads\Zack_Hemsey_-_Mind_Heist_The_Inception_OST_(mp3.pm).mp3.sfk 2015-01-05 21:02 - 2015-01-05 21:02 - 01174352 _____ () C:\Users\Phu\Downloads\FunnyVoice - CHIP-Installer.exe 2015-01-05 20:39 - 2015-01-05 23:40 - 00000000 ____D () C:\Users\Phu\Documents\Apowersoft Free Audio Recorder 2015-01-05 20:39 - 2015-01-05 20:39 - 00001440 _____ () C:\Users\Public\Desktop\Apowersoft Gratis - Audiorekorder.lnk 2015-01-05 20:39 - 2015-01-05 20:39 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\Apowersoft 2015-01-05 20:39 - 2015-01-05 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft 2015-01-05 20:39 - 2015-01-05 20:39 - 00000000 ____D () C:\Program Files (x86)\Apowersoft 2015-01-05 20:38 - 2015-01-05 20:39 - 07914704 _____ (APOWERSOFT LIMITED ) C:\Users\Phu\Downloads\free-audio-recorder-chipde_2.3.2.exe 2015-01-05 20:28 - 2015-01-05 20:28 - 00010792 _____ () C:\Users\Phu\Downloads\SPOOKY.mp3.sfk 2015-01-05 19:20 - 2015-01-12 13:51 - 00000000 ____D () C:\Users\Phu\Desktop\aufgdeckt 2014-12-28 11:40 - 2014-12-28 11:42 - 00000000 ____D () C:\Users\Phu\AppData\Local\ftblauncher 2014-12-28 11:40 - 2014-12-28 11:41 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\ftblauncher 2014-12-25 09:34 - 2015-01-15 22:38 - 00003635 _____ () C:\Windows\setupact.log 2014-12-25 09:34 - 2014-12-25 09:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-12-24 21:33 - 2014-12-24 21:33 - 00376832 _____ (Oracle) C:\Users\Phu\Desktop\mysql.data.dll 2014-12-24 17:07 - 2014-12-24 17:07 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\NVIDIA 2014-12-24 17:01 - 2015-01-16 14:18 - 01347867 _____ () C:\Windows\WindowsUpdate.log 2014-12-17 21:12 - 2014-12-17 21:12 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-12-17 21:12 - 2014-12-13 09:03 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2014-12-17 21:12 - 2014-12-13 09:03 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2014-12-17 21:12 - 2014-12-13 09:03 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2014-12-17 21:12 - 2014-12-13 09:03 - 01097360 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2014-12-17 21:12 - 2014-12-13 09:03 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2014-12-17 21:12 - 2014-12-13 09:03 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2014-12-17 21:12 - 2014-12-13 09:03 - 00075080 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2014-12-17 21:12 - 2014-12-13 09:03 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2014-12-17 21:12 - 2014-12-13 00:11 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin 2014-12-17 21:10 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2014-12-17 21:10 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00399688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00391488 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00346944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2014-12-17 21:10 - 2014-12-13 11:08 - 00027983 _____ () C:\Windows\system32\nvinfo.pb 2014-12-17 21:05 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-12-17 21:05 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 14:18 - 2014-08-28 17:54 - 00000000 ____D () C:\Users\Phu\Desktop\Antiviren Programme 2015-01-16 14:18 - 2014-07-15 22:19 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B7484398-1D91-4D12-90F4-35A6A823A32D} 2015-01-16 14:18 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-16 14:17 - 2014-07-16 01:53 - 00000000 ____D () C:\Users\Phu\AppData\Local\CrashDumps 2015-01-16 14:16 - 2014-09-21 16:55 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS 2015-01-16 14:16 - 2014-07-15 22:59 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-16 14:16 - 2014-07-15 19:32 - 00000000 ____D () C:\Users\Phu\AppData\Local\Pokki 2015-01-16 14:15 - 2014-07-16 14:36 - 00000000 __RDO () C:\Users\Phu\OneDrive 2015-01-16 14:14 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru 2015-01-16 02:16 - 2014-07-15 19:38 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3522562343-2792028621-2258892311-1001 2015-01-16 02:14 - 2014-07-15 22:59 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-16 02:10 - 2014-09-04 21:49 - 00000000 ____D () C:\ProgramData\Iminent 2015-01-16 02:10 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\ADFS 2015-01-16 01:56 - 2014-09-04 22:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-16 01:40 - 2014-08-29 13:55 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\TS3Client 2015-01-15 23:58 - 2014-09-06 18:13 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-15 23:57 - 2014-07-16 14:06 - 00000000 ____D () C:\Users\Phu\AppData\Local\ArmA 2 OA 2015-01-15 22:41 - 2014-06-09 20:39 - 00765582 _____ () C:\Windows\system32\perfh007.dat 2015-01-15 22:41 - 2014-06-09 20:39 - 00159366 _____ () C:\Windows\system32\perfc007.dat 2015-01-15 22:41 - 2014-03-18 11:03 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-15 22:36 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-15 22:28 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2015-01-15 18:37 - 2014-07-15 19:32 - 00000000 ____D () C:\Users\Phu\AppData\Local\Packages 2015-01-14 18:02 - 2014-07-23 16:00 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\iFunbox_UserCache 2015-01-14 17:51 - 2014-11-18 07:43 - 00000000 ____D () C:\Windows\Minidump 2015-01-14 16:51 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-14 15:43 - 2014-05-27 04:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2015-01-14 15:43 - 2014-05-27 04:58 - 00000000 ____D () C:\Program Files (x86)\Acer 2015-01-14 15:42 - 2014-07-15 19:34 - 00000000 ____D () C:\Users\Phu\AppData\Local\clear.fi 2015-01-13 21:56 - 2014-09-04 22:19 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-12 13:53 - 2014-09-04 14:31 - 00401408 ___SH () C:\Users\Phu\Documents\Thumbs.db 2015-01-10 22:04 - 2014-09-03 20:01 - 00002976 _____ () C:\Users\Phu\Desktop\Schuhe.txt 2015-01-10 22:04 - 2014-07-15 19:32 - 00000000 ____D () C:\Users\Phu 2015-01-08 23:01 - 2014-10-20 19:33 - 00000854 _____ () C:\Users\Phu\Desktop\DAYZ.txt 2015-01-08 22:29 - 2014-08-26 06:51 - 00000000 ____D () C:\Program Files (x86)\Gyazo 2015-01-08 14:51 - 2014-08-26 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo 2015-01-07 18:09 - 2014-09-02 15:09 - 00276480 ___SH () C:\Users\Phu\Desktop\Thumbs.db 2015-01-07 00:05 - 2014-10-10 05:48 - 00000000 ____D () C:\Windows\ENG 2015-01-06 01:08 - 2014-07-16 00:40 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-06 01:08 - 2014-07-16 00:40 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-05 22:45 - 2014-08-30 16:36 - 00000132 _____ () C:\Users\Phu\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2015-01-05 19:55 - 2014-09-28 19:43 - 00000000 ____D () C:\Users\Phu\Desktop\egal wie 2015-01-05 19:27 - 2014-08-15 04:14 - 00625152 ___SH () C:\Users\Phu\Downloads\Thumbs.db 2015-01-04 22:16 - 2014-10-15 20:22 - 00000000 ____D () C:\ProgramData\Origin 2015-01-04 21:19 - 2014-12-16 06:55 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2015-01-04 21:19 - 2014-12-16 04:00 - 00348928 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-01-04 21:18 - 2014-12-16 04:00 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-01-04 20:57 - 2014-10-15 20:22 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-01-03 13:26 - 2014-07-15 19:35 - 00002332 _____ () C:\Users\Phu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk 2014-12-25 00:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache 2014-12-24 13:16 - 2014-11-17 18:14 - 00000000 ____D () C:\Users\Phu\AppData\Local\LogMeIn Hamachi 2014-12-24 13:16 - 2014-11-12 15:55 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\DAEMON Tools Lite 2014-12-24 13:16 - 2014-07-20 16:00 - 00000000 ____D () C:\Users\Phu\AppData\Roaming\uTorrent 2014-12-17 21:12 - 2014-06-09 11:12 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-12-17 21:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help 2014-12-17 21:11 - 2014-06-09 11:12 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-12-17 19:50 - 2014-12-16 06:54 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins Some content of TEMP: ==================== C:\Users\Phu\AppData\Local\Temp\oct7A74.tmp.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-05 19:59 ==================== End Of Log ============================ |
16.01.2015, 15:04 | #5 |
| Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVAST Nochmal von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.01.2015 Suchlauf-Zeit: 01:57:37 Logdatei: Malwarebytes2.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.15.16 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Phu Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 352334 Verstrichene Zeit: 11 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 147 PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, , [209c8b6c76131026c1e6ee018979916f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}, , [209c8b6c76131026c1e6ee018979916f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [e3d9a354ee9bfd264ef427da67d86d927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject.1, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.Iminent.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.Iminent.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, , [e3d9a354ee9bd264ef427da67d86d927], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [ead2ad4ab8d141f52c43f7f84cb6e020], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, , [ead2ad4ab8d141f52c43f7f84cb6e020], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}, , [4d6f2acd3158979fc424c65d3bc8f808], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand, , [4d6f2acd3158979fc424c65d3bc8f808], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand, , [4d6f2acd3158979fc424c65d3bc8f808], PUP.Optional.Snapdo.T, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [9d1f886f9cedbd7942091b0cb251718f], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, , [9d1f886f9cedbd7942091b0cb251718f], PUP.Optional.Iminent.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [9c204fa8662388ae455b55cef0132ed2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [9c204fa8662388ae455b55cef0132ed2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent.iminentHlpr, , [9c204fa8662388ae455b55cef0132ed2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent.iminentHlpr.1, , [9c204fa8662388ae455b55cef0132ed2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent.iminentHlpr, , [9c204fa8662388ae455b55cef0132ed2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent.iminentHlpr.1, , [9c204fa8662388ae455b55cef0132ed2], PUP.Optional.Iminent.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{112BA211-334C-4A90-90EC-2AD1CDAB287C}, , [9c204fa8662388ae455b55cef0132ed2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0af350d9-3916-454b-ac53-0b0b65f41301}, , [fac26c8bcdbc10261aef73b117ec768a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [b3095d9acfba6fc76f9b73b1fb08b749], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [7e3ed0271c6db38377949e864cb7c23e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent.iminentdskBnd, , [219b94639eeb51e5f8a9988b33d0b848], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent.iminentdskBnd.1, , [219b94639eeb51e5f8a9988b33d0b848], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent.iminentdskBnd, , [219b94639eeb51e5f8a9988b33d0b848], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent.iminentdskBnd.1, , [219b94639eeb51e5f8a9988b33d0b848], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [b507f8ff8306bc7ad4a4feb7699ae917], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\esrv.iminentESrvc, , [08b42acdacddec4ad9549322cf34d22e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\esrv.iminentESrvc.1, , [fcc01fd84346a0968ba2585ddd265ba5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent, , [14a8c82f6a1ff5413d3c459a0ef653ad], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.DownloadArgs, , [704c44b30c7d58de98ffaf1cbb496e92], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.LinkToPromoteArgs, , [02baea0d8108171f7b1c3299fc08827e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.RawDataArgs, , [7b410fe8147559ddfd9a884355af50b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.TinyUrlArgs, , [526acb2cdaaf7abc4552c20963a119e7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Business.Tinyfying.ViralLinkArgs, , [c3f924d33a4fab8b2d6adfecf21219e7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent.iminentappCore, , [7c40a7507811b4826ac40ea746bd6e92], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\iminent.iminentappCore.1, , [378504f3a4e50d299f8f4a6b59aa1ce4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ClientCallback, , [9f1db2454742a591a26a943491739070], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ContractBase, , [9b215c9bc0c978bef21a8048a3616f91], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand, , [dbe1f3048cfd6cca4cc07e4a9b69857b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand, , [4775688f4e3b280ed8346662a75d03fd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand, , [378576812c5d76c061ab963246be54ac], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GameOverCallback, , [6359ad4ac2c7c472020ab61249bbde22], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetCreditCommand, , [a61655a2c9c078bea7651eaa2cd8fd03], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand, , [d3e9ee097f0ab97d33d9d7f1de2636ca], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand, , [922a2dca5d2c3afc24e83494f50f6d93], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult, , [2a921add2a5f2313d636e9df8a7aa858], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableCommand, , [1ca0f106f2972b0b3cd083459d67b848], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableResult, , [89338a6da2e75fd7cf3debdd37cde31d], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.InstallationContextResult, , [526a28cf1c6d81b5a567d7f1a361bd43], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommand, , [05b78374f69361d56ca031974cb8ec14], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult, , [dce006f13a4f3bfb7b9105c355afc23e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginCommand, , [febed621e5a4fd39fb111dabce36669a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback, , [615bfbfccbbe96a036d6874129db3fc1], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.LogoutCommand, , [4973f007cfbafe3837d5e6e21de71de3], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand, , [7d3f3eb9880187af24e8eddbfa0a47b9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.MyAccountCommand, , [4775fdfa97f2ff37d13befd9d62ee21e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.PlayContentCommand, , [655747b0e8a1cf6703093e8a55af09f7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.PostContentCallback, , [b10be3145e2b082e709cb31552b28080], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand, , [754719defc8dea4c9676aa1ed92bb947], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.SetVariableCommand, , [3785e90e1970da5c98741eaab84c8b75], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand, , [3b8115e246437abca06c4e7a20e4768a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand, , [d3e9c433afdaf73fc844b414857f57a9], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.TestContentCommand, , [605c7c7babde06300c00d5f372929967], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback, , [c2fa40b72b5e6cca40cca3257391a957], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback, , [3d7fcf286128bb7b6aa2dbedba4ae41c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.WarmUpCommand, , [f4c8e80f8603af8767a56a5ea85c6e92], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.DataContracts.WelcomeCommand, , [7d3f72857b0e91a5ae5e735501032dd3], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ServerCommand, , [04b83fb80e7bea4c28e47355b94ba858], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.Communication.ServerResult, , [c3f9a2554742f54140cc1dab08fc827e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.LightContent, , [fdbf0fe803862f070b017d4b22e2dd23], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.LightUri, , [ab11ac4b3a4f5dd914f882469074de22], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent.Mediator.MediatorServiceProxy, , [8d2fad4a593071c5ad5f22a60afabb45], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender, , [1ca0f9fee0a964d2405666651de7df21], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1, , [526adf183158f3437f1726a5e32155ab], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, , [edcf18dfb7d26cca84edece7ea1a04fc], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, , [4a729b5c2663ca6c8d03cdc029daa35d], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [b705bb3cd0b956e02652b104f70c6799], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\IminentToolbar, , [5f5d46b10b7e8ea8b9add7df09fac63a], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, , [24983eb96821c47245b15a8aec188080], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.iminentESrvc, , [9f1d23d4bacf9e9885a81c9954af619f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.iminentESrvc.1, , [11abc433533606308ca1e4d1b54e32ce], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent, , [96261dda93f6c670ff7a8e519a6a9e62], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.DownloadArgs, , [4a7257a0048561d5b6e11cafa65e21df], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.LinkToPromoteArgs, , [526acc2b55340333e3b44f7c9f65b34d], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.RawDataArgs, , [992328cf3a4f280e1a7ddfec62a2f709], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.TinyUrlArgs, , [f9c3d522ec9d84b2bed9f2d9c2427888], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Business.Tinyfying.ViralLinkArgs, , [ac101fd8ee9b6fc76730c7041fe5b050], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent.iminentappCore, , [487480778efb92a49a94e7cec043b14f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\iminent.iminentappCore.1, , [a81423d4ff8aff371c127c39b84bd828], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ClientCallback, , [09b30bec8dfcca6c8a8295332bd94eb2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ContractBase, , [398340b7187144f2fd0f0eba4bb933cd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand, , [ab110ceb7e0b2016ff0d7f49e02435cb], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand, , [9824dd1a56338fa725e774541de729d7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand, , [4a72688ff99058de2ddf488012f2e818], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GameOverCallback, , [05b7a552a1e853e33ad2a12706fe7888], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetCreditCommand, , [b5079b5c87029f97000c4484986cba46], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand, , [08b4688fb0d983b3ac607b4d9b69eb15], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand, , [e5d746b1fb8eec4a83895c6c9e66d927], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult, , [f3c91addb9d053e342ca596f976dd32d], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableCommand, , [1ba134c38efb56e0b85424a452b24eb2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.GetVariableResult, , [5666f601b8d1171f8e7e16b25ba904fc], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.InstallationContextResult, , [caf2b93ea5e493a310fc2b9deb19619f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommand, , [18a47c7bed9c96a04dbfd1f7f311ef11], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult, , [f4c88c6b8306cb6b34d8b4141be9c13f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginCommand, , [b3096394b0d95cda17f518b0d3310ff1], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback, , [2b917e798aff2313d7351aae49bb23dd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.LogoutCommand, , [b309b443f49571c5ab61bf09699bed13], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand, , [05b7fcfb1b6ed06625e71dabc3419769], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.MyAccountCommand, , [9b21b93e7b0e2115e22ad1f72adaf808], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.PlayContentCommand, , [d6e6c730d6b3a2944cc015b320e409f7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.PostContentCallback, , [9626ab4c6a1fcc6a0efec503877d7987], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand, , [6d4f15e22366bc7ad438e8e0966e7987], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.SetVariableCommand, , [c5f78b6c30594cea0a02d4f433d118e8], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand, , [5c609a5d41482d09729abc0cd92b8080], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand, , [b7054fa8b2d75ed8000c2f9916eef50b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.TestContentCommand, , [c7f5e3143653de5814f817b10301a45c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback, , [477508ef8efb5bdb2be1ebdd669e0af6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback, , [0eae787fd8b12214c04c32964cb8758b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.WarmUpCommand, , [942808ef632677bfc94306c27b894db3], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.DataContracts.WelcomeCommand, , [02bac334335671c5927a3d8b3ec6ef11], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ServerCommand, , [d3e9db1cc1c821150ffd6a5e7e867090], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.Communication.ServerResult, , [1f9d20d79cedd066f418fcccfd075ba5], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.LightContent, , [9626ea0d1f6af640f3190dbbd72d8080], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.LightUri, , [bdff30c79aef0333818bc701947049b7], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent.Mediator.MediatorServiceProxy, , [07b5ea0d96f346f099739f290ff54cb4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender, , [93291fd8622747efccca3794d52ff60a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender.1, , [3b819b5c2f5a87af0f874388ff050000], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, , [a31946b1cebb4ee886eb835015efd12f], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ehhlaekjfiiojlddgndcnefflngfmhen, , [00bc04f32b5eea4c728c206006fd5da3], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nbljechdpodpbchbmjcoamidppmpnmlc, , [c6f6e7106a1f77bf3cc193ed7192d828], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, , [83399b5c7910ea4cbed22b6257accf31], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E30EFF6C-E021-46C2-888A-E58E93213D97}, , [15a7a84fe7a20d2994863a4b10f30ff1], PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA, , [8c307b7c8207999d63c6b418cf35fb05], PUP.Optional.Iminent.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [5b61a4531c6dc274f485268f1be86e92], PUP.Optional.Iminent.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\IminentToolbar, , [23994fa895f4df57422509adb25134cc], PUP.Optional.MultiIE.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, , [803c9463375259ddf6f37b6cef15768a], PUP.Optional.Iminent.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, , [bb0146b1b2d786b0215f851b699af50b], PUP.Optional.Linkury.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, , [0bb18f6895f448ee041f4a3dfb082bd5], PUP.Optional.Wajam.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, , [5c6050a790f9e6508b5a5e6ff60e40c0], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam, , [a31957a02a5f1a1c226a6bcc956eb14f], Registrierungswerte: 9 PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{1FAFD711-ABF9-4F6A-8130-5166C7371427}, , [219b94639eeb51e5f8a9988b33d0b848], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{1FAFD711-ABF9-4F6A-8130-5166C7371427}, Iminent Toolbar, , [219b94639eeb51e5f8a9988b33d0b848] PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [1d9f7f78cbbe53e37993265ecc371fe1] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [eece6196d6b30630ff0d8103e0233ac6] PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Iminent, C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C", , [8636b047cabf1a1c58beb3d2a2610ff1] PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IminentMessenger, C:\Program Files (x86)\Iminent\Iminent.Messengers.exe, , [2696df185336bc7a76a1176ec24112ee] PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA|MUpdBlock, { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "IEXPLORE_BHO" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 4 } } } , , [8c307b7c8207999d63c6b418cf35fb05] PUP.Optional.Linkury.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, YahooSM, , [0bb18f6895f448ee041f4a3dfb082bd5] PUP.Optional.Wajam.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 8755, , [5c6050a790f9e6508b5a5e6ff60e40c0] Registrierungsdaten: 2 PUP.Optional.HelperBar.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KpLlHjFbDeQsDHFeiwp8SeapuiRKJ7fI0M1W0SIMCkRJqx4qOKgW08KsMt2uEb_h7XwuH48pTjzt_dxTyR0E5yy2lu0FvKIxmiuC-B23SCv6yxZ4PXhCHLbUuVTcoFn2q6Jkawo_M9ecilcQl1KpK5YkNYDglEq9M_Xg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KpLlHjFbDeQsDHFeiwp8SeapuiRKJ7fI0M1W0SIMCkRJqx4qOKgW08KsMt2uEb_h7XwuH48pTjzt_dxTyR0E5yy2lu0FvKIxmiuC-B23SCv6yxZ4PXhCHLbUuVTcoFn2q6Jkawo_M9ecilcQl1KpK5YkNYDglEq9M_Xg,,&q={searchTerms}),,[fdbf0fe8b6d395a19386d3bab253b64a] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3522562343-2792028621-2258892311-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KpLlHjFbDeQsDHFeiwp8SeapuiRKJ7fI0M1W0SIMCkRJqx4qOKgW08KsMt2uEb_h7XwuH48pTjzt_dxTyR0E5yy2lu0FvKIxmiuC-B23SCv6yxZ4PXhCHLbUuVTcoFn2q6Jkawo_M9ecilcQl1KpK5YkNYDglEq9M_Xg,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMdnxsM5TEzN82KpLlHjFbDeQsDHFeiwp8SeapuiRKJ7fI0M1W0SIMCkRJqx4qOKgW08KsMt2uEb_h7XwuH48pTjzt_dxTyR0E5yy2lu0FvKIxmiuC-B23SCv6yxZ4PXhCHLbUuVTcoFn2q6Jkawo_M9ecilcQl1KpK5YkNYDglEq9M_Xg,,&q={searchTerms}),,[12aabc3b6b1e55e1ed2d494450b5649c] Ordner: 13 PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent, , [9e1ec82fbecbde5888b9fccee91b0df3], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator, , [734954a3d2b703334f39cc6bf40f31cf], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas, , [734954a3d2b703334f39cc6bf40f31cf], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache, , [734954a3d2b703334f39cc6bf40f31cf], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com, , [734954a3d2b703334f39cc6bf40f31cf], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Iminent.A, C:\Users\Phu\AppData\Roaming\IminentToolbar, , [f1cb5e999aefd3638fda3aff10f3da26], Dateien: 73 PUP.Optional.Iminent.A, C:\Windows\Installer\89226c5.msi, , [a01c3abd41481f17fbfbb89716eb13ed], PUP.Optional.SmartBar, C:\Windows\Installer\MSIF801.tmp-\Smartbar.Installer.CustomActions.dll, , [0dafa4536e1bc86ea4dfbc72619fed13], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\SearchTheWeb.lnk, , [9e1ec82fbecbde5888b9fccee91b0df3], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Blog.lnk, , [9e1ec82fbecbde5888b9fccee91b0df3], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\FAQ.lnk, , [9e1ec82fbecbde5888b9fccee91b0df3], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Help.lnk, , [9e1ec82fbecbde5888b9fccee91b0df3], PUP.Optional.Iminent.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk, , [9e1ec82fbecbde5888b9fccee91b0df3], PUP.Optional.Iminent.A, C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1033.11575f00-7bdc-4181-ba0a-b298aeab228c.dat, , [734954a3d2b703334f39cc6bf40f31cf], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\amazon.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\argos.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\ask.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\bestbuy.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\ebay.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\etsy.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\facebook.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\favicon.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\google.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\homedepot.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\ikea.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\imdb.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\lowes.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\mercado.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\mysearchweb.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\myshopping.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\searchresult.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\sears.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\setting.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\settings.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\shopping.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\target.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\tesco.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\tripadvisor.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\twitter.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\wajam.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\walmart.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\wiki.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\yahoo.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Logos\zalando.ico, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\FiddlerCore.dll, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\HtmlAgilityPack.dll, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\makecert.exe, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\Newtonsoft.Json.dll, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamHttpServer.exe, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\wie, , [a31957a02a5f1a1c226a6bcc956eb14f], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Settings.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Facebook.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\SignIn with Twitter.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Wajam Website.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Ask.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Google.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\IMDb.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Shopping.com.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\TripAdvisor.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Wikipedia.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Amazon.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Argos.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ebay.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Etsy.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\HomeDepot.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Ikea.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Lowe's.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Mercadolivre.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\MyShopping.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Sears.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Target.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Tesco.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Walmart.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Shopping\Zalando.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Uninstall Wajam\uninstall.lnk, , [edcf886f76134cea77a9c4757192b050], PUP.Optional.Iminent.A, C:\Users\Phu\AppData\Roaming\IminentToolbar\sqlite3.dll, , [f1cb5e999aefd3638fda3aff10f3da26], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) ADCleaner LOG Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 16/01/2015 um 14:34:53 # Aktualisiert 07/01/2015 von Xplode # Database : 2015-01-13.2 [Live] # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : Phu - PHU-PC # Gestartet von : C:\Users\Phu\Downloads\adwcleaner_4.107.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\Iminent Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella Datei Gelöscht : C:\Users\Phu\Favorites\Startfenster.lnk Datei Gelöscht : C:\Users\Phu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk Datei Gelöscht : C:\Users\Phu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk Datei Gelöscht : C:\Users\Phu\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Classes\pokki Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8E9F2D02-6B06-4EBA-92C2-68438EADED28} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99E71BF1-5F51-4AF9-830B-67015D59640D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FD0C1D9-180B-4834-B80B-4B7325AF90E1} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2CC3C46-143B-4142-9D5A-B8543F0A6F55} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8E9F2D02-6B06-4EBA-92C2-68438EADED28} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3A27A470-C4EC-431F-84DC-2AE42998C813} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3A27A470-C4EC-431F-84DC-2AE42998C813} Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKCU\Software\Pokki Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\C6FFE03E120E2C6488A85EE83912D379 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\C6FFE03E120E2C6488A85EE83912D379 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D01B4BB24CCD043B69431CCABB1A34 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26707ED04B511954795390209ACE9875 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBCD189EC41EB4E4AB05DC8A9EB51C45 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C6FFE03E120E2C6488A85EE83912D379 Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17416 Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Google Chrome v39.0.2171.99 [C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms} [C:\Users\Phu\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.iminent.com/?appId=A46188FD-5D38-4847-B462-934C5CB611E2&ref=toolbox&q={searchTerms} ************************* AdwCleaner[R0].txt - [33999 octets] - [16/01/2015 14:30:41] AdwCleaner[S0].txt - [32863 octets] - [16/01/2015 14:34:53] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32924 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.1 (12.28.2014:1) OS: Windows 8.1 x64 Ran by Phu on 16.01.2015 at 14:40:55,88 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Phu\favorites\links\startfenster.lnk" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 16.01.2015 at 14:44:13,80 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
17.01.2015, 16:50 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVASTZitat:
Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ --> Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVAST |
Themen zu Win32:Rootkit-gen[Rtk] in C:\OEM\Preload\Autorun\APP\Power Management. AVAST |
bluescreen 0xc000021a, combofix, durchführen, durchgeführt, fehlercode 0xc0000005, fehlercode 0xc0000094, informationen, malwarebytes, pokki entfernen, pup.optional.datamangr.a, pup.optional.dynconie.a, pup.optional.helperbar.a, pup.optional.iminent.a, pup.optional.linkury.a, pup.optional.multiie.a, pup.optional.smartbar, pup.optional.snapdo.t, pup.optional.umbrella.a, pup.optional.wajam.a, startfenster entfernen, win32:rootkit-gen, win32:rootkit-gen[rtk], überprüft |