| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.01.2015, 15:19
| #1 |
| |  Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!! Hallo, Ich habe mir auch diesen bescheuerten Interpol-Virus eingefangen. Wie werde ich den Scheisser wieder los? Die bisherigen Beiträge helfen mir leider nicht wirklich weiter, da ich nicht unbedingt der Informatiker bin! kann mir Bitte jemand erklären wie ich den Mist wieder los werde und das bitte so das sogar ich Depp verstehe wie? Danke in voraus! |
|
25.01.2015, 16:12
| #2 |
| /// the machine /// TB-Ausbilder    | Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!! hi,
__________________Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ |
|
25.01.2015, 16:14
| #3 |
| | Das kam rausFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by SYSTEM on MININT-T93U4V5 on 25-01-2015 15:06:56 Running from G:\ Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [IAStorIcon] => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink) HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2013-11-08] (CyberLink) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [StatusAlerts] => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" HKLM-x32\...\Run: [NeroFilterCheck] => C:\WINDOWS\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM-x32\...\Run: [PinnacleDriverCheck] => C:\windows\SysWOW64\\PSDrvCheck.exe [442368 2004-03-11] () HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\Jan Plutke\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\Jan Plutke\...\Run: [EPSON Stylus SX200] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION) HKU\Jan Plutke\...\Run: [Akamai NetSession Interface] => C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\Jan Plutke\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.) HKU\Jan Plutke\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe HKU\Jan Plutke\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F966B1E03.lnk ShortcutTarget: F966B1E03.lnk -> C:\ProgramData\30E1B669F.cpp () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH) S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation) S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG) S2 PLFlash DeviceIoControl Service; C:\WINDOWS\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] () S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 Winmgmt; C:\ProgramData\F966B1E03.zot [356864 2015-01-25] () S2 2e496bfb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DiscountRewards\yellowfastapp.dll",serv S2 AllDaySavingsService64; C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\etmajyzoqm64.exe [X] S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X] S2 MBAMScheduler; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe" [X] S2 MBAMService; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X] S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X] S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [X] S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X] S2 Update AppEnable; "C:\Program Files (x86)\AppEnable\updateAppEnable.exe" [X] S2 Util AppEnable; "C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) S1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) S1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) S3 ASAPIW2K; C:\windows\SysWOW64\Drivers\asapiW2k.sys [11264 2005-01-10] (VOB Computersysteme GmbH) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-10-04] () S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-04] (Microsoft Corporation) S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) S1 CLVirtualDrive1.1; C:\Windows\system32\DRIVERS\CLVirtualDrive1_1.sys [91912 2013-06-03] (CyberLink) S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-12-17] () S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) S3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) S1 PCLEPCI; C:\WINDOWS\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S0 BMLoad; system32\drivers\BMLoad.sys [X] S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X] S1 netfilter64; system32\drivers\netfilter64.sys [X] S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X] S1 tcpipBM; \??\C:\windows\system32\drivers\tcpipBM.sys [X] S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 14:29 - 2015-01-25 14:29 - 00000000 ____D () C:\FRST 2015-01-25 13:56 - 2015-01-25 13:56 - 00356864 ____T () C:\ProgramData\F966B1E03.zot 2015-01-25 13:53 - 2015-01-25 13:53 - 00204800 _____ () C:\ProgramData\30E1B669F.cpp 2015-01-23 05:26 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll 2015-01-23 05:26 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\System32\aspnet_counters.dll 2015-01-21 15:59 - 2014-08-15 11:03 - 00000257 _____ () C:\Users\Jan Plutke\Downloads\XXX German-Porns XXX.url 2015-01-21 15:56 - 2014-09-07 17:14 - 3090948154 _____ () C:\Users\Jan Plutke\Downloads\Private.Paerchen.im.Sextest.TD545.mp4 2015-01-21 15:53 - 2015-01-21 15:55 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\psTD545 2015-01-21 09:22 - 2015-01-21 09:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part04.rar 2015-01-21 09:14 - 2015-01-21 09:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part03.rar 2015-01-21 09:06 - 2015-01-21 09:14 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part01.rar 2015-01-21 08:58 - 2015-01-21 09:06 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part02.rar 2015-01-21 08:56 - 2015-01-21 08:58 - 80888628 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part11.rar 2015-01-21 08:48 - 2015-01-21 08:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part05.rar 2015-01-21 08:40 - 2015-01-21 08:48 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part08.rar 2015-01-21 08:30 - 2015-01-21 08:40 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part10.rar 2015-01-21 08:22 - 2015-01-21 08:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part06.rar 2015-01-21 08:15 - 2015-01-21 08:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part09.rar 2015-01-21 08:07 - 2015-01-21 15:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part07.rar 2015-01-21 07:45 - 2015-01-21 08:07 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part2.rar 2015-01-21 07:23 - 2015-01-21 07:45 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part3.rar 2015-01-21 06:49 - 2015-01-21 07:23 - 866351449 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part4.rar 2015-01-21 06:27 - 2015-01-21 06:49 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part1.rar 2015-01-20 15:57 - 2015-01-20 15:58 - 209079409 _____ () C:\Users\Jan Plutke\Downloads\n3449.rar 2015-01-20 15:54 - 2015-01-20 15:56 - 127961778 _____ () C:\Users\Jan Plutke\Downloads\feucht.rar 2015-01-18 22:48 - 2015-01-18 22:48 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\State of Decay.url 2015-01-18 18:16 - 2015-01-18 18:16 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\H1Z1.url 2015-01-18 18:11 - 2015-01-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-18 18:11 - 2015-01-18 18:11 - 00000986 _____ () C:\Users\Public\Desktop\Steam.lnk 2015-01-18 11:41 - 2015-01-18 11:41 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\SCE 2015-01-14 02:51 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys 2015-01-14 02:51 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe 2015-01-14 02:51 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ahcache.sys 2015-01-14 02:51 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe 2015-01-14 02:51 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-14 02:51 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2015-01-14 02:51 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2015-01-14 02:51 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2015-01-14 02:51 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe 2015-01-14 02:51 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe 2015-01-14 02:51 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2015-01-14 02:51 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2015-01-14 02:51 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll 2015-01-14 02:51 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2015-01-14 02:51 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe 2015-01-14 02:51 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe 2015-01-14 02:51 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-01-14 02:51 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-01-14 02:51 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-01-14 02:51 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\werdiagcontroller.dll 2015-01-14 02:51 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll 2015-01-14 02:51 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2015-01-14 02:51 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2015-01-14 02:51 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-10 08:43 - 2015-01-10 08:45 - 62465672 _____ (DVDVideoSoft Ltd. ) C:\users\Jan 2015-01-10 06:53 - 2015-01-10 06:53 - 00280424 _____ () C:\Windows\Minidump\011015-101265-01.dmp 2015-01-05 21:26 - 2013-11-30 07:58 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\State of Decay - Elamigos 2015-01-03 21:42 - 2015-01-03 21:42 - 00002094 _____ () C:\Users\Public\Desktop\Studio Launcher.lnk 2015-01-03 21:41 - 2013-08-22 04:54 - 00072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL485d.rra 2015-01-03 21:35 - 2003-10-21 05:15 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCP71.DLL 2015-01-03 21:35 - 2003-10-20 09:38 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCR71.DLL 2014-12-31 15:00 - 2015-01-01 07:50 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\Skyrim 2014-12-30 22:26 - 2014-12-30 22:26 - 00002445 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition (Launcher).lnk 2014-12-30 22:26 - 2014-12-30 22:26 - 00002391 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk 2014-12-30 22:09 - 2015-01-01 07:53 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year) 2014-12-27 22:07 - 2014-12-27 22:07 - 00002242 _____ () C:\Users\Public\Desktop\Postal 2 Apocalypse Weekend Expansion Pack.lnk 2014-12-27 22:07 - 2014-12-27 22:07 - 00002054 _____ () C:\Users\Public\Desktop\Postal 2 Share The Pain.lnk 2014-12-26 16:03 - 2014-12-26 16:03 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-12-26 15:59 - 2014-12-26 15:59 - 00001323 _____ () C:\Users\Public\Desktop\Call of Duty 4 - Modern Warfare.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-25 14:31 - 2012-12-15 09:00 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1999916086-726414315-3245994003-1001 2015-01-25 14:24 - 2014-11-29 18:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-25 14:23 - 2014-11-04 20:16 - 00017066 _____ () C:\Windows\setupact.log 2015-01-25 14:23 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-25 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\System32\sru 2015-01-25 13:47 - 2014-11-08 15:47 - 00000322 _____ () C:\Windows\Tasks\PennyBee.job 2015-01-25 10:28 - 2014-01-02 21:43 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E95950BD-F24A-4AB4-BA96-6CE26AB6F9C3} 2015-01-25 08:59 - 2012-12-15 13:35 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\vlc 2015-01-25 08:29 - 2014-01-02 21:34 - 01890871 _____ () C:\Windows\WindowsUpdate.log 2015-01-24 11:41 - 2014-01-09 13:31 - 00079360 ___SH () C:\Users\Jan Plutke\Desktop\Thumbs.db 2015-01-24 04:27 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-22 20:47 - 2013-07-20 12:45 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\.minecraft 2015-01-22 19:34 - 2013-11-14 08:27 - 01780340 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-01-22 19:34 - 2013-11-14 08:11 - 00766620 _____ () C:\Windows\System32\perfh007.dat 2015-01-22 19:34 - 2013-11-14 08:11 - 00159902 _____ () C:\Windows\System32\perfc007.dat 2015-01-22 06:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness 2015-01-21 14:51 - 2013-11-08 17:17 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-20 16:13 - 2013-09-28 16:37 - 00000886 _____ () C:\Users\Jan Plutke\Desktop\Downloads.lnk 2015-01-19 22:32 - 2014-12-14 01:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-19 22:32 - 2014-12-14 01:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-18 18:31 - 2012-12-15 11:00 - 00571393 _____ () C:\Windows\DirectX.log 2015-01-17 21:46 - 2014-02-06 12:54 - 01837056 ___SH () C:\Users\Jan Plutke\Documents\Thumbs.db 2015-01-16 07:23 - 2014-01-03 00:24 - 00547840 ___SH () C:\Users\Jan Plutke\Downloads\Thumbs.db 2015-01-16 07:18 - 2013-07-16 00:51 - 00000000 ____D () C:\Windows\System32\MRT 2015-01-16 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\System32\config\BBI 2015-01-15 22:40 - 2013-01-07 18:32 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\dvdcss 2015-01-14 05:06 - 2012-12-15 09:59 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2015-01-10 06:53 - 2014-01-13 12:12 - 00000000 ____D () C:\Windows\Minidump 2015-01-10 06:50 - 2013-11-08 17:54 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2015-01-05 16:18 - 2013-10-25 10:32 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-05 16:15 - 2014-01-22 18:17 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-05 07:52 - 2013-10-11 23:27 - 00021840 ____T () C:\Windows\SysWOW64\SIntfNT.dll 2015-01-05 07:52 - 2013-10-11 23:27 - 00017212 ____T () C:\Windows\SysWOW64\SIntf32.dll 2015-01-05 07:52 - 2013-10-11 23:27 - 00012067 ____T () C:\Windows\SysWOW64\SIntf16.dll 2015-01-05 07:52 - 2013-01-15 22:59 - 00000000 ____D () C:\Users\Jan Plutke\Desktop\Spiele 2015-01-03 23:53 - 2013-02-12 17:33 - 00001194 _____ () C:\Windows\VFO.INI 2015-01-03 23:31 - 2013-02-12 18:01 - 00005270 _____ () C:\Windows\attach.log 2015-01-03 22:22 - 2014-05-09 18:04 - 00000116 _____ () C:\Windows\NeroDigital.ini 2015-01-03 22:21 - 2013-02-14 18:19 - 00017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-03 22:08 - 2013-02-12 17:31 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI 2015-01-03 21:37 - 2013-02-12 17:33 - 00000107 _____ () C:\AUTOEXEC.BAT 2015-01-03 21:34 - 2013-02-12 14:10 - 00000037 _____ () C:\Windows\install_Studio10.log 2015-01-01 22:31 - 2014-10-11 10:01 - 00704821 _____ () C:\Users\Jan Plutke\Documents\Ansicht 1zu5.VLM 2015-01-01 22:31 - 2014-10-05 09:21 - 00554719 _____ () C:\Users\Jan Plutke\Documents\Bett Schnitte 01.VLM 2014-12-31 15:00 - 2012-01-17 02:19 - 00000000 ____D () C:\Users\Jan Plutke\Documents\My Games 2014-12-27 22:05 - 2013-02-05 15:12 - 00000000 ____D () C:\Program Files (x86)\GOG.com 2014-12-26 15:51 - 2014-02-26 09:25 - 00000000 ____D () C:\Program Files (x86)\Activision Some content of TEMP: ==================== C:\Users\Jan Plutke\AppData\Local\Temp\AutoRun.exe C:\Users\Jan Plutke\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jan Plutke\AppData\Local\Temp\Civilization4.exe C:\Users\Jan Plutke\AppData\Local\Temp\sfamcc00001.dll C:\Users\Jan Plutke\AppData\Local\Temp\sfareca00001.dll C:\Users\Jan Plutke\AppData\Local\Temp\SniperEliteV2.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2014-09-15 15:32] - [2014-08-23 08:48] - 2374784 ____A (Microsoft Corporation) ACDBE1ED38167C8B01B8F63161BB2CEA C:\Windows\SysWOW64\explorer.exe [2014-09-15 15:32] - [2014-08-23 08:13] - 2084520 ____A (Microsoft Corporation) 195822ACCDAA2B4815DD01BAFC335595 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2014-11-12 18:24] - [2014-09-22 05:38] - 1519488 ____A (Microsoft Corporation) F0A117D19873FCDF801F082F33BFBB6C C:\Windows\SysWOW64\User32.dll [2014-11-12 18:24] - [2014-09-19 01:16] - 1346048 ____A (Microsoft Corporation) 5F333FDBF392850373C89BDA31EBEC1B C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2014-09-15 15:32] - [2014-06-19 03:13] - 0310080 ___AC (Microsoft Corporation) 64CA2B4A49A8EAF495E435623ECCE7DB ==================== Restore Points ========================= Restore point made on: 2015-01-10 08:38:12 Restore point made on: 2015-01-14 05:05:51 Restore point made on: 2015-01-18 18:29:50 Restore point made on: 2015-01-21 14:47:07 Restore point made on: 2015-01-21 14:49:28 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8144.22 MB Available physical RAM: 7224.99 MB Total Pagefile: 8144.22 MB Available Pagefile: 7240.29 MB Total Virtual: 131072 MB Available Virtual: 131071.88 MB ==================== Drives ================================ Drive c: (TI30961600B) (Fixed) (Total:585.4 GB) (Free:70.79 GB) NTFS Drive d: (System) (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS Drive f: () (Fixed) (Total:0.34 GB) (Free:0.07 GB) NTFS Drive g: (AUTO_JAN) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=1.9 GB) - (Type=0B) LastRegBack: 2015-01-21 16:04 ==================== End Of Log ============================ |
|
25.01.2015, 18:53
| #4 |
| /// the machine /// TB-Ausbilder | Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!! Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F966B1E03.lnk
ShortcutTarget: F966B1E03.lnk -> C:\ProgramData\30E1B669F.cpp ()
S2 Winmgmt; C:\ProgramData\F966B1E03.zot [356864 2015-01-25] ()
S2 2e496bfb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DiscountRewards\yellowfastapp.dll",serv
S2 AllDaySavingsService64; C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\etmajyzoqm64.exe [X]
2015-01-25 13:56 - 2015-01-25 13:56 - 00356864 ____T () C:\ProgramData\F966B1E03.zot
2015-01-25 13:53 - 2015-01-25 13:53 - 00204800 _____ () C:\ProgramData\30E1B669F.cpp
Emptytemp:
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten, wir sind dann aber noch nicht fertig !!! Dann vom Desktop aus: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.01.2015, 19:21
| #5 |
| | Antwort von "FIXLOG"Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by SYSTEM at 2015-01-25 19:10:25 Run:1
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F966B1E03.lnk
ShortcutTarget: F966B1E03.lnk -> C:\ProgramData\30E1B669F.cpp ()
S2 Winmgmt; C:\ProgramData\F966B1E03.zot [356864 2015-01-25] ()
S2 2e496bfb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\DiscountRewards\yellowfastapp.dll",serv
S2 AllDaySavingsService64; C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\etmajyzoqm64.exe [X]
2015-01-25 13:56 - 2015-01-25 13:56 - 00356864 ____T () C:\ProgramData\F966B1E03.zot
2015-01-25 13:53 - 2015-01-25 13:53 - 00204800 _____ () C:\ProgramData\30E1B669F.cpp
Emptytemp:
*****************
C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\F966B1E03.lnk => Moved successfully.
C:\ProgramData\30E1B669F.cpp => Moved successfully.
Winmgmt => Service restored successfully.
2e496bfb => Service deleted successfully.
AllDaySavingsService64 => Service deleted successfully.
C:\ProgramData\F966B1E03.zot => Moved successfully.
"C:\ProgramData\30E1B669F.cpp" => File/Directory not found.
Emptytemp: => Error: This directive works only outside recovery mode.
==== End of Fixlog 19:10:26 ====
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Jan Plutke (administrator) on JAN001 on 25-01-2015 19:16:05
Running from F:\
Loaded Profiles: Jan Plutke (Available profiles: Jan Plutke)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe
(Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [IAStorIcon] => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2013-11-08] (CyberLink)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [StatusAlerts] => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM-x32\...\Run: [NeroFilterCheck] => C:\WINDOWS\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM-x32\...\Run: [PinnacleDriverCheck] => C:\windows\SysWOW64\\PSDrvCheck.exe [442368 2004-03-11] ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [EPSON Stylus SX200] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\MountPoints2: {55ea46ef-4698-11e2-be75-74e54378534d} - "E:\setup.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Software Director Scheduler.lnk
ShortcutTarget: Software Director Scheduler.lnk -> C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {0CA43B3E-E804-4626-889C-7BB7B445A40E} URL =
SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {9B598B0B-D374-4451-9DFE-FD8517ED1996} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Hosts: 127.0.0.1 secure.tune-up.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1999916086-726414315-3245994003-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Profile: C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GoSavue) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe [2014-09-19]
CHR Extension: (Design my eMail) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2014-09-19]
CHR Extension: (RealDownloader) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-05]
CHR Extension: (Music Plus for Google Play Music) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-11-28]
CHR Extension: (Benchwarmer Dribbble for Chrome Tabs) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05]
CHR Extension: (No Name) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-08-05]
CHR Extension: (SaverAddon) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjmenjjcdgedejjmaicpmeldjihnjejj [2014-11-08]
CHR HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 MBAMScheduler; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe" [X]
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]
S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [X]
S2 PennyBee; C:\Program Files (x86)\PennyBee\PennyBee.exe [X]
S2 Update AppEnable; "C:\Program Files (x86)\AppEnable\updateAppEnable.exe" [X]
S2 Util AppEnable; "C:\Program Files (x86)\AppEnable\bin\utilAppEnable.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 ASAPIW2K; C:\windows\SysWOW64\Drivers\asapiW2k.sys [11264 2005-01-10] (VOB Computersysteme GmbH) [File not signed]
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-10-04] ()
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-04] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive1.1; C:\Windows\system32\DRIVERS\CLVirtualDrive1_1.sys [91912 2013-06-03] (CyberLink)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-12-17] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S1 PCLEPCI; C:\WINDOWS\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
S1 tcpipBM; \??\C:\windows\system32\drivers\tcpipBM.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 14:29 - 2015-01-25 19:16 - 00000000 ____D () C:\FRST
2015-01-23 05:26 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-01-23 05:26 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-01-21 15:59 - 2014-08-15 11:03 - 00000257 _____ () C:\Users\Jan Plutke\Downloads\XXX German-Porns XXX.url
2015-01-21 15:56 - 2014-09-07 17:14 - 3090948154 _____ () C:\Users\Jan Plutke\Downloads\Private.Paerchen.im.Sextest.TD545.mp4
2015-01-21 15:53 - 2015-01-21 15:55 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\psTD545
2015-01-21 09:22 - 2015-01-21 09:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part04.rar
2015-01-21 09:14 - 2015-01-21 09:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part03.rar
2015-01-21 09:06 - 2015-01-21 09:14 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part01.rar
2015-01-21 08:58 - 2015-01-21 09:06 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part02.rar
2015-01-21 08:56 - 2015-01-21 08:58 - 80888628 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part11.rar
2015-01-21 08:48 - 2015-01-21 08:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part05.rar
2015-01-21 08:40 - 2015-01-21 08:48 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part08.rar
2015-01-21 08:30 - 2015-01-21 08:40 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part10.rar
2015-01-21 08:22 - 2015-01-21 08:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part06.rar
2015-01-21 08:15 - 2015-01-21 08:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part09.rar
2015-01-21 08:07 - 2015-01-21 15:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part07.rar
2015-01-21 07:45 - 2015-01-21 08:07 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part2.rar
2015-01-21 07:23 - 2015-01-21 07:45 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part3.rar
2015-01-21 06:49 - 2015-01-21 07:23 - 866351449 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part4.rar
2015-01-21 06:27 - 2015-01-21 06:49 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part1.rar
2015-01-20 15:57 - 2015-01-20 15:58 - 209079409 _____ () C:\Users\Jan Plutke\Downloads\n3449.rar
2015-01-20 15:54 - 2015-01-20 15:56 - 127961778 _____ () C:\Users\Jan Plutke\Downloads\feucht.rar
2015-01-18 22:48 - 2015-01-18 22:48 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\State of Decay.url
2015-01-18 18:16 - 2015-01-18 22:48 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-18 18:16 - 2015-01-18 18:16 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\H1Z1.url
2015-01-18 18:11 - 2015-01-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-18 18:11 - 2015-01-18 18:11 - 00000986 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-01-18 18:11 - 2015-01-18 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-18 11:41 - 2015-01-18 11:41 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\SCE
2015-01-14 02:51 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 02:51 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 02:51 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 02:51 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 02:51 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 02:51 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 02:51 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 02:51 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 02:51 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 02:51 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 02:51 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 02:51 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 02:51 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 02:51 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 02:51 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 02:51 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 02:51 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 02:51 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 02:51 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 02:51 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 02:51 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 02:51 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 02:51 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 02:51 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 02:51 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 02:51 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 02:51 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 02:51 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 02:51 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 02:51 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 02:51 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-10 08:43 - 2015-01-10 08:45 - 62465672 _____ (DVDVideoSoft Ltd. ) C:\Users\Jan
2015-01-10 06:53 - 2015-01-10 06:53 - 00280424 _____ () C:\WINDOWS\Minidump\011015-101265-01.dmp
2015-01-05 21:31 - 2015-01-05 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Decay
2015-01-05 21:26 - 2013-11-30 07:58 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\State of Decay - Elamigos
2015-01-03 21:42 - 2015-01-03 21:42 - 00002094 _____ () C:\Users\Public\Desktop\Studio Launcher.lnk
2015-01-03 21:41 - 2013-08-22 04:54 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ATL485d.rra
2015-01-03 21:35 - 2003-10-21 05:15 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP71.DLL
2015-01-03 21:35 - 2003-10-20 09:38 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCR71.DLL
2014-12-31 15:00 - 2015-01-01 07:50 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\Skyrim
2014-12-30 22:26 - 2014-12-30 22:26 - 00002445 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition (Launcher).lnk
2014-12-30 22:26 - 2014-12-30 22:26 - 00002391 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk
2014-12-30 22:09 - 2015-01-01 07:53 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year)
2014-12-27 22:07 - 2014-12-27 22:07 - 00002242 _____ () C:\Users\Public\Desktop\Postal 2 Apocalypse Weekend Expansion Pack.lnk
2014-12-27 22:07 - 2014-12-27 22:07 - 00002054 _____ () C:\Users\Public\Desktop\Postal 2 Share The Pain.lnk
2014-12-26 16:03 - 2014-12-26 16:03 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-12-26 15:59 - 2014-12-26 15:59 - 00001323 _____ () C:\Users\Public\Desktop\Call of Duty 4 - Modern Warfare.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 19:14 - 2014-11-29 18:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-01-25 19:14 - 2014-11-04 20:16 - 00017940 _____ () C:\WINDOWS\setupact.log
2015-01-25 19:14 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 14:31 - 2012-12-15 09:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1999916086-726414315-3245994003-1001
2015-01-25 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-25 13:47 - 2014-11-08 15:47 - 00000322 _____ () C:\WINDOWS\Tasks\PennyBee.job
2015-01-25 10:28 - 2014-01-02 21:43 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E95950BD-F24A-4AB4-BA96-6CE26AB6F9C3}
2015-01-25 08:59 - 2012-12-15 13:35 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\vlc
2015-01-25 08:29 - 2014-01-02 21:34 - 01890871 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-24 11:41 - 2014-01-09 13:31 - 00079360 ___SH () C:\Users\Jan Plutke\Desktop\Thumbs.db
2015-01-24 04:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-22 20:47 - 2013-07-20 12:45 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\.minecraft
2015-01-22 19:34 - 2013-11-14 08:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-22 19:34 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-22 19:34 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-22 06:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-21 14:51 - 2013-11-08 17:17 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-20 16:13 - 2013-09-28 16:37 - 00000886 _____ () C:\Users\Jan Plutke\Desktop\Downloads.lnk
2015-01-19 22:32 - 2014-12-14 01:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-14 01:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-18 18:31 - 2012-12-15 11:00 - 00571393 _____ () C:\WINDOWS\DirectX.log
2015-01-17 21:46 - 2014-02-06 12:54 - 01837056 ___SH () C:\Users\Jan Plutke\Documents\Thumbs.db
2015-01-16 07:23 - 2014-01-03 00:24 - 00547840 ___SH () C:\Users\Jan Plutke\Downloads\Thumbs.db
2015-01-16 07:18 - 2013-07-16 00:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-16 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-15 22:40 - 2013-01-07 18:32 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\dvdcss
2015-01-14 05:06 - 2012-12-15 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-10 06:53 - 2014-01-13 12:12 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-10 06:50 - 2013-11-08 17:54 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2015-01-05 16:18 - 2013-10-25 10:32 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-05 16:15 - 2014-01-22 18:17 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-05 07:52 - 2013-10-11 23:27 - 00021840 ____T () C:\WINDOWS\SysWOW64\SIntfNT.dll
2015-01-05 07:52 - 2013-10-11 23:27 - 00017212 ____T () C:\WINDOWS\SysWOW64\SIntf32.dll
2015-01-05 07:52 - 2013-10-11 23:27 - 00012067 ____T () C:\WINDOWS\SysWOW64\SIntf16.dll
2015-01-05 07:52 - 2013-01-15 22:59 - 00000000 ____D () C:\Users\Jan Plutke\Desktop\Spiele
2015-01-03 23:53 - 2013-02-12 17:33 - 00001194 _____ () C:\WINDOWS\VFO.INI
2015-01-03 23:31 - 2013-02-12 18:01 - 00005270 _____ () C:\WINDOWS\attach.log
2015-01-03 22:22 - 2014-05-09 18:04 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2015-01-03 22:21 - 2013-02-14 18:19 - 00017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-03 22:08 - 2013-02-12 17:31 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2015-01-03 21:37 - 2013-02-12 17:33 - 00000107 _____ () C:\AUTOEXEC.BAT
2015-01-03 21:37 - 2013-02-12 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio 10
2015-01-03 21:36 - 2013-02-17 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-01-03 21:34 - 2013-02-12 14:10 - 00000037 _____ () C:\WINDOWS\install_Studio10.log
2015-01-01 22:31 - 2014-10-11 10:01 - 00704821 _____ () C:\Users\Jan Plutke\Documents\Ansicht 1zu5.VLM
2015-01-01 22:31 - 2014-10-05 09:21 - 00554719 _____ () C:\Users\Jan Plutke\Documents\Bett Schnitte 01.VLM
2014-12-31 15:00 - 2012-01-17 02:19 - 00000000 ____D () C:\Users\Jan Plutke\Documents\My Games
2014-12-27 22:07 - 2013-02-05 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-27 22:05 - 2013-02-05 15:12 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-12-26 15:59 - 2014-02-26 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-12-26 15:51 - 2014-02-26 09:25 - 00000000 ____D () C:\Program Files (x86)\Activision
==================== Files in the root of some directories =======
2013-02-04 16:16 - 2013-02-04 16:16 - 0001644 _____ () C:\Users\Jan Plutke\AppData\Roaming\activebarcodeapp.ini
2013-10-24 21:33 - 2013-10-28 19:09 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-10-15 21:10 - 2013-10-15 21:10 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-04-29 07:08 - 2014-10-04 07:07 - 0000000 _____ () C:\Users\Jan Plutke\AppData\Roaming\bitlord_log.txt
2013-03-17 08:44 - 2013-03-17 08:44 - 0000163 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.pls
2013-04-08 22:15 - 2013-09-21 17:32 - 0000126 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.rss
2014-03-15 09:23 - 2014-03-30 23:23 - 0000075 _____ () C:\Users\Jan Plutke\AppData\Roaming\WB.CFG
2013-02-14 18:19 - 2015-01-03 22:21 - 0017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-05 15:56 - 2014-08-05 15:56 - 0590952 _____ (ClickMeIn Limited) C:\Users\Jan Plutke\AppData\Local\nshA343.tmp
2014-09-07 17:57 - 2014-09-07 17:57 - 0000218 _____ () C:\Users\Jan Plutke\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Jan Plutke\AppData\Local\Temp\AutoRun.exe
C:\Users\Jan Plutke\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Jan Plutke\AppData\Local\Temp\Civilization4.exe
C:\Users\Jan Plutke\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Jan Plutke\AppData\Local\Temp\sfareca00001.dll
C:\Users\Jan Plutke\AppData\Local\Temp\SniperEliteV2.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-21 16:04
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Jan Plutke at 2015-01-25 19:17:38
Running from F:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(HKLM-x32\...\Hollywood FX for Studio) (Version: - )
337 GAMES (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\337Games) (Version: 1.1.1.0 - ) <==== ATTENTION
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
7-Zip 9.25 alpha (HKLM-x32\...\7-Zip) (Version: - )
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alliance of Valiant Arms DE (HKLM-x32\...\Alliance of Valiant Arms DE) (Version: - )
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{08D35D3C-C4F7-09FB-0F89-F680A1CCD3A3}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amiga Forever (HKLM-x32\...\{B57AC3E9-2ED2-410E-9769-5F7FB695C21A}) (Version: 2012.2.8 - Cloanto)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Atheros Bluetooth Filter Driver Package (HKLM\...\{026B819B-4D60-4C8B-892D-33A0D8666F60}) (Version: 2.0.0.2 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.6 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.0-270 - House of Life)
Blasc3 (HKLM-x32\...\{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}) (Version: 1.0.0 - Computec Media AG)
BODLoader 0.5a (HKLM-x32\...\BODLoader_is1) (Version: 0.5a - Masklin)
Call of Duty 4: Modern Warfare (HKLM-x32\...\{C1868B6B-087E-4239-97B0-87F9418BDF7A}_is1) (Version: 1.7 - RAF)
Carmageddon (HKLM-x32\...\GOGPACKCARMAGEDDON_is1) (Version: 2.0.0.63 - GOG.com)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Civilization: Call To Power (HKLM-x32\...\Activision_CivCTPUninstallKey) (Version: - )
Curse Client (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
CyberLink Media Suite 8 (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)
CyberLink Power2Go 7 (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)
CyberLink PowerBackup 2.5 (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)
CyberLink YouCam 3.1 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)
Dead Rising 3 Apocalypse Edition MULTi2 1.0 (HKLM-x32\...\Dead Rising 3 Apocalypse Edition MULTi2 1.0) (Version: - )
Dead.Island.Game.of.The.Year.Edition (HKLM-x32\...\Dead.Island.Game.of.The.Year.Edition_is1) (Version: - )
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery)
DesignPro 5 (x32 Version: 5.5.708 - Avery) Hidden
Destroyer Command (HKLM-x32\...\Destroyer Command) (Version: - )
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Die Gilde Gold-Edition (HKLM-x32\...\Die Gilde Gold-Edition) (Version: 2.06 - JoWooD Productions Software AG)
Die Schlacht um Mittelerde(tm) (HKLM-x32\...\{3F290582-3F4E-4B96-009C-E0BABAA40C42}) (Version: - )
Die Siedler II Gold Edition (HKLM-x32\...\Die Siedler II Gold Edition_is1) (Version: - )
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
Die Sims™ 3 70er, 80er & 90er Accessoires (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Diesel Accessoires (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Gib Gas-Accessoires (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
Die Sims™ 3 Inselparadies (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
Die Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
Die Sims™ 3 Jahreszeiten (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
Die Sims™ 3 Katy Perry Süße Welt (HKLM-x32\...\{9B2506E3-9A3F-45B5-96BF-509CAD584650}) (Version: 13.0.62 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Luxus-Accessoires (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
Die Sims™ 3 Movie-Accessoires (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
Die Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
Die Sims™ 3 Stadt-Accessoires (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
Die Sims™ 3 Traumsuite-Accessoires (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)
Die Völker 2 Gold Edition (HKLM-x32\...\{8C0A88AE-8388-42D5-9134-149BCD77E4F2}) (Version: 2.0.2 - JoWooD Productions Software AG)
Die*Sims™*3 Erstelle einen Sim (HKLM-x32\...\{89173B88-384A-459B-B687-9C0BBC934EF4}) (Version: 1.0.25 - Electronic Arts)
DiscAPI (x32 Version: 2.00.0000 - Pinnacle Systems) Hidden
DiscountsGalore (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2e496bfb}) (Version: - Software Publisher) <==== ATTENTION
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2_is1) (Version: - wepa)
Dungeon Keeper Gold (HKLM-x32\...\Dungeon Keeper Gold_is1) (Version: - wepa)
EMERGENCY 5 (HKLM\...\EMERGENCY 5) (Version: - Sixteen Tons Entertainment)
Emergency 5 (HKLM-x32\...\Emergency 5_is1) (Version: - )
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
eMule (HKLM-x32\...\eMule) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version: - SEIKO EPSON Corporation)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout 3 DLC Pack (HKLM-x32\...\Fallout 3 DLC Pack_is1) (Version: - wepa)
Fallout 3 uncut Patch (HKLM-x32\...\Fallout 3 uncut Patch_is1) (Version: - wepa)
Fallout New Vegas Ultimate Edition (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: - )
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ihr Firmenname)
Far Cry (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
Free Video to DVD Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.44.820 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.820 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.50.1111 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.50.1111 - DVDVideoSoft Ltd.)
GameShadow (HKLM-x32\...\{D98C9637-93DA-44DB-B73A-B11A1192AB26}) (Version: 1.91.0000 - Aardwork Software Ltd)
Geogrid® DynPerspView (HKLM-x32\...\Geogrid_DynPerspView) (Version: - )
GOG.com KKND Xtreme (HKLM\...\{6a53468f-bb50-458c-9fda-edb6e45237fa}.sdb) (Version: - )
GOG.com The Settlers 3 (HKLM\...\{f707a2f1-2ed1-4560-a087-97aa176c3777}.sdb) (Version: - )
gogprivateer2 (HKLM\...\{fabae1d6-0cd1-4944-9078-0ac253a089bb}.sdb) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Ground Zero (HKLM-x32\...\Ground Zero) (Version: V1.0 - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Gtk# for .Net 2.12.10 (HKLM-x32\...\{04AE3BBC-ABFF-42CC-9F90-5B35D229328A}) (Version: 2.12.10 - Xamarin, Inc.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment)
HÄFELE easy link TEC-Service CAD (HKLM-x32\...\Häfele-EasyLink TEC-Service CAD_is1) (Version: - )
Half-Life 2 Uncut Complete Edition MULTI-2 1.0 (HKLM-x32\...\Half-Life 2 Uncut Complete Edition MULTI-2 1.0) (Version: - )
Half-Life(R) 2 (HKLM-x32\...\{D45EC259-4A19-4656-B588-C2C360DD18EA}) (Version: 1.0.0.0 - Valve)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
How to Survive - Storm Warning Edition (HKLM-x32\...\How to Survive - Storm Warning Edition_is1) (Version: - )
How to Survive (HKLM-x32\...\How to Survive_is1) (Version: - )
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
HPDXP (x32 Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden
HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33268) (Version: 3.6.1.33268.15 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.6.1000 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kochscout (HKLM-x32\...\Kochscout) (Version: 12.2.0 - Scoutsystems Software)
Krush, Kill 'n' Destroy Xtreme (HKLM-x32\...\GOGPACKKKNDEXTREME_is1) (Version: 2.0.0.9 - GOG.com)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magicka (HKLM-x32\...\Magicka_is1) (Version: - )
Magicka Collection (HKLM-x32\...\Magicka Collection_is1) (Version: - )
Microsoft Age of Empires Gold (HKLM-x32\...\Age of Empires Gold 1.0) (Version: - )
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{34D9106C-A947-47ED-B4AB-764736350769}) (Version: 1.6.1 - MINECRAFTinstall.net)
Minecraft1.6.1 (HKLM-x32\...\Minecraft1.6.1) (Version: - )
Minutor (HKLM-x32\...\{0300BFF4-33A2-4DFB-979D-79AE9D324E81}) (Version: 1.6.3 - Sean Kasun)
MoO3 - Die deutsche Übersetzung (HKLM-x32\...\MoO3 - Die deutsche Übersetzung) (Version: - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)
Nero 2014 Content Pack (HKLM-x32\...\{204A26F0-01B8-4656-8607-5CCEDE820BC2}) (Version: 15.0.00200 - Nero AG)
Nero 8 (HKLM-x32\...\{D6C9AF27-9414-46C8-B9D8-D878BA041031}) (Version: 8.3.312 - Nero AG)
Nero CoverDesigner (HKLM-x32\...\{3143E3EB-17A5-48F9-90FC-D7CA556CA210}) (Version: 12.0.01500 - Nero AG)
Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)
Nero Suite (HKLM-x32\...\NeroMultiInstaller!UninstallKey) (Version: - )
Nero Video 2014 (HKLM-x32\...\{1F582544-B545-4FD3-A149-E2DB7EC579C3}) (Version: 15.0.03400 - Nero AG)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinnacle Hollywood FX for Studio
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Populous - The Beginning (HKLM-x32\...\Populous - The Beginning_is1) (Version: - wepa)
Populous (HKLM-x32\...\Populous 2_is1) (Version: - wepa)
Populous (HKLM-x32\...\Populous_is1) (Version: - wepa)
Port Royale 3 (HKLM-x32\...\{68DED384-1F74-4AEE-8B8E-95AF15572FE3}) (Version: 1.3.3.0 - Gaming Minds Studios GmbH)
Postal 2 Share The Pain (HKLM-x32\...\Postal 2 Share The Pain_is1) (Version: - GOG.com)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.5000 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) Hidden
Privateer (HKLM-x32\...\Privateer) (Version: - )
Privateer 2 - The Darkening (HKLM-x32\...\GOGPACKPRIVATEER2_is1) (Version: 2.1.0.5 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
RAPID (x32 Version: 1.00.0000 - Pinnacle Systems) Hidden
ratDVD 0.78.1444 (HKLM-x32\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RealDownloader (x32 Version: 17.0.12 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
resident evil 4 (HKLM-x32\...\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}) (Version: 1.00.0000 - CAPCOM)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Resident Evil: Operation Raccoon City (HKLM-x32\...\{43430FA1-12BB-4D88-862E-4F1000008400}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (HKLM-x32\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.02 - bitComposer Games)
S.T.A.L.K.E.R. - Clear Sky (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0001 - Deep Silver)
S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ)
S.T.A.L.K.E.R. Shadow of Chernobyl (HKLM-x32\...\GOGPACKSTALKERSHOC_is1) (Version: 2.0.0.5 - GOG.com)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.18.20.210 - Search Protect) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Silent Hunter III (HKLM-x32\...\InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}) (Version: 1.00.0000 - Ubisoft)
Silent Hunter III (x32 Version: 1.00.0000 - Ubisoft) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.2.7 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.2.7 - SmartSound Software Inc) Hidden
Sniper Elite V2 (HKLM-x32\...\Sniper Elite V2_is1) (Version: - )
Software Director (HKLM-x32\...\Cloanto Software Director) (Version: 3.8.8.0 - Cloanto Corporation)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Starship Troopers (HKLM-x32\...\{CA1AB30E-8B9F-4739-A0F7-5BC1226D2BA3}) (Version: 0.05.2400 - Empire Interactive)
State of Decay (HKLM-x32\...\Steam App 241540) (Version: - Undead Labs)
State of Decay MULTi-5 incl. Breakdown DLC 1.0 (HKLM-x32\...\State of Decay MULTi-5 incl. Breakdown DLC 1.0) (Version: - )
State of Decay Version 1.0 u4 (HKLM-x32\...\State of Decay_is1) (Version: 1.0 u4 - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stonekeep (HKLM-x32\...\Stonekeep_is1) (Version: - GOG.com)
Studio 10 (HKLM-x32\...\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}) (Version: 10.0 - Pinnacle Systems)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Syndicate (HKLM-x32\...\Syndicate_is1) (Version: - )
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year) Deutsche Version 1.9.32.0.8 (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year) Deutsche Version 1.9.32.0.8) (Version: 1.9.32.0.8 - .x.X.RIDDICK.X.x.)
The Evil Within Crack FIX MULTi2 1.0 (HKLM-x32\...\The Evil Within Crack FIX MULTi2 1.0) (Version: - )
The Evil Within MULTi2 1.0 (HKLM-x32\...\The Evil Within MULTi2 1.0) (Version: - )
The Fall - Last Days of Gaia (HKLM-x32\...\The Fall - Last Days of Gaia) (Version: - Silver Style Entertainment)
The Movies(TM) (x32 Version: 1.0 - Activision) Hidden
The Movies(TM) Stunts & Spezialeffekte (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.2 - Activision)
The Movies(TM) Stunts & Spezialeffekte (x32 Version: 1.0 - Ihr Firmenname) Hidden
The Settlers 3 - Ultimate Collection (HKLM-x32\...\GOGPACKSETTLERS3_is1) (Version: 2.0.0.19 - GOG.com)
Theme Hospital (HKLM-x32\...\Theme Hospital_is1) (Version: - wepa)
THW Theorie (HKLM-x32\...\THWTheorie) (Version: 1.0 - Kai Blaschke)
Top50 Viewer basierend auf Geogrid®-Viewer Version 2.2 (HKLM-x32\...\DeInst_d2vexcrd C:/Program Files (x86)/Top50 V4) (Version: - )
topdeal (HKLM-x32\...\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}) (Version: - "")
TOPOWIN (HKLM-x32\...\TOPOWIN_is1) (Version: - Killet Software Ing.-GbR)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425.01 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (HKLM\...\{C991A8C4-307C-4FDD-8AAE-A1BF44881E95}) (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TuneUp Utilities 2014 (en-US) (x32 Version: 14.0.1000.169 - TuneUp Software) Hidden
TuneUp Utilities 2014 (x32 Version: 14.0.1000.169 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3010.8 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Converter Packages (HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Video Converter Packages) (Version: - ) <==== ATTENTION
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
WildWestCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - WildWestCoupon) <==== ATTENTION
Wing Commander Privateer (HKLM-x32\...\GOGPACKWINGCOMMANDERPRIVATEER_is1) (Version: 2.0.0.9 - GOG.com)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinX DVD Author 6.3 (HKLM-x32\...\WinX DVD Author_is1) (Version: - DigiartySoft, Inc.)
Wizardry 7 (DOS Version) (HKLM-x32\...\GOGPACKWIZARDRY7DOS_is1) (Version: 2.0.0.11 - GOG.com)
Wizardry 8 (HKLM-x32\...\Wizardry 8) (Version: - )
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version: - )
Wolfenstein (HKLM-x32\...\{E87EFF22-3F5C-41A0-9E51-E8CEA9945AA1}_is1) (Version: v1.2 - Grosses_K)
Wondershare DVD Creator(Build 2.6.5) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version: - Wondershare)
Wondershare Video Editor(Build 3.5.1) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
WORLD IN CONFLICT: SOVIET ASSAULT (HKLM-x32\...\{F11ADC64-C89E-47F4-A0B3-3665FF859397}) (Version: 1.0.1.0 - Ubisoft Entertainment)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version: - Blizzard Entertainment)
Xilisoft DVD Creator (HKLM-x32\...\Xilisoft DVD Creator) (Version: 7.0.2.1201 - Xilisoft)
Yahoo Community Smartbar (HKLM-x32\...\{D62304BE-D5D3-4CCF-8973-123909491ADB}) (Version: 11.62.66.17712 - Linkury Inc.) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1999916086-726414315-3245994003-1001_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
CustomCLSID: HKU\S-1-5-21-1999916086-726414315-3245994003-1001_Classes\CLSID\{1db65e7e-cdd6-45e1-87d7-f09ad8c3ad6c}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1999916086-726414315-3245994003-1001_Classes\CLSID\{a82b8768-ce56-4226-bdd5-0b01f4c96955}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
==================== Restore Points =========================
10-01-2015 08:37:25 Geplanter Prüfpunkt
14-01-2015 05:04:59 Windows Update
18-01-2015 18:29:08 DirectX wurde installiert
21-01-2015 14:45:35 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
21-01-2015 14:47:44 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 06:26 - 2013-08-16 07:59 - 00000854 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 secure.tune-up.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {035C5247-55FE-430A-8F62-E0899D171C3F} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-04-01] (Nero AG)
Task: {06BB2A36-4EB9-44EE-9D4E-1A9780A4E2C3} - System32\Tasks\{4D17CB68-4FC3-409A-BDED-D4D906FEBE98} => pcalua.exe -a "C:\Program Files (x86)\Capcom\resident evil 4\launcher.exe" -d C:\windows\system32
Task: {0848AA39-9047-4DA2-9377-1AFC3D782456} - System32\Tasks\{DFF56ECA-D2AB-47FD-8334-70E266B6FD83} => pcalua.exe -a C:\Westwood\SUN\SUN.EXE -d C:\Westwood\SUN\ -c GrabPatches
Task: {1BFA7328-5FA0-4D8D-BB6B-4EB2E08FE914} - System32\Tasks\{C11A4756-F63F-4117-86E6-23AEC319C142} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618
Task: {1F57F9B0-190E-4F23-A3E7-137C8548B67F} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {1F8E65A6-434B-4B62-9E65-1C6E587F75FB} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
Task: {2AE1CC12-AACE-4ABA-8E3B-E31317D0F357} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {336AEE3C-8BE9-4F69-B686-9C0678CE563D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {3D9E6873-CE39-4DE7-87C7-0FE99F4A2C9C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {46AEEFC6-D8D7-4CF8-BCD6-284AFE2F9BD9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {4CE2B76F-B4F5-4F9B-8163-8BE42501336D} - System32\Tasks\{D7FDE122-74E3-44F6-B672-47ED520358FF} => pcalua.exe -a "C:\DOSGAMES\Colonization DOS-Box\DOSBox.exe" -d "C:\DOSGAMES\Colonization DOS-Box"
Task: {5526EE91-780D-4279-B002-AF5D63F91BEB} - System32\Tasks\{2F194D1B-5915-4AD3-8C91-E0175C92F7BA} => pcalua.exe -a "C:\Users\Jan Plutke\Downloads\thefall-extended-speech\thefall-extended-speech.exe" -d "C:\Users\Jan Plutke\Downloads\thefall-extended-speech"
Task: {58580F81-5701-4620-BAEF-EF79071127A9} - System32\Tasks\{D67E4997-F031-4372-BD59-3A90B16D301E} => pcalua.exe -a "J:\Eigene Programme\Nero 7.8.5.0 Premium Edition incl. Keygen - by Sch\keygen.exe" -d "J:\Eigene Programme\Nero 7.8.5.0 Premium Edition incl. Keygen - by Sch"
Task: {585D0C2B-C169-4FBA-8EC7-E1DCC2A709C0} - System32\Tasks\4814 => Wscript.exe C:\Users\JANPLU~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {5A49383C-D0E7-43B0-BDB7-2A6662609141} - System32\Tasks\{D3172102-E2D0-48C6-A90C-C4F2785F7E0F} => pcalua.exe -a "C:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.EXE" -d "C:\Program Files (x86)\Sirtech\Wizardry 8"
Task: {5E283565-0CC7-4E05-B5BB-DDED48C50557} - System32\Tasks\{49720D8D-2DD9-418B-8FB1-35833072C162} => pcalua.exe -a "C:\Program Files (x86)\Video DVD Maker\Uninstall.exe" -c "C:\Program Files (x86)\Video DVD Maker\install.log" -u
Task: {6088AB17-0627-4311-91B2-89C20D6092FD} - System32\Tasks\{0D2F33E8-AD45-425E-96A1-F85004B38A84} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {6E2AAAEA-E4A1-4CF2-8A4B-E4BD6CDF5CDD} - System32\Tasks\{6DAA5C67-6663-4F43-9B6D-25525F255491} => pcalua.exe -a "C:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.EXE" -d "C:\Program Files (x86)\Sirtech\Wizardry 8"
Task: {7B9DC10B-2CA2-4A86-8834-41BD8AAC235F} - System32\Tasks\{764FDA44-A4AB-4DAA-BACC-98D0F4FB7787} => pcalua.exe -a "C:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.EXE" -d "C:\Program Files (x86)\Sirtech\Wizardry 8"
Task: {843E95ED-79BE-4943-92F4-9F3FF0971B81} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {86CDC567-F9A6-4A9D-9034-47CBDAFC1461} - System32\Tasks\{B5ABBE89-E76C-415F-A232-445BC91949A2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsMain
Task: {8C0433EF-B97E-4DAC-9B24-05FCEA94EC6D} - System32\Tasks\{5BA85F15-B4DC-4434-8FD3-70AD3F2C4D36} => pcalua.exe -a "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles\PCTomb5.exe" -d "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles"
Task: {9A383C5B-9812-4E1E-9327-30739A156F53} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {A0470316-FF8B-4C6A-BB6E-2CC397BD5898} - System32\Tasks\{D41D98E0-323A-4341-BE32-C78F192F08F9} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {A48E56CE-E95B-4682-8BF2-0488B76F0E94} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)
Task: {ACC866A7-5421-4DC6-8F08-B7D433555DE9} - System32\Tasks\{A8F73092-811F-486A-81C6-6667423D4073} => pcalua.exe -a "C:\Users\Jan Plutke\AppData\Local\Temp\PCTomb5.exe" -d "C:\Users\Jan Plutke\AppData\Local\Temp"
Task: {AE23D946-5AF7-44FA-B75C-C43617DE00DB} - System32\Tasks\{150C7B8D-547F-433B-BD85-7BA894D3DE94} => pcalua.exe -a "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles\PCTomb5.exe" -d "C:\Program Files (x86)\Core Design\Tomb Raider Chronicles"
Task: {B04AF489-F926-48BF-88FC-CB8E65B91E3B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B1355C9A-B029-4F12-A9B7-AA9E05858B85} - System32\Tasks\{0832D969-93B5-430C-904D-86D8F0CAC068} => pcalua.exe -a "C:\Program Files (x86)\Pinnacle\Studio 10\programs\Studio.exe" -d "C:\Program Files (x86)\Pinnacle\Studio 10\programs"
Task: {BAA48D54-01D7-4F00-B546-A238A66FB449} - System32\Tasks\PennyBee => C:\Users\JANPLU~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {C7887589-B229-47F3-BBD5-4D07BF103189} - System32\Tasks\{4BB3A474-EB39-4822-82B5-EE8664166D4B} => pcalua.exe -a "C:\DOSGAMES\MasterOfOrion2 DOS-Box\dosbox.exe" -d "C:\DOSGAMES\MasterOfOrion2 DOS-Box"
Task: {CF515FAD-AEED-41A8-937C-4C611C153CE2} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {D41353D0-4F44-47FA-BF9C-D29A677DA0A8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {E5FF6FA3-C486-488B-9A6A-B9AB2DF66A78} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EBE03C46-293A-4B02-80E9-4248FECBCE34} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F0CD9635-0904-498C-A17C-0605814EF3F2} - System32\Tasks\{A1F2ED42-6248-44F4-ADFD-83037105F126} => pcalua.exe -a "E:\Crack+Patch+Mod\patch 1.01\SA_Germ_upd.exe" -d "E:\Crack+Patch+Mod\patch 1.01"
Task: {F214F623-FF04-4FEB-A058-894660757D88} - System32\Tasks\{EC25D9F5-4A85-47C5-B8CE-AC3FA4FA9468} => pcalua.exe -a "C:\Users\Jan Plutke\Documents\Neues Verzeichnis\chskrtrn12.exe" -d "C:\Users\Jan Plutke\Documents\Neues Verzeichnis"
Task: {F3122405-0C83-479B-A272-E2328E31E639} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1999916086-726414315-3245994003-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-07-24] (RealNetworks, Inc.)
Task: {F75B7E02-92D4-4B4F-9862-80763127F8F5} - System32\Tasks\{B1BFF783-040C-448E-A3BC-5E6947F495E5} => pcalua.exe -a "C:\Users\Jan Plutke\Downloads\3D_Grl_F0r3v3r\3D_Grl_F0r3v3r\3D_Girls_Forefer\3dgirlz.exe" -d "C:\Users\Jan Plutke\Downloads\3D_Grl_F0r3v3r\3D_Grl_F0r3v3r\3D_Girls_Forefer"
Task: C:\WINDOWS\Tasks\PennyBee.job => C:\Users\JANPLU~1\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-07-24 11:47 - 2014-07-24 11:47 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-07-24 14:06 - 2014-07-24 14:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2013-10-30 10:46 - 2013-10-30 10:46 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 02:38 - 2012-07-19 02:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 03:13 - 2012-08-14 03:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2011-03-09 13:21 - 2011-03-09 13:21 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 13:21 - 2011-03-09 13:21 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-05-20 10:02 - 2013-05-20 10:02 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvcPS.dll
2013-11-08 17:17 - 2013-09-16 12:19 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "TODDMain"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "NBKeyScan"
HKLM\...\StartupApproved\Run32: => "PinnacleDriverCheck"
HKLM\...\StartupApproved\Run32: => "IminentMessenger"
HKLM\...\StartupApproved\Run32: => "Iminent"
HKLM\...\StartupApproved\Run32: => "VideoDownloadConverter Search Scope Monitor"
HKLM\...\StartupApproved\Run32: => "TaskTray"
HKLM\...\StartupApproved\Run32: => "Driver Genius"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_7AC520344728B40E1B8CA0BEA365DF90"
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "Yontoo Desktop"
HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\StartupApproved\Run: => "Optimizer Pro"
========================= Accounts: ==========================
Administrator (S-1-5-21-1999916086-726414315-3245994003-500 - Administrator - Disabled)
Gast (S-1-5-21-1999916086-726414315-3245994003-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1999916086-726414315-3245994003-1003 - Limited - Enabled)
Jan Plutke (S-1-5-21-1999916086-726414315-3245994003-1001 - Administrator - Enabled) => C:\Users\Jan Plutke
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/25/2015 07:17:36 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2328. Meldungs-ID: [0x2509].
Error: (01/25/2015 07:15:42 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3892. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:29:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 4704. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:29:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3368. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:17:03 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 4164. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:15:40 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3452. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:58:39 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5308. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:58:02 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 8892. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:53:44 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 10612. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:53:43 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 12164. Meldungs-ID: [0x2509].
System errors:
=============
Error: (01/25/2015 07:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/25/2015 07:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util AppEnable" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/25/2015 07:14:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update AppEnable" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/25/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Nero BackItUp Scheduler 3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/25/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/25/2015 07:14:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/25/2015 07:13:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (01/25/2015 07:13:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\SysWOW64\Drivers\asapiW2k.sys
Error: (01/25/2015 07:13:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\windows\SysWOW64\Drivers\asapiW2k.sys
Error: (01/25/2015 07:13:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\pclepci.sys
Microsoft Office Sessions:
=========================
Error: (01/25/2015 07:17:36 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2328. Meldungs-ID: [0x2509].
Error: (01/25/2015 07:15:42 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3892. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:29:10 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 4704. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:29:01 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3368. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:17:03 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 4164. Meldungs-ID: [0x2509].
Error: (01/25/2015 02:15:40 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3452. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:58:39 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5308. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:58:02 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 8892. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:53:44 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 10612. Meldungs-ID: [0x2509].
Error: (01/25/2015 08:53:43 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34014 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 12164. Meldungs-ID: [0x2509].
CodeIntegrity Errors:
===================================
Date: 2015-01-25 19:13:52.531
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 19:13:51.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:23:32.701
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:23:23.160
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:23:20.990
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:10:55.681
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:10:42.043
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:10:34.359
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:10:25.113
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-25 14:10:23.966
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\SysWOW64\drivers\asapiW2k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 19%
Total physical RAM: 8144.22 MB
Available physical RAM: 6596.63 MB
Total Pagefile: 16336.22 MB
Available Pagefile: 14533.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (TI30961600B) (Fixed) (Total:585.4 GB) (Free:70.79 GB) NTFS
Drive e: (State of Decay) (CDROM) (Total:1.69 GB) (Free:0 GB) CDFS
Drive f: (AUTO_JAN) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
==================== End Of Log ============================
|
|
26.01.2015, 09:23
| #6 |
| /// the machine /// TB-Ausbilder | Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!! Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!! |
|
26.01.2015, 17:24
| #7 |
| | MbamCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.01.2015 Suchlauf-Zeit: 16:31:30 Logdatei: MalebyteSuchlauf.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.26.06 Rootkit Datenbank: v2015.01.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Jan Plutke Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 414180 Verstrichene Zeit: 27 Min, 16 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 48 PUP.Optional.AppEnable.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util AppEnable, Keine Aktion durch Benutzer, [b34b4ab1aedba5914fc6b04fb4502ed2], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Keine Aktion durch Benutzer, [47b7ea112c5ded49da67ba1ddf2540c0], PUP.Optional.PennyBee.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, Keine Aktion durch Benutzer, [c737a5563158f44242aa3b42a36004fc], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{a69b196d-5eb2-4380-a19e-afa77f3ca813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\., In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\..9, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\., In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\..9, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A69B196D-5EB2-4380-A19E-AFA77F3CA813}, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], Virus.Jeefo, HKLM\SOFTWARE\CLASSES\TYPELIB\{AB3C7820-1D7F-48F8-910E-E28E37832984}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], Virus.Jeefo, HKLM\SOFTWARE\CLASSES\INTERFACE\{77889130-BE42-4B3E-9D08-77360351BE55}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], Virus.Jeefo, HKLM\SOFTWARE\CLASSES\INTERFACE\{A23B7238-99B8-42F9-B1C9-F7826D54A4AE}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{77889130-BE42-4B3E-9D08-77360351BE55}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A23B7238-99B8-42F9-B1C9-F7826D54A4AE}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{AB3C7820-1D7F-48F8-910E-E28E37832984}, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Ground Zero, In Quarantäne, [b846ed0e7217c4722799fe2f0302c13f], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, In Quarantäne, [17e79b60d8b178beeeda53a814f017e9], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\allday savings, In Quarantäne, [8a747a819eebda5c8cd6acecee158e72], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [3bc38f6c296079bd4ef73fbc699b08f8], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [8975629925646dc945ff8b7007fd5ca4], PUP.Optional.PennyBee.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, In Quarantäne, [e31b47b4cdbcd0660758d4bf28dbf709], PUP.Optional.AppEnable.A, HKLM\SOFTWARE\WOW6432NODE\AppEnable, In Quarantäne, [d22c4ead59308da96ea208f7e51fae52], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [4eb027d4bfca5adc97305340788b7c84], PUP.Optional.PennyBee.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PennyBee.exe, In Quarantäne, [05f9b645494044f2b1ae395a5da66997], PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, In Quarantäne, [56a8b942cabf013525058f01ef1408f8], PUP.Optional.ConduitSearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [cc3245b6a5e45ed8ff5683519a6a8e72], PUP.Optional.PennyBee.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PennyBee, In Quarantäne, [ec12dc1f6a1f1a1c9acc37c809fb8b75], PUP.Optional.AppEnable.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update AppEnable, In Quarantäne, [30cec13ac6c31e1838dc37c8a65e5ba5], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [916dc7340a7ff046379ae59e966d6898], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [659950ab315847ef4c663265e81bbb45], PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, In Quarantäne, [4cb2b546187152e449d8c5c55da6c13f], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [17e73bc0ddac2313b9d6e0f8e81c27d9], PUP.Optional.AppEnable.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AppEnable, In Quarantäne, [837b78832c5db482bd54649bfb098b75], PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS, In Quarantäne, [2ad4f10ab7d21c1a133ff28f18eb8977], PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [41bdfcff4940f3434543e8a57e8502fe], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [7f7f7b8095f4e94daf7efdc4b74cb947], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], Registrierungswerte: 4 Virus.Jeefo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PinnacleDriverCheck, C:\windows\SysWOW64\\PSDrvCheck.exe, In Quarantäne, [32cc44b7a0e940f6744c210c08fd2bd5] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, In Quarantäne, [659950ab315847ef4c663265e81bbb45] PUP.Optional.BrowserExtensions.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\BROWSER EXTENSIONS|SS_Ver, 1.8, In Quarantäne, [2ad4f10ab7d21c1a133ff28f18eb8977] PUP.Optional.InstallCore.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O1R1R0D1G1J1S, In Quarantäne, [47b7ea112c5ded49da67ba1ddf2540c0] Registrierungsdaten: 7 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[04fae2190d7c092dc83c792d82836e92] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[07f785767f0ab38318ec45616d987b85] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[8c723cbff792a4928ba56d2f1fe67c84] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[f70713e8d2b70b2bae814c507c8938c8] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[748af30851384beb0e248e0e4bba9967] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[a559b348d8b1a39322111b8129dc30d0] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1999916086-726414315-3245994003-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&q={searchTerms}&fr=linkury-tb&installDate={installDate}&barcodeid={barcodeID}&um={UM}&type=hp1000),Ersetzt,[30ce9962e0a9211536f83e5eaa5b2bd5] Ordner: 15 PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy, Keine Aktion durch Benutzer, [53ab59a23851e155c57ab9887f84ae52], PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\06F40BDF410545B99D973D7E31F688B6, In Quarantäne, [53ab59a23851e155c57ab9887f84ae52], PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\5DFE35DD111B479D929981CA0369F4A1, In Quarantäne, [53ab59a23851e155c57ab9887f84ae52], PUP.Optional.QuickStart.A, C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [7c82a25959301224b3a95ee99b6853ad], PUP.Optional.SearchProtect.A, C:\Users\Jan Plutke\AppData\Local\SearchProtect, In Quarantäne, [6c9236c5781179bdb8ea2d29ed16cc34], PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, In Quarantäne, [43bb916a42470432a9c6f4683ac9f808], PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, In Quarantäne, [43bb916a42470432a9c6f4683ac9f808], PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], PUP.Optional.AllDaySavings.A, C:\Program Files\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, In Quarantäne, [27d7d3284346043216b84f183cc7e11f], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], PUP.Optional.SaleItCoupon.A, C:\ProgramData\SaleItCoupon, In Quarantäne, [59a57982e2a7f73f80d1016a986bbe42], PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009, In Quarantäne, [9e6047b4aadf0e28bbcb9cd24cb76f91], PUP.Optional.ShoppingDealFactory.A, C:\ProgramData\ShoppingDealFactory, In Quarantäne, [6b936e8de5a4dd59a6efc5aba16211ef], Dateien: 93 PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\06F40BDF410545B99D973D7E31F688B6\Installer.exe, Keine Aktion durch Benutzer, [53ab59a23851e155c57ab9887f84ae52], Virus.Jeefo, C:\Windows\SysWOW64\PSDrvCheck.exe, In Quarantäne, [32cc44b7a0e940f6744c210c08fd2bd5], PUP.Optional.MultiPlug, C:\ProgramData\topdeal\H33Atvj1G4lfkR.x64.dll, In Quarantäne, [2bd347b4ee9ba5911e095872f110cf31], Virus.Jeefo, C:\Windows\SysWOW64\1602Unst.exe, In Quarantäne, [4db1a2593851cf67f3cdee3f5fa6ed13], Virus.Jeefo, C:\Windows\SysWOW64\javaw.exe, In Quarantäne, [f00e06f589001125ac14e34aa263bf41], Virus.Jeefo, C:\Windows\SysWOW64\javaws.exe, In Quarantäne, [3ac478833158f244e7d92eff58ad2dd3], Virus.Jeefo, C:\Windows\SysWOW64\pbsvc.exe, In Quarantäne, [639bd02bc7c2b28407b9d05d8b7a44bc], Virus.Jeefo, C:\Windows\SysWOW64\TubeFinder.exe, In Quarantäne, [b34bb942d5b485b1437d7ab341c432ce], PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Local\Temp\is-GO4GD.tmp\OCSetupHlp.dll, In Quarantäne, [e11d9d5e7a0fe650212bfcd0ed18956b], PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Local\Temp\is-JK3G1.tmp\OCSetupHlp.dll, In Quarantäne, [c43a5f9c5039171fed5fd5f7c73e04fc], Trojan.Agent.ED, C:\Users\Jan Plutke\AppData\Local\Temp\Low\12VD.dll, In Quarantäne, [f707d823f693e45295703bd61ee48e72], Trojan.Agent.ED, C:\Users\Jan Plutke\AppData\Local\Temp\Low\XlrN.dll, In Quarantäne, [2fcfd3288207c175f11420f118eae41c], Trojan.Agent.ED, C:\Users\Jan Plutke\AppData\Local\Temp\Low\xPR5.dll, In Quarantäne, [748a37c4a0e945f14bbaa36ea75b27d9], Virus.Jeefo, C:\Users\Jan Plutke\Documents\APNSetup.exe, In Quarantäne, [65994bb015747db90fb10d207e87ed13], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\Iphoto4.exe, In Quarantäne, [827cc536692026107d434fdea06524dc], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\DBU46050-DE_DEM.exe, In Quarantäne, [748ac03bc0c984b2724e14190cf96d93], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\SoftonicDownloader_fuer_nokia-pc-suite.exe, In Quarantäne, [5ca2b4478702270fb01052db0203ce32], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_110.exe, In Quarantäne, [b6489b609eeb9b9b19a7d459bf467090], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_111.exe, In Quarantäne, [7e80a2597c0da78f8f312eff31d443bd], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_111b.exe, In Quarantäne, [88768b701a6f91a5a21e9796eb1ac23e], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LODPatch_113c.exe, In Quarantäne, [7f7f89723c4d1d19b010d657669fbd43], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_108.exe, In Quarantäne, [49b5ba4153364fe79a263eefbb4a649c], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_109.exe, In Quarantäne, [a559e01bff8a78bed5eb57d6d53023dd], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_109b.exe, In Quarantäne, [7c82cf2cc9c05adc9f21b6771beaef11], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_109d.exe, In Quarantäne, [09f51be0d1b8d0661ba580ad56afcf31], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\LOD_112a.exe, In Quarantäne, [45b928d34f3a6bcb764a6fbe93723ec2], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\Minecraft.exe, In Quarantäne, [0fefda21fb8ee155d3edfb3206ff23dd], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\THW-Theorie-Setup.exe, In Quarantäne, [b34b28d3494087af823ed55833d251af], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\THW-Theorie-Update.exe, In Quarantäne, [8f6ff2097e0bd561aa1677b645c0e020], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\UNINST.EXE, In Quarantäne, [33cb4fac9decc27460601e0fe520ca36], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\vlc-2.0.2-win32.exe, In Quarantäne, [1fdffffcea9f6ec816aa38f53dc86f91], Virus.Jeefo, C:\Users\Jan Plutke\Eigene Datien\A9CADV2Setup_uni.exe, In Quarantäne, [fa0431ca147557df6f5171bcf70e26da], Virus.Jeefo, C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_installer.exe, In Quarantäne, [51ad8c6f3455e94dd3edfe2f53b25ba5], Virus.Jeefo, C:\Users\Jan Plutke\AppData\Local\Catan\PatchClient\PatchClient.exe, In Quarantäne, [f509e11aed9c93a3dbe5da53a95ca65a], Virus.Jeefo, C:\Windows\Ground Zero Uninstaller.exe, In Quarantäne, [b846ed0e7217c4722799fe2f0302c13f], PUP.Optional.SearchProtect, C:\Windows\apppatch\apppatch64\VCLdr64.dll, In Quarantäne, [39c540bba5e44bebd438bb5dc33fca36], PUP.Optional.SnapDo.A, C:\Windows\Installer\35260c3.msi, In Quarantäne, [a955c03ba9e08ea83151f4b48879817f], PUP.Optional.SmartBar, C:\Windows\Installer\MSI32CD.tmp, In Quarantäne, [ed1145b6e2a7fb3b8df86ac44eb29868], PUP.Optional.SmartBar, C:\Windows\Installer\MSI8287.tmp, In Quarantäne, [fa04d724553455e16124b5797a860bf5], PUP.Optional.SmartBar, C:\Windows\Installer\MSIC749.tmp, In Quarantäne, [ba442ecd6a1f270f285d8ea02fd15ea2], Virus.Jeefo, C:\Windows\Installer\{95CCACF0-010D-45F0-82BF-858643D8BC02}\ARPPRODUCTICON.exe, In Quarantäne, [05f9fcffb0d9fe38417faa830bfae719], Virus.Jeefo, C:\Windows\Installer\{05A55927-DB9B-4E26-BA44-828EBFF829F0}\ARPPRODUCTICON.exe, In Quarantäne, [14ea47b49ced61d5d3ed989544c17987], Virus.Jeefo, C:\Windows\Installer\{2432E589-6256-4513-B0BF-EFA8E325D5F0}\ARPPRODUCTICON.exe, In Quarantäne, [fa048a7190f949ed219fcd60b055ac54], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\ARPPRODUCTICON.exe, In Quarantäne, [23dbf209e6a3092d1ea288a59075e719], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut10_6DF240995887409CBF353F1A56C38003.exe, In Quarantäne, [d7271be02663d363863aec4107fe8a76], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut11_0217EAE9CF9C4AE3B8F33670ACF27D15.exe, In Quarantäne, [23db35c698f1ad89665add502dd8a957], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut131_6D3E05DE5F374DFC98ED3F281B35F247.exe, In Quarantäne, [ef0f748755342a0cd4ec1d1040c509f7], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut13_4C2B47388C9646428ED02E981743969D.exe, In Quarantäne, [6b93df1cb3d67cba5d63ab825fa6eb15], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut142_7EDEE922DCA04D2EA6D803F8BD0FB241.exe, In Quarantäne, [a559d526abdef1458739c26b20e530d0], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut14_3EA0047EAD8D42A5BED619395314D73A.exe, In Quarantäne, [ae50689357320e28328e59d4e81df50b], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut15_CD78524853174D8B8F30BCD1A6957A72.exe, In Quarantäne, [ab53b04bbecb1125b30d30fdda2bba46], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut16_9E846B9A08944489B754071472ABF315.exe, In Quarantäne, [15e9ce2d14750036744c33fa26df3cc4], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut17_3C64864E0738475A9380935F65929AF9.exe, In Quarantäne, [8876c437ed9c9e98299784a9b25337c9], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut19_5EAF8FEB439B4A98BB94FFB2462F291E.exe, In Quarantäne, [1de1dd1e1f6a7cbab7094de09174e41c], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut1_DBCEECDC6A79490C955E22764894C3FC.exe, In Quarantäne, [bb43ed0e86030a2c754bd35ac73e6e92], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut201_BAE7AB4582194F22919B5000C7E733E4.exe, In Quarantäne, [d12d48b3c7c2290debd57cb1bc499d63], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut20_55066703537D45AFAB081828A45DA761.exe, In Quarantäne, [9d61be3dfc8d4cea12ae969701048a76], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut24_E96AB0EA3CF9444A893E0E644D27DCDA.exe, In Quarantäne, [4cb200fbcabf092d9c2471bcbd488779], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut41_321160F9871640C488AF8F98172CDFE6.exe, In Quarantäne, [41bddf1ce8a1a294239dfc3119ec35cb], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut44_2C6DAE9F337349CCBBFC87097820043D.exe, In Quarantäne, [9b63f308503970c6d1ef9e8f33d2936d], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut45_BE6AE4BB5F1D414D9EF3CFD7CF7A7AFE.exe, In Quarantäne, [9668b348bacf41f503bd909d30d539c7], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut48_7B0A76532D884976A271EEAE1C71C8A7.exe, In Quarantäne, [f50950abdbae5fd7b40c49e4778e29d7], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut4_437750E78E7D442D94BCB0731B5C7FE7.exe, In Quarantäne, [21dd50ab0e7b7fb7b0109d9009fc9e62], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut511_6E93C4F8FE5B4C44A3F9FC5E0CA56FFE.exe, In Quarantäne, [956910ebdeab39fd4d73a48939cc07f9], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut51_51FF35262D5944729522FB73B8CE1B06.exe, In Quarantäne, [22dcbb402e5b013587398aa3a16411ef], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut5_0CE52F6BFC2446469E6195E88305CF85.exe, In Quarantäne, [f6089269eb9eab8b17a977b68e778b75], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut8_F5BA23BC73DF4339A0A29E0D5C77705E.exe, In Quarantäne, [08f61ae1c8c15adcad13d459a560f40c], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut9_69373C27898047C9B9AA14AA08AF76CE.exe, In Quarantäne, [6d9123d84d3c84b25c646fbe749147b9], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut141_A7821042BF694EB0B3E590776763D307.exe, In Quarantäne, [28d66794a2e74de9714fa885e91cff01], Virus.Jeefo, C:\Windows\Installer\{94F03B8E-CB73-4653-AFE9-79112C01FED2}\NewShortcut38_CAA2B7670B4443F1A8D311935BA7436F.exe, In Quarantäne, [26d8ad4ee6a33afccdf3b578a164ed13], Virus.Jeefo, C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe, In Quarantäne, [34cad12ab2d77bbb0fb1b17c3fc61ee2], Virus.Jeefo, C:\Windows\Installer\{FF07604E-C860-40E9-A230-E37FA41F103A}\ARPPRODUCTICON.exe, In Quarantäne, [54aa6794f19800364779f73680852ad6], PUP.Optional.SmartBar, C:\Windows\Installer\MSI8287.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [54aa43b809800d2996ef9a94f80839c7], Virus.Jeefo, C:\Windows\Installer\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}\ARPPRODUCTICON.exe, In Quarantäne, [807e8b702b5ec76f447c5dd0fe07966a], PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{3b8bbf2f-2888-4db1-9de7-5eeb1a213421}Gw64.sys, In Quarantäne, [2ad4b348d7b2b38381852474da294ab6], PUP.Optional.PennyBee.A, C:\Windows\Tasks\PennyBee.job, In Quarantäne, [c43adf1c6d1c9d99dc8c0ef1000442be], PUP.Optional.PennyBee.A, C:\Windows\System32\Tasks\PennyBee, In Quarantäne, [85799f5c76134fe78fda13eca95be21e], PUP.Optional.OpenCandy, C:\Users\Jan Plutke\AppData\Roaming\OpenCandy\5DFE35DD111B479D929981CA0369F4A1\SkypeSetupFullUpgrade-6.18.0.106.exe, In Quarantäne, [53ab59a23851e155c57ab9887f84ae52], PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal\H33Atvj1G4lfkR.dat, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal\H33Atvj1G4lfkR.exe, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.MultiPlug.A, C:\ProgramData\topdeal\H33Atvj1G4lfkR.tlb, In Quarantäne, [35c9be3d96f3d264517b322d1ee504fc], PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\bkup.dat, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\config.dat, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\info.dat, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], PUP.Optional.Linkury.A, C:\Users\Jan Plutke\AppData\Roaming\PennyBee\UpdateProc\TTL.DAT, In Quarantäne, [6d9133c87c0d44f2d0920c56f40f05fb], PUP.Optional.AllDaySavings.A, C:\Program Files\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\kzhxnitccw.dll, In Quarantäne, [27d7d3284346043216b84f183cc7e11f], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\libeay32.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\nfapi.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\ProtocolFilters.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\1B796EA6-F42D-4E01-A7B0-A6417AD3DE4A\ssleay32.dll, In Quarantäne, [5ca2c338c9c0c96d69658ed94db6a35d], PUP.Optional.ShoppingDealFactory.A, C:\ProgramData\ShoppingDealFactory\ShoppingDealFactory.exe, In Quarantäne, [6b936e8de5a4dd59a6efc5aba16211ef], PUP.Optional.Trovi, C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "search_url": "hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=",), Ersetzt,[fc0213e84f3ad6609cc33fa100055ba5] PUP.Optional.Conduit, C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "suggest_url": "hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}"), Ersetzt,[22dc65964d3c5fd7510fedf3867f8c74] Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 26/01/2015 um 17:07:49
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-25.1 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Jan Plutke - JAN001
# Gestartet von : C:\Users\Jan Plutke\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : CltMngSvc
Dienst Gelöscht : netfilter64
[#] Dienst Gelöscht : pennybee
[#] Dienst Gelöscht : SPPD
[#] Dienst Gelöscht : Util AppEnable
[#] Dienst Gelöscht : Update AppEnable
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ytd video downloader
Ordner Gelöscht : C:\ProgramData\drivergenius
Ordner Gelöscht : C:\ProgramData\GoSSave
Ordner Gelöscht : C:\ProgramData\saveron
Ordner Gelöscht : C:\ProgramData\YYOutubeAdBulocke
Ordner Gelöscht : C:\ProgramData\ddf79c188ac3433d
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\video download converter
Ordner Gelöscht : C:\Program Files (x86)\GoSSave
Ordner Gelöscht : C:\Program Files (x86)\YYOutubeAdBulocke
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\torch
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Roaming\Optimizer Pro
Ordner Gelöscht : C:\Users\Jan Plutke\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjmenjjcdgedejjmaicpmeldjihnjejj
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
Ordner Gelöscht : C:\Users\Jan Plutke\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dhgadcdcciaadmkdmnifpglddibhhdoe
***** [ Tasks ] *****
Task Gelöscht : Optimizer Pro Schedule
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6e10973b-3b52-4a6c-981e-3de4b3071f71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC87A650-207D-4392-A6A1-82ADBC56FA64}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6e10973b-3b52-4a6c-981e-3de4b3071f71}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6e10973b-3b52-4a6c-981e-3de4b3071f71}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6e10973b-3b52-4a6c-981e-3de4b3071f71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6e10973b-3b52-4a6c-981e-3de4b3071f71}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{c918b72e-16a4-4d14-bd46-9c7b6e0efc4f}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{114DB5FA-0AFB-BB92-A75B-F44D3CE875CD}
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\PennyBee
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\de.ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.softonic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\topowin.softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.de
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v35.0.1916.114
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : dhgadcdcciaadmkdmnifpglddibhhdoe
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : pjmenjjcdgedejjmaicpmeldjihnjejj
[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
-\\ Chromium v
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=
[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
-\\ Comodo Dragon v
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=
[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
-\\ Chrome Canary v
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=cc5b4252-7cc7-7082-3582-2e9299590018&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=31/01/2014&type=hp1000
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ie&cd=2XzuyEtN2Y1L1QzuyByE0EyDyEtAyBzzyDtAyE0DtB0B0FyEtN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StDyEtD0E0E0FtBtBtG0AzyyDzztGyDtB0EyCtG0Dzz0F0EtGtDtD0DtBzzyBzzzztByEzzyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtDzy0ByDtByDyBtG0DtDyBtBtGzyyDtByEtGyCyC0FtAtGyEtCyCtD0C0B0E0C0FyC0E0B2Q&cr=1956097354&ir=
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1398751675&from=cor&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1407246313&from=ild&uid=TOSHIBAXMK6475GSX_62RXCAZUTXX62RXCAZUT&q={searchTerms}
[C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319597&octid=EB_ORIGINAL_CTID&ISID=3B20CBBE-1D90-477D-B53D-C11D54110F26&SearchSource=58&CUI=&UM=6&UP=SP19115F6C-D8CF-406B-BF9F-8D0EAEAF727C&q={searchTerms}&SSPV=
[C:\Users\Jan Plutke\AppData\Local\Chromium\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [49117 octets] - [06/07/2014 11:56:36]
AdwCleaner[R1].txt - [18243 octets] - [09/08/2014 05:33:24]
AdwCleaner[R2].txt - [14638 octets] - [26/01/2015 17:06:20]
AdwCleaner[S0].txt - [44741 octets] - [06/07/2014 11:57:59]
AdwCleaner[S1].txt - [15285 octets] - [09/08/2014 05:34:04]
AdwCleaner[S2].txt - [20952 octets] - [26/01/2015 17:07:49]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [21013 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Jan Plutke on 26.01.2015 at 17:14:21,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.01.2015 at 17:20:07,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01 Ran by Jan Plutke (administrator) on JAN001 on 26-01-2015 17:22:42 Running from F:\ Loaded Profiles: Jan Plutke (Available profiles: Jan Plutke) Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe (Cloanto Corporation) C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Windows\WinStore\WSHost.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-20] (SRS Labs, Inc.) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation) HKLM\...\Run: [IAStorIcon] => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated) HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink) HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2013-11-08] (CyberLink) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [StatusAlerts] => "C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [NBKeyScan] => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" HKLM-x32\...\Run: [NeroFilterCheck] => C:\WINDOWS\SysWOW64\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd) HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [EPSON Stylus SX200] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE [221696 2007-12-13] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Jan Plutke\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22038120 2014-08-27] (Skype Technologies S.A.) HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1942720 2015-01-23] (Valve Corporation) HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\MountPoints2: {55ea46ef-4698-11e2-be75-74e54378534d} - "E:\setup.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Software Director Scheduler.lnk ShortcutTarget: Software Director Scheduler.lnk -> C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation) Startup: C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ HKU\S-1-5-21-1999916086-726414315-3245994003-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {0CA43B3E-E804-4626-889C-7BB7B445A40E} URL = SearchScopes: HKU\S-1-5-21-1999916086-726414315-3245994003-1001 -> {9B598B0B-D374-4451-9DFE-FD8517ED1996} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms} BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Hosts: 127.0.0.1 secure.tune-up.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1999916086-726414315-3245994003-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-28] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKU\S-1-5-21-1999916086-726414315-3245994003-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File CHR Profile: C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Design my eMail) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibiiaimghkbhffgkkdogldehnidojjga [2014-09-19] CHR Extension: (RealDownloader) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-08-05] CHR Extension: (Music Plus for Google Play Music) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipfnecmlncaiipncipkgijboddcdmego [2014-11-28] CHR Extension: (Benchwarmer Dribbble for Chrome Tabs) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2014-11-08] CHR Extension: (Google Wallet) - C:\Users\Jan Plutke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4907232 2014-12-01] (Emsisoft GmbH) S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-06-24] (Nero AG) R2 PLFlash DeviceIoControl Service; C:\WINDOWS\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] () R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed] S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2099512 2013-10-30] (TuneUp Software) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X] S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) S3 ASAPIW2K; C:\windows\SysWOW64\Drivers\asapiW2k.sys [11264 2005-01-10] (VOB Computersysteme GmbH) [File not signed] R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-24] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-05] (Advanced Micro Devices) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2013-10-04] () R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-04] (Microsoft Corporation) R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 CLVirtualDrive1.1; C:\Windows\system32\DRIVERS\CLVirtualDrive1_1.sys [91912 2013-06-03] (CyberLink) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2012-12-15] (DT Soft Ltd) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2012-12-17] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) S1 PCLEPCI; C:\WINDOWS\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed] R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-28] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S0 BMLoad; system32\drivers\BMLoad.sys [X] S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X] S1 tcpipBM; \??\C:\windows\system32\drivers\tcpipBM.sys [X] S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 17:20 - 2015-01-26 17:20 - 00000689 _____ () C:\Users\Jan Plutke\Desktop\JRT.txt 2015-01-26 17:14 - 2015-01-26 17:14 - 00000000 ____D () C:\WINDOWS\ERUNT 2015-01-26 17:03 - 2015-01-26 17:03 - 00029330 _____ () C:\MalebyteSuchlauf.txt 2015-01-26 16:30 - 2015-01-26 16:30 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-26 16:30 - 2015-01-26 16:30 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-26 16:29 - 2015-01-26 16:29 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jan Plutke\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-26 16:29 - 2015-01-26 16:29 - 02194432 _____ () C:\Users\Jan Plutke\Desktop\AdwCleaner_4.109.exe 2015-01-26 16:29 - 2015-01-26 16:29 - 01707939 _____ (Thisisu) C:\Users\Jan Plutke\Desktop\JRT.exe 2015-01-26 14:51 - 2015-01-26 15:28 - 00001291 _____ () C:\Users\Jan Plutke\Desktop\Revo Uninstaller.lnk 2015-01-26 14:50 - 2015-01-26 15:28 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-25 14:29 - 2015-01-26 17:22 - 00000000 ____D () C:\FRST 2015-01-23 05:26 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll 2015-01-23 05:26 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2015-01-21 15:59 - 2014-08-15 11:03 - 00000257 _____ () C:\Users\Jan Plutke\Downloads\XXX German-Porns XXX.url 2015-01-21 15:56 - 2014-09-07 17:14 - 3090948154 _____ () C:\Users\Jan Plutke\Downloads\Private.Paerchen.im.Sextest.TD545.mp4 2015-01-21 15:53 - 2015-01-21 15:55 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\psTD545 2015-01-21 09:22 - 2015-01-21 09:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part04.rar 2015-01-21 09:14 - 2015-01-21 09:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part03.rar 2015-01-21 09:06 - 2015-01-21 09:14 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part01.rar 2015-01-21 08:58 - 2015-01-21 09:06 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part02.rar 2015-01-21 08:56 - 2015-01-21 08:58 - 80888628 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part11.rar 2015-01-21 08:48 - 2015-01-21 08:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part05.rar 2015-01-21 08:40 - 2015-01-21 08:48 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part08.rar 2015-01-21 08:30 - 2015-01-21 08:40 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part10.rar 2015-01-21 08:22 - 2015-01-21 08:30 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part06.rar 2015-01-21 08:15 - 2015-01-21 08:22 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part09.rar 2015-01-21 08:07 - 2015-01-21 15:56 - 304087040 _____ () C:\Users\Jan Plutke\Downloads\psTD545.part07.rar 2015-01-21 07:45 - 2015-01-21 08:07 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part2.rar 2015-01-21 07:23 - 2015-01-21 07:45 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part3.rar 2015-01-21 06:49 - 2015-01-21 07:23 - 866351449 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part4.rar 2015-01-21 06:27 - 2015-01-21 06:49 - 867500000 _____ () C:\Users\Jan Plutke\Downloads\ExtDunM4.part1.rar 2015-01-20 15:57 - 2015-01-20 15:58 - 209079409 _____ () C:\Users\Jan Plutke\Downloads\n3449.rar 2015-01-20 15:54 - 2015-01-20 15:56 - 127961778 _____ () C:\Users\Jan Plutke\Downloads\feucht.rar 2015-01-18 22:48 - 2015-01-18 22:48 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\State of Decay.url 2015-01-18 18:16 - 2015-01-18 22:48 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-01-18 18:16 - 2015-01-18 18:16 - 00000222 _____ () C:\Users\Jan Plutke\Desktop\H1Z1.url 2015-01-18 18:11 - 2015-01-25 13:58 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-18 18:11 - 2015-01-18 18:11 - 00000986 _____ () C:\Users\Public\Desktop\Steam.lnk 2015-01-18 18:11 - 2015-01-18 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2015-01-18 11:41 - 2015-01-18 11:41 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\SCE 2015-01-14 02:51 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 02:51 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 02:51 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 02:51 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 02:51 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 02:51 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 02:51 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 02:51 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 02:51 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-14 02:51 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2015-01-14 02:51 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2015-01-14 02:51 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2015-01-14 02:51 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2015-01-14 02:51 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2015-01-14 02:51 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2015-01-14 02:51 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2015-01-14 02:51 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2015-01-14 02:51 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2015-01-14 02:51 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2015-01-14 02:51 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2015-01-14 02:51 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2015-01-14 02:51 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll 2015-01-14 02:51 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2015-01-14 02:51 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2015-01-14 02:51 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2015-01-10 08:43 - 2015-01-10 08:45 - 62465672 _____ (DVDVideoSoft Ltd. ) C:\Users\Jan 2015-01-10 06:53 - 2015-01-10 06:53 - 00280424 _____ () C:\WINDOWS\Minidump\011015-101265-01.dmp 2015-01-05 21:31 - 2015-01-05 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\State of Decay 2015-01-05 21:26 - 2013-11-30 07:58 - 00000000 ____D () C:\Users\Jan Plutke\Downloads\State of Decay - Elamigos 2015-01-03 21:42 - 2015-01-03 21:42 - 00002094 _____ () C:\Users\Public\Desktop\Studio Launcher.lnk 2015-01-03 21:41 - 2013-08-22 04:54 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ATL485d.rra 2015-01-03 21:35 - 2003-10-21 05:15 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP71.DLL 2015-01-03 21:35 - 2003-10-20 09:38 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCR71.DLL 2014-12-31 15:00 - 2015-01-01 07:50 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\Skyrim 2014-12-30 22:26 - 2014-12-30 22:26 - 00002445 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition (Launcher).lnk 2014-12-30 22:26 - 2014-12-30 22:26 - 00002391 _____ () C:\Users\Jan Plutke\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk 2014-12-30 22:09 - 2015-01-01 07:53 - 00000000 ____D () C:\Program Files (x86)\The Elder Scrolls V Skyrim - Legendary Edition (Game of the Year) 2014-12-27 22:07 - 2014-12-27 22:07 - 00002242 _____ () C:\Users\Public\Desktop\Postal 2 Apocalypse Weekend Expansion Pack.lnk 2014-12-27 22:07 - 2014-12-27 22:07 - 00002054 _____ () C:\Users\Public\Desktop\Postal 2 Share The Pain.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-26 17:21 - 2012-12-15 09:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1999916086-726414315-3245994003-1001 2015-01-26 17:11 - 2014-11-08 18:49 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-01-26 17:10 - 2014-11-29 18:32 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2015-01-26 17:10 - 2014-11-04 20:16 - 00018017 _____ () C:\WINDOWS\setupact.log 2015-01-26 17:10 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-01-26 17:09 - 2013-11-13 23:18 - 00142098 _____ () C:\WINDOWS\PFRO.log 2015-01-26 17:08 - 2014-07-06 11:56 - 00000000 ____D () C:\AdwCleaner 2015-01-26 17:02 - 2014-04-22 16:15 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Local\Akamai 2015-01-26 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Vss 2015-01-26 17:02 - 2012-12-15 11:15 - 00000000 ____D () C:\Users\Jan Plutke\Eigene Datien 2015-01-26 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-01-26 16:54 - 2014-01-02 21:34 - 02077698 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-26 16:30 - 2014-11-08 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-26 14:51 - 2013-11-14 08:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-26 14:51 - 2013-11-14 08:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2015-01-26 14:51 - 2013-11-14 08:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2015-01-26 14:11 - 2014-01-02 21:43 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E95950BD-F24A-4AB4-BA96-6CE26AB6F9C3} 2015-01-25 08:59 - 2012-12-15 13:35 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\vlc 2015-01-24 11:41 - 2014-01-09 13:31 - 00079360 ___SH () C:\Users\Jan Plutke\Desktop\Thumbs.db 2015-01-24 04:27 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-01-22 20:47 - 2013-07-20 12:45 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\.minecraft 2015-01-22 06:36 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-01-21 14:51 - 2013-11-08 17:17 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-20 16:13 - 2013-09-28 16:37 - 00000886 _____ () C:\Users\Jan Plutke\Desktop\Downloads.lnk 2015-01-19 22:32 - 2014-12-14 01:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-01-19 22:32 - 2014-12-14 01:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-18 18:31 - 2012-12-15 11:00 - 00571393 _____ () C:\WINDOWS\DirectX.log 2015-01-17 21:46 - 2014-02-06 12:54 - 01837056 ___SH () C:\Users\Jan Plutke\Documents\Thumbs.db 2015-01-16 07:23 - 2014-01-03 00:24 - 00547840 ___SH () C:\Users\Jan Plutke\Downloads\Thumbs.db 2015-01-16 07:18 - 2013-07-16 00:51 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-16 07:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2015-01-15 22:40 - 2013-01-07 18:32 - 00000000 ____D () C:\Users\Jan Plutke\AppData\Roaming\dvdcss 2015-01-14 05:06 - 2012-12-15 09:59 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-10 06:53 - 2014-01-13 12:12 - 00000000 ____D () C:\WINDOWS\Minidump 2015-01-10 06:50 - 2013-11-08 17:54 - 00000000 ____D () C:\Program Files (x86)\SpeedFan 2015-01-05 16:18 - 2013-10-25 10:32 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-05 16:15 - 2014-01-22 18:17 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-05 07:52 - 2013-10-11 23:27 - 00021840 ____T () C:\WINDOWS\SysWOW64\SIntfNT.dll 2015-01-05 07:52 - 2013-10-11 23:27 - 00017212 ____T () C:\WINDOWS\SysWOW64\SIntf32.dll 2015-01-05 07:52 - 2013-10-11 23:27 - 00012067 ____T () C:\WINDOWS\SysWOW64\SIntf16.dll 2015-01-05 07:52 - 2013-01-15 22:59 - 00000000 ____D () C:\Users\Jan Plutke\Desktop\Spiele 2015-01-03 23:53 - 2013-02-12 17:33 - 00001194 _____ () C:\WINDOWS\VFO.INI 2015-01-03 23:31 - 2013-02-12 18:01 - 00005270 _____ () C:\WINDOWS\attach.log 2015-01-03 22:22 - 2014-05-09 18:04 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2015-01-03 22:21 - 2013-02-14 18:19 - 00017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-01-03 22:08 - 2013-02-12 17:31 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI 2015-01-03 21:37 - 2013-02-12 17:33 - 00000107 _____ () C:\AUTOEXEC.BAT 2015-01-03 21:37 - 2013-02-12 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio 10 2015-01-03 21:36 - 2013-02-17 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX 2015-01-03 21:34 - 2013-02-12 14:10 - 00000037 _____ () C:\WINDOWS\install_Studio10.log 2015-01-01 22:31 - 2014-10-11 10:01 - 00704821 _____ () C:\Users\Jan Plutke\Documents\Ansicht 1zu5.VLM 2015-01-01 22:31 - 2014-10-05 09:21 - 00554719 _____ () C:\Users\Jan Plutke\Documents\Bett Schnitte 01.VLM 2014-12-31 15:00 - 2012-01-17 02:19 - 00000000 ____D () C:\Users\Jan Plutke\Documents\My Games 2014-12-27 22:07 - 2013-02-05 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2014-12-27 22:05 - 2013-02-05 15:12 - 00000000 ____D () C:\Program Files (x86)\GOG.com ==================== Files in the root of some directories ======= 2013-02-04 16:16 - 2013-02-04 16:16 - 0001644 _____ () C:\Users\Jan Plutke\AppData\Roaming\activebarcodeapp.ini 2013-10-24 21:33 - 2013-10-28 19:09 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen 2013-10-15 21:10 - 2013-10-15 21:10 - 0000132 _____ () C:\Users\Jan Plutke\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-04-29 07:08 - 2014-10-04 07:07 - 0000000 _____ () C:\Users\Jan Plutke\AppData\Roaming\bitlord_log.txt 2013-03-17 08:44 - 2013-03-17 08:44 - 0000163 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.pls 2013-04-08 22:15 - 2013-09-21 17:32 - 0000126 _____ () C:\Users\Jan Plutke\AppData\Roaming\default.rss 2014-03-15 09:23 - 2014-03-30 23:23 - 0000075 _____ () C:\Users\Jan Plutke\AppData\Roaming\WB.CFG 2013-02-14 18:19 - 2015-01-03 22:21 - 0017920 _____ () C:\Users\Jan Plutke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-05 15:56 - 2014-08-05 15:56 - 0590952 _____ (ClickMeIn Limited) C:\Users\Jan Plutke\AppData\Local\nshA343.tmp 2014-09-07 17:57 - 2014-09-07 17:57 - 0000218 _____ () C:\Users\Jan Plutke\AppData\Local\recently-used.xbel Some content of TEMP: ==================== C:\Users\Jan Plutke\AppData\Local\Temp\AutoRun.exe C:\Users\Jan Plutke\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Jan Plutke\AppData\Local\Temp\Civilization4.exe C:\Users\Jan Plutke\AppData\Local\Temp\sfamcc00001.dll C:\Users\Jan Plutke\AppData\Local\Temp\sfareca00001.dll C:\Users\Jan Plutke\AppData\Local\Temp\SniperEliteV2.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-25 19:25 ==================== End Of Log ============================ --- --- --- |
|
26.01.2015, 19:26
| #8 |
| /// the machine /// TB-Ausbilder | Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!!ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Interpol-Virus Windows 8.1 entfernen bitte für Dummies!!!! |
| bedingt, beiträge, bisherigen, dummies, entferne, entfernen, erklären, interpol-virus, unbedingt, windows, windows 8.1, wirklich |
dann auf 
und dann auf 
. 
Linear-Darstellung
