5 Viren beim Scan gefunden

Bi_Fi · 16.02.2015, 15:21

Hallo Leute,

Gestern hat mein GData Programm beim Scan 5 Viren bei dem Laptop meines Sohnes gefunden. Ich habe die infizierten Dateien in die Qurantäne verschoben. Ich habe mal ein Screenshot von der Qurantäne beigefügt.

Außerdem habe ich mal mit FRST einen Scan durchgeführt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Oli (administrator) on OLIVER on 16-02-2015 15:12:28
Running from C:\Users\Oli\Downloads
Loaded Profiles: Oli (Available profiles: Oli)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\GUI\GDSC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492248 2012-12-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [263128 2013-03-05] (CyberLink Corp.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4185052740-853389588-2360426906-1001\...\Run: [Facebook Update] => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-03] (Facebook Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4185052740-853389588-2360426906-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4185052740-853389588-2360426906-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4185052740-853389588-2360426906-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX

FireFox:
========
FF ProfilePath: C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4185052740-853389588-2360426906-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Oli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\searchplugins\istartsurf.xml
FF Extension: Fast Start - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\Extensions\faststartff@gmail.com [2015-02-15]
FF Extension: Search Enginer - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\Extensions\searchengine@gmail.com [2015-02-15]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160256 2013-01-19] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MagnoPlayerUpdaterService; C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.exe [11776 2015-02-09] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-15] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-12-10] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-12-10] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-12-10] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-12-10] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2014-12-10] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-22] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-12-10] (G Data Software AG)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-15 20:12 - 2015-02-16 15:12 - 00016078 _____ () C:\Users\Oli\Downloads\FRST.txt
2015-02-15 20:11 - 2015-02-16 15:12 - 00000000 ____D () C:\FRST
2015-02-15 20:10 - 2015-02-15 20:10 - 02085888 _____ (Farbar) C:\Users\Oli\Downloads\FRST64.exe
2015-02-15 20:08 - 2015-02-15 20:08 - 01125888 _____ (Farbar) C:\Users\Oli\Downloads\FRST.exe
2015-02-15 19:29 - 2015-02-15 19:29 - 00000000 ____D () C:\ProgramData\Uniblue
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieUserList
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieSiteList
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieBrowserModeList
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 ____D () C:\Users\Oli\AppData\Roaming\istartsurf
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 ____D () C:\Users\Oli\AppData\Local\magnoplayer
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 ____D () C:\Users\Oli\AppData\Local\com
2015-02-15 16:14 - 2015-02-15 16:14 - 00002552 _____ () C:\WINDOWS\System32\Tasks\PC-Mechanic Subscription
2015-02-15 16:14 - 2015-02-15 16:14 - 00001935 _____ () C:\Users\Oli\Desktop\MagnoPlayer.lnk
2015-02-15 16:14 - 2015-02-15 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagnoPlayer
2015-02-15 16:13 - 2015-02-16 15:13 - 00000288 _____ () C:\WINDOWS\Tasks\PC-Mechanic Maintenance.job
2015-02-15 16:13 - 2015-02-16 14:57 - 00000290 _____ () C:\WINDOWS\Tasks\DriverScanner.job
2015-02-15 16:13 - 2015-02-16 14:57 - 00000288 _____ () C:\WINDOWS\Tasks\PC-Mechanic Subscription.job
2015-02-15 16:13 - 2015-02-16 14:56 - 00000350 _____ () C:\WINDOWS\Tasks\dsmonitor.job
2015-02-15 16:13 - 2015-02-16 14:56 - 00000282 _____ () C:\WINDOWS\Tasks\PC-Mechanic Startup.job
2015-02-15 16:13 - 2015-02-15 16:14 - 00002486 _____ () C:\WINDOWS\System32\Tasks\PC-Mechanic Startup
2015-02-15 16:13 - 2015-02-15 16:14 - 00000000 ____D () C:\Program Files (x86)\MagnoPlayer
2015-02-15 16:13 - 2015-02-15 16:13 - 00003182 _____ () C:\WINDOWS\System32\Tasks\PC-Mechanic Maintenance
2015-02-15 16:13 - 2015-02-15 16:13 - 00002494 _____ () C:\WINDOWS\System32\Tasks\DriverScanner
2015-02-15 16:13 - 2015-02-15 16:13 - 00002486 _____ () C:\WINDOWS\System32\Tasks\dsmonitor
2015-02-15 16:13 - 2015-02-15 16:13 - 00001185 _____ () C:\Users\Public\Desktop\PC Mechanic.lnk
2015-02-15 16:12 - 2015-02-15 16:13 - 00000000 ____D () C:\Users\Oli\AppData\Roaming\Uniblue
2015-02-15 16:12 - 2015-02-15 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-02-15 16:12 - 2015-02-15 16:13 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2015-02-15 16:12 - 2015-02-15 16:12 - 00001209 _____ () C:\Users\Public\Desktop\DriverScanner.lnk
2015-02-15 16:11 - 2015-02-15 16:11 - 00673464 _____ () C:\Users\Oli\Downloads\Player.exe
2015-02-11 21:07 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 21:07 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 21:07 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 21:07 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 19:26 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 19:26 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 19:26 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 19:26 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 19:26 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 19:26 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 19:26 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 19:26 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 19:26 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 19:26 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 19:26 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 19:26 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 19:26 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 19:26 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 19:26 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 19:26 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 19:26 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 19:26 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 19:26 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 19:26 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 19:26 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 19:26 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 19:26 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 19:26 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 19:26 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 19:26 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 19:25 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 19:25 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 19:25 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 19:25 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 19:25 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 19:25 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 19:25 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 19:25 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 19:25 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 19:25 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 19:25 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 19:25 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 19:25 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 19:25 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 19:25 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 19:25 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 19:25 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 19:25 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 19:25 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 19:25 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 19:25 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 19:25 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 19:25 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 19:25 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 19:25 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 19:25 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 19:25 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 19:25 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 19:25 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 19:25 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 19:25 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 19:25 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 19:25 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 19:25 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 19:25 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 19:25 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 19:25 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-05 19:32 - 2015-02-05 19:32 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-26 20:30 - 2015-01-26 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 15:08 - 2014-11-15 21:23 - 01665175 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 15:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-16 15:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 15:01 - 2014-12-30 00:50 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C4436E3-A3B0-48A9-889E-003EB6A0E604}
2015-02-16 15:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-16 14:58 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 14:58 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-16 14:58 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-16 14:57 - 2014-03-03 17:52 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA.job
2015-02-16 14:57 - 2013-09-11 19:14 - 00000000 ____D () C:\Users\Oli\Documents\Youcam
2015-02-15 20:32 - 2013-09-11 21:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 19:27 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 19:26 - 2013-08-22 15:46 - 00290363 _____ () C:\WINDOWS\setupact.log
2015-02-15 19:26 - 2013-08-22 15:44 - 00347808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 17:42 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-15 17:27 - 2013-09-11 19:27 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4185052740-853389588-2360426906-1001
2015-02-15 16:14 - 2014-11-16 11:15 - 00001678 _____ () C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-15 16:14 - 2013-09-11 19:26 - 00001375 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-15 16:14 - 2013-09-11 19:26 - 00001363 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-15 16:14 - 2013-06-13 14:28 - 00002669 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-02-15 16:14 - 2013-06-10 07:49 - 00002661 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-02-15 16:10 - 2013-09-19 15:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 16:05 - 2013-06-04 13:30 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 15:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-05 19:32 - 2013-09-11 21:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-12 23:25 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 23:25 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 19:55 - 2014-11-15 20:59 - 00000000 ____D () C:\Users\Oli
2015-01-27 20:52 - 2013-09-11 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 17:57 - 2014-03-03 17:52 - 00000912 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core.job

==================== Files in the root of some directories =======

2013-06-10 07:14 - 2013-06-10 07:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-06-06 12:18 - 2013-06-06 12:18 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-06-06 12:18 - 2013-06-06 12:19 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-06 12:12 - 2013-06-06 12:13 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-06 12:17 - 2013-06-06 12:17 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-06-06 12:10 - 2013-06-06 12:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-06 12:14 - 2013-06-06 12:14 - 0000032 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-06-06 12:19 - 2013-06-06 12:19 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
2013-06-06 12:14 - 2013-06-06 12:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-06-06 12:10 - 2013-06-06 12:12 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-06-06 12:13 - 2013-06-06 12:13 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Oli\AppData\Local\Temp\data.exe
C:\Users\Oli\AppData\Local\Temp\Setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 16:02

==================== End Of Log ============================

und hier die Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Oli at 2015-02-16 15:13:15
Running from C:\Users\Oli\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
CyberLink PowerDirector (Version: 9.0.0.5129 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.13.1 - Uniblue Systems Ltd)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.3 - G DATA Software AG)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version:  - istartsurf) <==== ATTENTION
MagnoPlayer (HKLM-x32\...\MagnoPlayer) (Version: v2.1.2.10 - SoftForce LLC)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.2419 - CyberLink Corp.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PC Mechanic (HKLM-x32\...\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1) (Version: 1.0.3.6 - Uniblue Systems Limited)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0084 - Pegatron Corporation)
PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4185052740-853389588-2360426906-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

12-01-2015 22:28:58 Geplanter Prüfpunkt
16-01-2015 12:17:37 Windows Update
28-01-2015 20:57:11 Windows Update
06-02-2015 19:37:50 Windows Update
15-02-2015 16:02:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11431DDE-8E11-4C28-9CF5-12269FBC2EDE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {408BF3B8-D55F-42B0-BBA6-73033498A106} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {54280624-B7D9-4200-A624-6120AB4D45BC} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2015-01-27] (Uniblue Systems Ltd)
Task: {7C500948-6CE2-4DAB-AA50-542653AF54D6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {7F61D9BE-7163-47C6-A6C6-C852FAEC0EA6} - System32\Tasks\DriverScanner => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe [2015-01-27] (Uniblue Systems Ltd)
Task: {85D58CF8-7AC5-48FE-83F2-DCDF4B163CAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {AFBBEE74-87F6-44E7-9838-92DD4542EEEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {B24446B7-072A-4FE8-B18A-4774C9A3112A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {B299174A-8258-4948-B627-65B759858F78} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-01-28] (Uniblue Systems Limited)
Task: {BE0FB641-A699-4F82-805F-4E78EB4D588E} - System32\Tasks\PC-Mechanic Startup => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-01-28] (Uniblue Systems Limited)
Task: {C2145DB2-4242-49B6-8D64-506533F9C1C5} - System32\Tasks\PC-Mechanic Maintenance => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe [2015-01-28] (Uniblue Systems Limited)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverScanner.job => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
Task: C:\WINDOWS\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core.job => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA.job => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\PC-Mechanic Maintenance.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\WINDOWS\Tasks\PC-Mechanic Startup.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\WINDOWS\Tasks\PC-Mechanic Subscription.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-13 14:24 - 2013-01-19 02:33 - 00160256 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2015-02-09 16:42 - 2015-02-09 16:42 - 00011776 _____ () C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.exe
2013-06-06 12:14 - 2010-08-19 10:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-06-13 14:24 - 2013-02-05 12:52 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-06-13 14:24 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-06-13 14:24 - 2012-10-23 18:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-06-13 14:24 - 2013-02-05 12:50 - 08851968 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-12-08 20:10 - 2014-12-08 20:10 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\63948598d919af60addb114fdd3ccb56\PSIClient.ni.dll
2013-06-10 06:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-13 14:24 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-06-13 14:24 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-06-06 12:12 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-26 20:30 - 2015-01-26 20:30 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4185052740-853389588-2360426906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4185052740-853389588-2360426906-500 - Administrator - Disabled)
Gast (S-1-5-21-4185052740-853389588-2360426906-501 - Limited - Disabled)
Oli (S-1-5-21-4185052740-853389588-2360426906-1001 - Administrator - Enabled) => C:\Users\Oli

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/16/2015 03:02:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14287.174, Zeitstempel: 0x543c744f
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14287.175, Zeitstempel: 0x543c7471
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00024b59
ID des fehlerhaften Prozesses: 0x68c
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Vollständiger Name des fehlerhaften Pakets: AVKProxy.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AVKProxy.exe5

Error: (02/16/2015 02:57:07 PM) (Source: Google Update) (EventID: 20) (User: Oliver)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (02/15/2015 04:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xa80
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (02/15/2015 04:07:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000462a8
ID des fehlerhaften Prozesses: 0x1a30
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (02/15/2015 04:07:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000462a8
ID des fehlerhaften Prozesses: 0x1928
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (02/15/2015 03:47:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x155c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (02/14/2015 11:36:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14287.174, Zeitstempel: 0x543c744f
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14287.175, Zeitstempel: 0x543c7471
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e512
ID des fehlerhaften Prozesses: 0x610
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Vollständiger Name des fehlerhaften Pakets: AVKProxy.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AVKProxy.exe5

Error: (02/07/2015 10:38:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049ae5
ID des fehlerhaften Prozesses: 0xb3c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (02/07/2015 10:38:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000462a8
ID des fehlerhaften Prozesses: 0xb00
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5

Error: (02/07/2015 10:38:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Name des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe, Version: 16.0.0.305, Zeitstempel: 0x54cff379
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00049ae5
ID des fehlerhaften Prozesses: 0x1674
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_16_0_0_305.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_16_0_0_305.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_16_0_0_305.exe2
Berichtskennung: FlashPlayerPlugin_16_0_0_305.exe3
Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_16_0_0_305.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_16_0_0_305.exe5


System errors:
=============
Error: (02/16/2015 03:02:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/15/2015 08:48:33 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (02/15/2015 07:25:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.

Error: (02/15/2015 05:28:20 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/15/2015 05:27:50 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/15/2015 04:02:39 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/15/2015 04:02:09 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/14/2015 11:58:21 AM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/14/2015 11:58:21 AM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/14/2015 11:58:15 AM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (02/16/2015 03:02:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKProxy.exe1.5.14287.174543c744favkhttp.dll25.0.14287.175543c7471c000000500024b5968c01d0494d02397043C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dll6e851f60-b5e4-11e4-bf03-6817293d69e9

Error: (02/16/2015 02:57:07 PM) (Source: Google Update) (EventID: 20) (User: Oliver)
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80

Error: (02/15/2015 04:14:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425a8001d04931269b24d9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll63819967-b525-11e4-bf01-6817293d69e9

Error: (02/15/2015 04:07:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379ntdll.dll6.3.9600.1727853eeb4a3c0000005000462a81a3001d0493120a15ffeC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeC:\WINDOWS\SYSTEM32\ntdll.dll5e592067-b524-11e4-bf01-6817293d69e9

Error: (02/15/2015 04:07:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379ntdll.dll6.3.9600.1727853eeb4a3c0000005000462a8192801d049311a69b4c8C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeC:\WINDOWS\SYSTEM32\ntdll.dll58e50206-b524-11e4-bf01-6817293d69e9

Error: (02/15/2015 03:47:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425155c01d0492b1d075308C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll80be3770-b521-11e4-bf01-6817293d69e9

Error: (02/14/2015 11:36:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AVKProxy.exe1.5.14287.174543c744favkhttp.dll25.0.14287.175543c7471c00004170008e51261001d0423c519578a8C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exeC:\Program Files (x86)\Common Files\G Data\AVKProxy\avkhttp.dll62066145-b435-11e4-bf01-6817293d69e9

Error: (02/07/2015 10:38:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379c000000500049ae5b3c01d042b9d926ffeaC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe16df779f-aead-11e4-bf01-6817293d69e9

Error: (02/07/2015 10:38:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379ntdll.dll6.3.9600.1727853eeb4a3c0000005000462a8b0001d042b9d281fef3C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeC:\WINDOWS\SYSTEM32\ntdll.dll103cd931-aead-11e4-bf01-6817293d69e9

Error: (02/07/2015 10:38:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379FlashPlayerPlugin_16_0_0_305.exe16.0.0.30554cff379c000000500049ae5167401d042b9cbcafb85C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exeC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe09bf1cc1-aead-11e4-bf01-6817293d69e9


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3977.09 MB
Available physical RAM: 2083.49 MB
Total Pagefile: 4745.09 MB
Available Pagefile: 2504.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:403.61 GB) (Free:368.29 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:42.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5F378A69)

Partition: GPT Partition Type.

==================== End Of Log ============================

Ich denke, man sollte das gesamte System formatieren und Windows neu installieren. Was meint ihr dazu?

schrauber · 16.02.2015, 15:39

hi,

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

istartsurf uninstall
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Bi_Fi · 16.02.2015, 22:01

Hi,

Habe alles so wie in der Anleitung gemacht. Hier sind die Log-Dateien.

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.02.2015
Suchlauf-Zeit: 21:10:21
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.16.08
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Oli

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 336243
Verstrichene Zeit: 20 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.exe, 2088, Löschen bei Neustart, [919777a8494177bfe165d8ba24dfaa56]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 11
PUP.Optional.MagnoPlayer.A, HKLM\SOFTWARE\CLASSES\APPLICATIONS\MagnoPlayer.exe, In Quarantäne, [9c8cd54ac8c26ccaa3a77d1547bc45bb], 
PUP.Optional.MagnoPlayer.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPLICATIONS\MagnoPlayer.exe, In Quarantäne, [8b9da9763555ef47a5a5335f60a3b64a], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [f2361c03a1e9d0663559e219f113d12f], 
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [59cf67b81b6f4ee8001c8b2213f0a45c], 
PUP.Optional.MagnoPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MagnoPlayer, In Quarantäne, [b87038e7840682b44cffb4de2fd4e818], 
PUP.Optional.MagnoPlayer.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPLICATIONS\MagnoPlayer.exe, In Quarantäne, [b870120d583262d45cee99f9996a7e82], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a97f7ba44a4093a3e8a640bb51b36a96], 
PUP.Optional.MagnoPlayer.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MagnoPlayerUpdaterService, In Quarantäne, [919777a8494177bfe165d8ba24dfaa56], 
PUP.Optional.Qone8, HKU\S-1-5-21-4185052740-853389588-2360426906-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [0226cb54cfbb52e41479d42743c1a759], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-4185052740-853389588-2360426906-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [67c1f9266e1c95a1651b9513778ca35d], 
PUP.Optional.MagnoPlayer.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MagnoPlayer, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 

Registrierungswerte: 3
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com, In Quarantäne, [d256e23d7c0e3303c0ab42dab05540c0]
PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com, In Quarantäne, [9f891a05e5a561d580695fafcd3849b7]
PUP.Optional.FastStart.A, HKU\S-1-5-21-4185052740-853389588-2360426906-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [67c1f9266e1c95a1651b9513778ca35d]

Registrierungsdaten: 9
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX),Ersetzt,[30f8d946b5d5b87e0f610ea9b3529f61]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX),Ersetzt,[8f99c35c5535280e0f62684f679e45bb]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}),Ersetzt,[1e0a1c034941a98d1a4dab0c9075a15f]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX),Ersetzt,[8d9b4fd08406f145e4814f6861a4da26]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX, Gut: (www.google.com), Schlecht: (hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX),Ersetzt,[190fa8771a70d75f97d23a7de0258779]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[11175bc45f2b2e083229923064a15aa6]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX),Ersetzt,[8c9c5ac5fd8d6fc70c64a51250b58a76]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX),Ersetzt,[db4d46d913779d99521f37802dd8a759]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[21075fc06c1e66d0f368ccf6f21354ac]

Ordner: 47
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.MagnoPlayer.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagnoPlayer, In Quarantäne, [80a899862b5f5adcb8e22765d3304ab6], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer, Löschen bei Neustart, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\com\MagnoPlayer.exe_Url_1mhbegbsljequujxisnv3adbpqk4e3ar, In Quarantäne, [78b01c03ed9df640a4f86d1f5aa94bb5], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\com\MagnoPlayer.exe_Url_1mhbegbsljequujxisnv3adbpqk4e3ar\2.1.2.10, In Quarantäne, [78b01c03ed9df640a4f86d1f5aa94bb5], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\magnoplayer, In Quarantäne, [00289e816a20fa3cccd14646ec17b64a], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\magnoplayer\config, In Quarantäne, [00289e816a20fa3cccd14646ec17b64a], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\magnoplayer\Playlists, In Quarantäne, [00289e816a20fa3cccd14646ec17b64a], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\magnoplayer\Snap, In Quarantäne, [00289e816a20fa3cccd14646ec17b64a], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\chrome, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\chrome\content, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\chrome\skin, In Quarantäne, [df491807444660d684a01678649fb947], 

Dateien: 151
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\FrameworkControl.exe, In Quarantäne, [7fa9958a5d2d31059cc24524d52b08f8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\MagnoPlayer.exe, In Quarantäne, [c95f67b8414992a4401e2940d52b9967], 
PUP.Optional.SoftPulse, C:\Users\Oli\AppData\Local\Temp\Setup.exe, In Quarantäne, [2dfb1c03a4e681b5bcf64fd3a0625ca4], 
PUP.Optional.SoftPulse, C:\Users\Oli\AppData\Local\Temp\data.exe, In Quarantäne, [d75148d7afdbad89456d978b0cf644bc], 
PUP.Optional.IStartsurf.A, C:\Users\Oli\AppData\Local\Temp\2a9d9da4-9926-483e-b7c5-23d2dfa44bc3\lly_istartsurf.exe, In Quarantäne, [f2366cb30a80cd69067b02f9966f8b75], 
PUP.Optional.StartPage.A, C:\Users\Oli\AppData\Local\Temp\Wtmp765186390\BaofengUpdate.exe, In Quarantäne, [989043dcc3c789ad5afe8f6ea061cd33], 
PUP.Optional.SkyTech.A, C:\Users\Oli\AppData\Local\Temp\Wtmp765186390\BFVUpdateM.dll, In Quarantäne, [c860d34c09810d29c5ab2dd028d98d73], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\Temp\f4e5d85a-96ca-425d-8aa2-d331a5ad060b\magnoplayersetup.exe, In Quarantäne, [7dabf728cac022144f0f33369c6403fd], 
PUP.Optional.SoftPulse, C:\Users\Oli\Downloads\Player.exe, In Quarantäne, [f632cb54fc8e95a1e8caee34a75beb15], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\Desktop\MagnoPlayer.lnk, In Quarantäne, [61c7001f2a60f4426bdd286ae22157a9], 
PUP.Optional.IStartSurf.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\searchplugins\istartsurf.xml, In Quarantäne, [bc6c68b7cac0a09659f21d9146bd3ec2], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.exe, Löschen bei Neustart, [919777a8494177bfe165d8ba24dfaa56], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.FastStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [bf69ae71612949eda34289e245be36ca], 
PUP.Optional.MagnoPlayer.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagnoPlayer\MagnoPlayer.lnk, In Quarantäne, [80a899862b5f5adcb8e22765d3304ab6], 
PUP.Optional.MagnoPlayer.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagnoPlayer\Uninstall MagnoPlayer.lnk, In Quarantäne, [80a899862b5f5adcb8e22765d3304ab6], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\dotNetFx40_Full_setup.exe, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\icon-uninstall.ico, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\icon.ico, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\LTV2.exe, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\magnoplayer.affcode, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\magnoplayer.uidnum, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.InstallLog, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\MagnoPlayerUpdaterService.InstallState, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\mgpUpdater.exe, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Newtonsoft.Json.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\PhotoLoader.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\policy.2.0.taglib-sharp.config, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\policy.2.0.taglib-sharp.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\taglib-sharp.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\uninstall.exe, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Hindi.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Arabic.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Bulgarian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Catalan.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\ChineseS.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\ChineseT.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Czech.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Danish.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Dutch.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\English.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Estonian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Finnish.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\French.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\German.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Greek.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\HaitianCreole.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Hebrew.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Hungarian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Indonesian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Italian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Japanese.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Korean.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Latvian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Lithuanian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Norwegian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Polish.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Portuguese.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Romanian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Russian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Slovak.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Slovenian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Spanish.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Swedish.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Thai.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Turkish.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Ukrainian.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\Languages\Vietnamese.ini, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\extaudio.png, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\extvideo.png, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\ffmpeg.exe, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\folder.png, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\Interop.SHDocVw.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\libreria.png, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\mgChecker.exe, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\NDde.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\Newtonsoft.Json.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\PhotoLoader.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\policy.2.0.taglib-sharp.config, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\policy.2.0.taglib-sharp.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\taglib-sharp.dll, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Program Files (x86)\MagnoPlayer\references\Thumbs.db, In Quarantäne, [db4db669533749ed57443a52fb0838c8], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\com\MagnoPlayer.exe_Url_1mhbegbsljequujxisnv3adbpqk4e3ar\2.1.2.10\user.config, In Quarantäne, [78b01c03ed9df640a4f86d1f5aa94bb5], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\magnoplayer\log.txt, In Quarantäne, [00289e816a20fa3cccd14646ec17b64a], 
PUP.Optional.MagnoPlayer.A, C:\Users\Oli\AppData\Local\magnoplayer\config\config.ini, In Quarantäne, [00289e816a20fa3cccd14646ec17b64a], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\chrome.manifest, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\install.rdf, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\chrome\content\toolbar.js, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.SearchEngine.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\extensions\searchengine@gmail.com\chrome\skin\icon.png, In Quarantäne, [df491807444660d684a01678649fb947], 
PUP.Optional.QuickStart.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[57d16cb3fa9081b5624bdb22b550ea16]
PUP.Optional.IStartSurf.A, C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX");), Ersetzt,[ba6ec8576b1f290db81230cd29dc22de]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

AdwCleaner
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 16/02/2015 um 21:45:10
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-14.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Oli - OLIVER
# Gestarted von : C:\Users\Oli\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Users\Oli\AppData\Roaming\Uniblue
Datei Gelöscht : C:\Users\Public\Desktop\driverscanner.lnk
Datei Gelöscht : C:\Users\Public\Desktop\PC Mechanic.lnk
Datei Gelöscht : C:\Users\Oli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : driverscanner
Task Gelöscht : dsmonitor
Task Gelöscht : PC-Mechanic Startup
Task Gelöscht : PC-Mechanic Maintenance

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
Verknüpfung Desinfiziert : C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Oli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F88FC5D-4D46-448A-AF59-7061FFC6ABBF}_is1

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v35.0.1 (x86 de)

[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "istartsurf");
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "istartsurf");
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX&q={searchTerms}");
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "istartsurf");
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1424013290&from=tugs&uid=HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX");
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[2fvdcoyl.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [3420 Bytes] - [16/02/2015 21:43:10]
AdwCleaner[S0].txt - [3572 Bytes] - [16/02/2015 21:45:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3631  Bytes] ##########

--- --- ---

[/CODE]

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Oli on 16.02.2015 at 21:50:13,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERSCANNER.EXE-3821D4FC.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERSCANNER.EXE-FA6364D7.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERSCANNER.TMP-FBF48D36.pf



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Oli\AppData\Roaming\mozilla\firefox\profiles\2fvdcoyl.default\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "tugs");
user_pref("browser.search.searchengine.uid", "HGSTXHTS545050A7E680_TE85313R2HKYSK2HKYSKX");
Emptied folder: C:\Users\Oli\AppData\Roaming\mozilla\firefox\profiles\2fvdcoyl.default\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2015 at 21:53:41,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Oli (administrator) on OLIVER on 16-02-2015 21:55:21
Running from C:\Users\Oli\Downloads
Loaded Profiles: Oli (Available profiles: Oli)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltSur64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492248 2012-12-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [263128 2013-03-05] (CyberLink Corp.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4185052740-853389588-2360426906-1001\...\Run: [Facebook Update] => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-03] (Facebook Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4185052740-853389588-2360426906-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4185052740-853389588-2360426906-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Oli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160256 2013-01-19] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-15] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-12-10] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-12-10] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-12-10] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-12-10] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2014-12-10] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-22] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-12-10] (G Data Software AG)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 21:53 - 2015-02-16 21:53 - 00001479 _____ () C:\Users\Oli\Desktop\JRT.txt
2015-02-16 21:49 - 2015-02-16 21:49 - 01388274 _____ (Thisisu) C:\Users\Oli\Downloads\JRT.exe
2015-02-16 21:48 - 2015-02-16 21:48 - 00003715 _____ () C:\Users\Oli\Desktop\AdwCleaner[S0].txt
2015-02-16 21:43 - 2015-02-16 21:45 - 00000000 ____D () C:\AdwCleaner
2015-02-16 21:42 - 2015-02-16 21:42 - 02112512 _____ () C:\Users\Oli\Downloads\AdwCleaner_4.110.exe
2015-02-16 21:41 - 2015-02-16 21:41 - 00042671 _____ () C:\Users\Oli\Desktop\mbam.txt
2015-02-16 21:09 - 2015-02-16 21:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 21:09 - 2015-02-16 21:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-16 21:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-16 21:09 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-16 21:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-16 21:06 - 2015-02-16 21:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oli\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-16 21:02 - 2015-02-16 21:02 - 00001284 _____ () C:\Users\Oli\Desktop\Revo Uninstaller.lnk
2015-02-16 21:02 - 2015-02-16 21:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-16 21:01 - 2015-02-16 21:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oli\Downloads\revosetup95.exe
2015-02-15 20:12 - 2015-02-16 21:55 - 00012917 _____ () C:\Users\Oli\Downloads\FRST.txt
2015-02-15 20:11 - 2015-02-16 21:55 - 00000000 ____D () C:\FRST
2015-02-15 20:10 - 2015-02-15 20:10 - 02085888 _____ (Farbar) C:\Users\Oli\Downloads\FRST64.exe
2015-02-15 20:08 - 2015-02-15 20:08 - 01125888 _____ (Farbar) C:\Users\Oli\Downloads\FRST.exe
2015-02-15 16:15 - 2015-02-16 21:34 - 00000000 ____D () C:\Users\Oli\AppData\Local\com
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieUserList
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieSiteList
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieBrowserModeList
2015-02-15 16:14 - 2015-02-15 16:14 - 00002552 _____ () C:\WINDOWS\System32\Tasks\PC-Mechanic Subscription
2015-02-15 16:13 - 2015-02-16 21:46 - 00000288 _____ () C:\WINDOWS\Tasks\PC-Mechanic Subscription.job
2015-02-11 21:07 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 21:07 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 21:07 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 21:07 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 19:26 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 19:26 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 19:26 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 19:26 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 19:26 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 19:26 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 19:26 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 19:26 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 19:26 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 19:26 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 19:26 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 19:26 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 19:26 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 19:26 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 19:26 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 19:26 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 19:26 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 19:26 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 19:26 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 19:26 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 19:26 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 19:26 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 19:26 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 19:26 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 19:26 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 19:26 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 19:25 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 19:25 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 19:25 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 19:25 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 19:25 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 19:25 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 19:25 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 19:25 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 19:25 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 19:25 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 19:25 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 19:25 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 19:25 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 19:25 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 19:25 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 19:25 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 19:25 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 19:25 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 19:25 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 19:25 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 19:25 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 19:25 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 19:25 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 19:25 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 19:25 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 19:25 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 19:25 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 19:25 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 19:25 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 19:25 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 19:25 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 19:25 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 19:25 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 19:25 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 19:25 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 19:25 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 19:25 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-05 19:32 - 2015-02-05 19:32 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-26 20:30 - 2015-01-26 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-16 21:48 - 2013-09-11 19:14 - 00000000 ____D () C:\Users\Oli\Documents\Youcam
2015-02-16 21:46 - 2013-08-22 15:46 - 00291361 _____ () C:\WINDOWS\setupact.log
2015-02-16 21:46 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 21:45 - 2014-11-16 11:15 - 00001007 _____ () C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-16 21:45 - 2014-11-15 21:23 - 01744025 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-16 21:45 - 2014-09-23 22:06 - 00074992 _____ () C:\WINDOWS\PFRO.log
2015-02-16 21:45 - 2013-09-11 19:26 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-16 21:45 - 2013-09-11 19:26 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-16 21:45 - 2013-06-13 14:28 - 00001114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-02-16 21:45 - 2013-06-10 07:49 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-02-16 21:42 - 2013-09-11 19:27 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4185052740-853389588-2360426906-1001
2015-02-16 21:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System
2015-02-16 21:35 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 21:32 - 2013-09-11 21:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-16 21:31 - 2014-12-30 00:50 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C4436E3-A3B0-48A9-889E-003EB6A0E604}
2015-02-16 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-16 20:57 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-16 20:57 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-16 20:57 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-16 20:57 - 2014-03-03 17:52 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA.job
2015-02-16 15:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-16 15:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-15 19:26 - 2013-08-22 15:44 - 00347808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 16:10 - 2013-09-19 15:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 16:05 - 2013-06-04 13:30 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 15:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-05 19:32 - 2013-09-11 21:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-12 23:25 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 23:25 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 19:55 - 2014-11-15 20:59 - 00000000 ____D () C:\Users\Oli
2015-01-27 20:52 - 2013-09-11 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 17:57 - 2014-03-03 17:52 - 00000912 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core.job

==================== Files in the root of some directories =======

2013-06-10 07:14 - 2013-06-10 07:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-06-06 12:18 - 2013-06-06 12:18 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-06-06 12:18 - 2013-06-06 12:19 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-06 12:12 - 2013-06-06 12:13 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-06 12:17 - 2013-06-06 12:17 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-06-06 12:10 - 2013-06-06 12:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-06 12:14 - 2013-06-06 12:14 - 0000032 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-06-06 12:19 - 2013-06-06 12:19 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
2013-06-06 12:14 - 2013-06-06 12:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-06-06 12:10 - 2013-06-06 12:12 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-06-06 12:13 - 2013-06-06 12:13 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Oli\AppData\Local\Temp\Quarantine.exe
C:\Users\Oli\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 16:02

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Oli at 2015-02-16 21:56:14
Running from C:\Users\Oli\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
CyberLink PowerDirector (Version: 9.0.0.5129 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.3 - G DATA Software AG)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.2419 - CyberLink Corp.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0084 - Pegatron Corporation)
PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4185052740-853389588-2360426906-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

12-01-2015 22:28:58 Geplanter Prüfpunkt
16-01-2015 12:17:37 Windows Update
28-01-2015 20:57:11 Windows Update
06-02-2015 19:37:50 Windows Update
15-02-2015 16:02:45 Windows Update
16-02-2015 21:03:54 Revo Uninstaller's restore point - istartsurf uninstall

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11431DDE-8E11-4C28-9CF5-12269FBC2EDE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {408BF3B8-D55F-42B0-BBA6-73033498A106} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {7C500948-6CE2-4DAB-AA50-542653AF54D6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {85D58CF8-7AC5-48FE-83F2-DCDF4B163CAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {AFBBEE74-87F6-44E7-9838-92DD4542EEEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {B24446B7-072A-4FE8-B18A-4774C9A3112A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {B299174A-8258-4948-B627-65B759858F78} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core.job => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA.job => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\PC-Mechanic Subscription.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-13 14:24 - 2013-01-19 02:33 - 00160256 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-06-06 12:14 - 2010-08-19 10:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-06-13 14:24 - 2013-02-05 12:52 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-06-13 14:24 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-06-13 14:24 - 2012-10-23 18:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-06-13 14:24 - 2013-02-05 12:50 - 08851968 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2013-06-13 14:24 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-06-13 14:24 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-06-06 12:12 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-08 20:10 - 2014-12-08 20:10 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\63948598d919af60addb114fdd3ccb56\PSIClient.ni.dll
2013-06-10 06:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-01-26 20:30 - 2015-01-26 20:30 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4185052740-853389588-2360426906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4185052740-853389588-2360426906-500 - Administrator - Disabled)
Gast (S-1-5-21-4185052740-853389588-2360426906-501 - Limited - Disabled)
Oli (S-1-5-21-4185052740-853389588-2360426906-1001 - Administrator - Enabled) => C:\Users\Oli

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/16/2015 09:56:34 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:56:04 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:55:34 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 3977.09 MB
Available physical RAM: 2456 MB
Total Pagefile: 4745.09 MB
Available Pagefile: 2820.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:403.61 GB) (Free:368.13 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:42.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5F378A69)

Partition: GPT Partition Type.

==================== End Of Log ============================

Bitte um weitere Instruktionen.

schrauber · 17.02.2015, 13:12

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Bi_Fi · 17.02.2015, 22:46

Hi,

Hier sind die neuen Informationen:
Eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7be373b431546f4cb38e05ea934bd380
# engine=22518
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-17 09:02:46
# local_time=2015-02-17 10:02:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8129752 55497197 0 0
# scanned=187877
# found=1
# cleaned=0
# scan_time=4739
sh=5B4DCE1E3DF3C91EC0108B8598E405A26531DE4E ft=1 fh=4483dabb1a3bd260 vn="Variante von MSIL/NewPlayer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Oli\AppData\Local\Microsoft\Windows\INetCache\IE\AVOR2Z9L\MagnoPlayerSetup[1].exe"

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
G DATA INTERNET SECURITY   
Windows Defender           
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 G Data InternetSecurity Firewall GDFwSvcx64.exe 
 G Data InternetSecurity Firewall GDFirewallTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Oli (administrator) on OLIVER on 17-02-2015 22:39:26
Running from C:\Users\Oli\Downloads
Loaded Profiles: Oli (Available profiles: Oli)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Oli\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492248 2012-12-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [263128 2013-03-05] (CyberLink Corp.)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-4185052740-853389588-2360426906-1001\...\Run: [Facebook Update] => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-03] (Facebook Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4185052740-853389588-2360426906-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\2fvdcoyl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4185052740-853389588-2360426906-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Oli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-10-14] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3228136 2014-08-21] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [160256 2013-01-19] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-15] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1342848 2012-12-03] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-12-10] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-12-10] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-12-10] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-12-10] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2014-12-10] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-22] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-12-10] (G Data Software AG)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 22:03 - 2015-02-17 22:03 - 00000909 _____ () C:\Users\Oli\Desktop\eset.txt
2015-02-17 20:33 - 2015-02-17 20:33 - 00852594 _____ () C:\Users\Oli\Desktop\SecurityCheck.exe
2015-02-17 20:30 - 2015-02-17 20:30 - 02347384 _____ (ESET) C:\Users\Oli\Downloads\esetsmartinstaller_deu.exe
2015-02-16 21:53 - 2015-02-16 21:53 - 00001479 _____ () C:\Users\Oli\Desktop\JRT.txt
2015-02-16 21:49 - 2015-02-16 21:49 - 01388274 _____ (Thisisu) C:\Users\Oli\Downloads\JRT.exe
2015-02-16 21:48 - 2015-02-16 21:48 - 00003715 _____ () C:\Users\Oli\Desktop\AdwCleaner[S0].txt
2015-02-16 21:43 - 2015-02-16 21:45 - 00000000 ____D () C:\AdwCleaner
2015-02-16 21:42 - 2015-02-16 21:42 - 02112512 _____ () C:\Users\Oli\Downloads\AdwCleaner_4.110.exe
2015-02-16 21:41 - 2015-02-16 21:41 - 00042671 _____ () C:\Users\Oli\Desktop\mbam.txt
2015-02-16 21:09 - 2015-02-16 21:39 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-16 21:09 - 2015-02-16 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-16 21:09 - 2015-02-16 21:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-16 21:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-16 21:09 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-16 21:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-16 21:06 - 2015-02-16 21:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Oli\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-16 21:02 - 2015-02-16 21:02 - 00001284 _____ () C:\Users\Oli\Desktop\Revo Uninstaller.lnk
2015-02-16 21:02 - 2015-02-16 21:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-16 21:01 - 2015-02-16 21:02 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oli\Downloads\revosetup95.exe
2015-02-15 20:12 - 2015-02-17 22:39 - 00012946 _____ () C:\Users\Oli\Downloads\FRST.txt
2015-02-15 20:11 - 2015-02-17 22:39 - 00000000 ____D () C:\FRST
2015-02-15 20:10 - 2015-02-15 20:10 - 02085888 _____ (Farbar) C:\Users\Oli\Downloads\FRST64.exe
2015-02-15 20:08 - 2015-02-15 20:08 - 01125888 _____ (Farbar) C:\Users\Oli\Downloads\FRST.exe
2015-02-15 16:15 - 2015-02-16 21:34 - 00000000 ____D () C:\Users\Oli\AppData\Local\com
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieUserList
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieSiteList
2015-02-15 16:15 - 2015-02-15 16:15 - 00000000 __SHD () C:\Users\Oli\AppData\Local\EmieBrowserModeList
2015-02-15 16:14 - 2015-02-15 16:14 - 00002552 _____ () C:\WINDOWS\System32\Tasks\PC-Mechanic Subscription
2015-02-15 16:13 - 2015-02-17 20:28 - 00000288 _____ () C:\WINDOWS\Tasks\PC-Mechanic Subscription.job
2015-02-11 21:07 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 21:07 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 21:07 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 21:07 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 19:26 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 19:26 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 19:26 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 19:26 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 19:26 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 19:26 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 19:26 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 19:26 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 19:26 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 19:26 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 19:26 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 19:26 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 19:26 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 19:26 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 19:26 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 19:26 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 19:26 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 19:26 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 19:26 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 19:26 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 19:26 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 19:26 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 19:26 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 19:26 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 19:26 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 19:26 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 19:25 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 19:25 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 19:25 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 19:25 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 19:25 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 19:25 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 19:25 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 19:25 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 19:25 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 19:25 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 19:25 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 19:25 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 19:25 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 19:25 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 19:25 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 19:25 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 19:25 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 19:25 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 19:25 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 19:25 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 19:25 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 19:25 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 19:25 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 19:25 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 19:25 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 19:25 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 19:25 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 19:25 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 19:25 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 19:25 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 19:25 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 19:25 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 19:25 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 19:25 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 19:25 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 19:25 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 19:25 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-05 19:32 - 2015-02-05 19:32 - 05070512 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-01-26 20:30 - 2015-01-26 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-17 22:32 - 2013-09-11 21:01 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-17 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-17 21:46 - 2014-11-15 21:23 - 01842060 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-17 20:57 - 2014-03-03 17:52 - 00000934 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA.job
2015-02-17 20:33 - 2013-09-11 19:27 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4185052740-853389588-2360426906-1001
2015-02-17 20:31 - 2014-12-30 00:50 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C4436E3-A3B0-48A9-889E-003EB6A0E604}
2015-02-17 20:31 - 2014-09-24 07:17 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-17 20:31 - 2014-09-24 06:43 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-17 20:31 - 2014-09-24 06:43 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-17 20:29 - 2013-09-11 19:14 - 00000000 ____D () C:\Users\Oli\Documents\Youcam
2015-02-16 21:46 - 2013-08-22 15:46 - 00291361 _____ () C:\WINDOWS\setupact.log
2015-02-16 21:46 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-16 21:45 - 2014-11-16 11:15 - 00001007 _____ () C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-16 21:45 - 2014-09-23 22:06 - 00074992 _____ () C:\WINDOWS\PFRO.log
2015-02-16 21:45 - 2013-09-11 19:26 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-16 21:45 - 2013-09-11 19:26 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-16 21:45 - 2013-06-13 14:28 - 00001114 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
2015-02-16 21:45 - 2013-06-10 07:49 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
2015-02-16 21:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System
2015-02-16 21:35 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-16 15:08 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-16 15:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-15 19:26 - 2013-08-22 15:44 - 00347808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-15 16:10 - 2013-09-19 15:36 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-15 16:05 - 2013-06-04 13:30 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-15 15:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-05 19:32 - 2013-09-11 21:01 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-03 20:31 - 2014-12-12 23:25 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-12 23:25 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 19:55 - 2014-11-15 20:59 - 00000000 ____D () C:\Users\Oli
2015-01-27 20:52 - 2013-09-11 19:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-18 17:57 - 2014-03-03 17:52 - 00000912 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core.job

==================== Files in the root of some directories =======

2013-06-10 07:14 - 2013-06-10 07:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-06-06 12:18 - 2013-06-06 12:18 - 0000104 _____ () C:\ProgramData\{01FB4998-33C4-4431-85ED-079E3EEFE75D}.log
2013-06-06 12:18 - 2013-06-06 12:19 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-06-06 12:12 - 2013-06-06 12:13 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-06-06 12:17 - 2013-06-06 12:17 - 0000111 _____ () C:\ProgramData\{39337565-330E-4ab6-A9AE-AC81E0720B10}.log
2013-06-06 12:10 - 2013-06-06 12:10 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-06-06 12:14 - 2013-06-06 12:14 - 0000032 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-06-06 12:19 - 2013-06-06 12:19 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
2013-06-06 12:14 - 2013-06-06 12:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2013-06-06 12:10 - 2013-06-06 12:12 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
2013-06-06 12:13 - 2013-06-06 12:13 - 0000110 _____ () C:\ProgramData\{E3D04529-6EDB-11D8-A372-0050BAE317E1}.log

Some content of TEMP:
====================
C:\Users\Oli\AppData\Local\Temp\Quarantine.exe
C:\Users\Oli\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 16:02

==================== End Of Log ============================

--- --- ---

[/CODE]

FRST-Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Oli at 2015-02-17 22:40:14
Running from C:\Users\Oli\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Disabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Disabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
CyberLink PowerDirector (Version: 9.0.0.5129 - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
G DATA INTERNET SECURITY (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.2.3 - G DATA Software AG)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Medion Home Cinema 10 (x32 Version: 10.2419 - CyberLink Corp.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0084 - Pegatron Corporation)
PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6728 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4185052740-853389588-2360426906-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points  =========================

12-01-2015 22:28:58 Geplanter Prüfpunkt
16-01-2015 12:17:37 Windows Update
28-01-2015 20:57:11 Windows Update
06-02-2015 19:37:50 Windows Update
15-02-2015 16:02:45 Windows Update
16-02-2015 21:03:54 Revo Uninstaller's restore point - istartsurf uninstall

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {11431DDE-8E11-4C28-9CF5-12269FBC2EDE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {408BF3B8-D55F-42B0-BBA6-73033498A106} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {7C500948-6CE2-4DAB-AA50-542653AF54D6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {85D58CF8-7AC5-48FE-83F2-DCDF4B163CAD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-03] (Facebook Inc.)
Task: {AFBBEE74-87F6-44E7-9838-92DD4542EEEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {B24446B7-072A-4FE8-B18A-4774C9A3112A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-15] (Microsoft Corporation)
Task: {B299174A-8258-4948-B627-65B759858F78} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001Core.job => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4185052740-853389588-2360426906-1001UA.job => C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\PC-Mechanic Subscription.job => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe

==================== Loaded Modules (whitelisted) ==============

2013-06-13 14:24 - 2013-01-19 02:33 - 00160256 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-06-06 12:14 - 2010-08-19 10:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-05-20 02:38 - 2014-05-20 02:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-06-13 14:24 - 2013-02-05 12:52 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2013-06-13 14:24 - 2010-12-17 14:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2013-06-13 14:24 - 2012-10-23 18:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2013-06-13 14:24 - 2013-02-05 12:50 - 08851968 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2015-02-17 20:33 - 2015-02-17 20:33 - 00852594 _____ () C:\Users\Oli\Desktop\SecurityCheck.exe
2014-12-08 20:10 - 2014-12-08 20:10 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\63948598d919af60addb114fdd3ccb56\PSIClient.ni.dll
2013-06-10 06:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-06-13 14:24 - 2009-12-18 15:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2013-06-13 14:24 - 2009-12-18 15:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-06-06 12:12 - 2013-03-05 04:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-26 20:30 - 2015-01-26 20:30 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4185052740-853389588-2360426906-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4185052740-853389588-2360426906-500 - Administrator - Disabled)
Gast (S-1-5-21-4185052740-853389588-2360426906-501 - Limited - Disabled)
Oli (S-1-5-21-4185052740-853389588-2360426906-1001 - Administrator - Enabled) => C:\Users\Oli

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2015 10:03:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/17/2015 08:34:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/17/2015 08:30:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/17/2015 08:30:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/17/2015 08:30:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (02/17/2015 08:30:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (02/16/2015 10:01:34 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 10:01:04 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 10:00:34 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 10:00:04 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:59:34 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:59:04 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:58:34 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:58:04 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:57:34 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (02/16/2015 09:57:04 PM) (Source: DCOM) (EventID: 10010) (User: Oliver)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (02/17/2015 10:03:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (02/17/2015 08:34:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Oli\Downloads\esetsmartinstaller_deu.exe

Error: (02/17/2015 08:30:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Oli\Downloads\esetsmartinstaller_deu.exe

Error: (02/17/2015 08:30:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Oli\Downloads\esetsmartinstaller_deu.exe

Error: (02/17/2015 08:30:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Oli\Downloads\esetsmartinstaller_deu.exe

Error: (02/17/2015 08:30:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Oli\Downloads\esetsmartinstaller_deu.exe


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 41%
Total physical RAM: 3977.09 MB
Available physical RAM: 2325.44 MB
Total Pagefile: 4745.09 MB
Available Pagefile: 2621.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:403.61 GB) (Free:368.12 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:42.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5F378A69)

Partition: GPT Partition Type.

==================== End Of Log ============================

Wie sieht es aus?

schrauber · 18.02.2015, 10:52

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Bi_Fi · 18.02.2015, 14:26

Bin ich jetzt wirklich fertig und kann sicher sein, dass mein System viren bzw. trojanerfrei ist? Der Eset Online Scanner hat ja beim letzten Durchgang (den ich auch hier gepostet habe) einen Fund gemacht, der meines Wissens nach nicht bereinigt wurde. Oder?!

Außerdem sind in der GDATA Qurantäne noch die 5 infizierten Dateien. Soll ich diese löschen oder desinfizieren?

schrauber · 18.02.2015, 19:35

Der Fund von ESET ist in den Temps, wird mit TFC bereinigt. GDATA Quarantäne kannste löschen

18.02.2015, 19:35	#8
schrauber /// the machine /// TB-Ausbilder	5 Viren beim Scan gefunden Der Fund von ESET ist in den Temps, wird mit TFC bereinigt. GDATA Quarantäne kannste löschen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

5 Viren beim Scan gefunden

Log-Analyse und Auswertung: 5 Viren beim Scan gefunden