| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Programm addet Ad ons im Internet.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.07.2015, 20:17
| #1 |
 |  Programm addet Ad ons im Internet. Hallo, ich habe mir ein Programm gedownloadet was bei mir in FireFox oder Chrome immer Add Ons hinzufügt, wo ich was kaufen soll. Die Add Ons heißen: shopshop saleshop...... Ich lösche diese Add Ons immer, jedoch nervt das echt. Manchmal insterllieren sich auch Programme auf meinem PC zum Shoppen. Was kann ich machen? Weiß leider nicht durch welches Programm das ausgelöst wurde. Kann mir wer helfen? Mit freundlichen grüßen Tim |
|
16.07.2015, 20:28
| #2 |
| /// Malwareteam  | Programm addet Ad ons im Internet. Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld  Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
17.07.2015, 22:51
| #3 | |
| | Programm addet Ad ons im Internet. #
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by pc (administrator) on PCTIM on 17-07-2015 12:42:44
Running from C:\Users\pc\Downloads
Loaded Profiles: pc (Available Profiles: pc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Windows\DAODx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
() C:\Program Files (x86)\Cynical Skirt\Cynical Skirt.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Run: [GoogleChromeAutoLaunch_17E89F440D584F67E92EAD2E51C3A3A4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\MountPoints2: {4bb7a0c7-8830-11e3-a854-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\MountPoints2: {aebe6fa6-006e-11e4-94e8-bcee7be1693e} - E:\Startme.exe
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\MountPoints2: {b41a8e9d-882d-11e3-bb35-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-05-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1688644683&ir=
SearchScopes: HKU\S-1-5-21-3485836003-3145142773-2739612057-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3485836003-3145142773-2739612057-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3485836003-3145142773-2739612057-1000 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1688644683&ir=
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-10] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{55CD620D-9468-4F24-822D-C6D23E7C87F2}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default
FF SearchEngineOrder.1: Mysearchdial
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-03-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3485836003-3145142773-2739612057-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js [2014-02-05]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\conduit-search.xml [2014-02-26]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\google-images.xml [2014-10-09]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\google-maps.xml [2014-10-09]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\Mysearchdial.xml [2014-02-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml [2014-02-17]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2014-11-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2014-11-16]
FF HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FastAccess Face Recognition Web Login) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn [2015-07-17]
CHR Extension: (FREE MP3 Search) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl [2015-07-15]
CHR Extension: (Bookmark Manager) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-07-13]
CHR Extension: (Checker Plus for Calendar) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2015-06-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-13]
CHR Extension: (Google Wallet) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-13]
CHR Extension: (Palette for Chrome) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2015-07-16]
CHR HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\pc\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 7baa6e25; c:\Program Files (x86)\SystemHero\SystemHero.dll [1601536 2015-03-06] () [File not signed]
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-02] (Adobe Systems) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
R2 Cynical Skirt; C:\Program Files (x86)\Cynical Skirt\Cynical Skirt.exe [8016406 2015-07-05] () [File not signed] <==== ATTENTION
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-23] (EasyAntiCheat Ltd)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 12:42 - 2015-07-17 12:43 - 00018812 _____ C:\Users\pc\Downloads\FRST.txt
2015-07-17 12:42 - 2015-07-17 12:42 - 02133504 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2015-07-17 12:42 - 2015-07-17 12:42 - 00000000 ____D C:\FRST
2015-07-17 11:57 - 2015-07-17 11:58 - 00000000 ____D C:\Program Files (x86)\lowratte
2015-07-17 11:56 - 2015-07-17 11:57 - 00000000 ____D C:\ProgramData\ianhljopggcgmjmieoihffonjobpicne
2015-07-16 20:57 - 2015-07-16 20:58 - 00000000 ____D C:\Program Files (x86)\offferSooftt
2015-07-16 20:57 - 2015-07-16 20:57 - 00000000 ____D C:\Program Files (x86)\Palette for Chrome
2015-07-16 20:56 - 2015-07-16 20:57 - 00000000 ____D C:\Program Files (x86)\offerseoft
2015-07-16 20:56 - 2015-07-16 20:56 - 00000000 ____D C:\Program Files (x86)\offfersoftt
2015-07-16 13:01 - 2015-07-16 13:01 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-16 13:00 - 2015-07-16 13:00 - 00002069 _____ C:\Windows\DirectX.log
2015-07-16 12:36 - 2015-07-16 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-16 12:36 - 2015-07-16 12:36 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-15 14:27 - 2015-07-15 14:27 - 00003250 _____ C:\Windows\System32\Tasks\{3BC97F96-7259-48E0-B93E-7F77ECBD1159}
2015-07-15 10:23 - 2015-07-17 12:27 - 00000000 ____D C:\Program Files (x86)\saileprizeS
2015-07-15 10:23 - 2015-07-15 10:23 - 00000000 ____D C:\Program Files (x86)\salepriizes
2015-07-15 10:22 - 2015-07-15 10:22 - 00000000 ____D C:\Program Files (x86)\FREE MP3 Search
2015-07-13 22:14 - 2015-07-13 22:14 - 00931408 _____ (Google Inc.) C:\Users\pc\Downloads\ChromeSetup.exe
2015-07-08 11:57 - 2015-07-08 11:57 - 00002113 _____ C:\Users\pc\AppData\Local\recently-used.xbel
2015-07-08 11:50 - 2015-07-08 12:22 - 00000000 ____D C:\Users\pc\Desktop\Unbenannt
2015-07-08 11:42 - 2015-07-08 11:47 - 00000000 ____D C:\Users\pc\Desktop\Bewerbung für die Pixelcrew von GommeHD
2015-07-05 23:10 - 2015-07-05 23:11 - 62188293 _____ C:\Users\pc\Downloads\LionFoxGamings Awesome World Download.rar
2015-07-05 20:17 - 2015-07-05 20:19 - 00000023 _____ C:\Users\pc\Desktop\PRemium Rewi 50%.txt
2015-07-05 17:36 - 2015-07-05 17:36 - 00000000 ____D C:\Program Files (x86)\Cynical Skirt
2015-07-05 15:20 - 2015-07-05 15:20 - 00001205 _____ C:\Users\pc\Desktop\Uplay.lnk
2015-07-05 15:20 - 2015-07-05 15:20 - 00000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-07-05 15:19 - 2015-07-05 15:19 - 61778376 _____ (Ubisoft) C:\Users\pc\Downloads\UplayInstaller.exe
2015-07-05 14:49 - 2015-07-05 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 13:54 - 2015-07-05 13:54 - 00001268 _____ C:\Users\pc\Desktop\Revo Uninstaller.lnk
2015-07-05 13:54 - 2015-07-05 13:54 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-05 13:53 - 2015-07-05 13:53 - 01198368 _____ C:\Users\pc\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-07-05 09:26 - 2015-07-07 13:45 - 00000000 ____D C:\Program Files (x86)\browsueandshOp
2015-07-05 09:26 - 2015-07-07 13:45 - 00000000 ____D C:\Program Files (x86)\browseianndshoup
2015-07-05 09:25 - 2015-07-05 09:25 - 00000000 ____D C:\Program Files (x86)\UserAgent Switcher
2015-06-26 21:01 - 2015-07-01 10:27 - 00000000 ____D C:\Program Files (x86)\duoleLarrssaveaR
2015-06-26 21:01 - 2015-07-01 10:27 - 00000000 ____D C:\Program Files (x86)\dolllarisavEr
2015-06-26 21:01 - 2015-06-26 21:01 - 00000000 ____D C:\Program Files (x86)\Checker Plus for Calendar
2015-06-22 20:16 - 2015-06-28 18:00 - 00091110 _____ C:\Users\pc\Desktop\2015.mcf
2015-06-22 20:16 - 2015-06-28 17:59 - 00091110 _____ C:\Users\pc\Desktop\2015.mcf~
2015-06-22 20:16 - 2015-06-28 17:58 - 00000000 ____D C:\Users\pc\Desktop\2015_mcf-Dateien
2015-06-20 18:39 - 2015-06-22 19:35 - 00179368 _____ C:\Users\pc\Desktop\Holland 2015.mcf
2015-06-20 18:39 - 2015-06-22 19:33 - 00179368 _____ C:\Users\pc\Desktop\Holland 2015.mcf~
2015-06-20 18:39 - 2015-06-21 12:58 - 00000000 ____D C:\Users\pc\Desktop\Holland 2015_mcf-Dateien
2015-06-18 20:38 - 2015-06-18 20:38 - 00000000 _____ C:\Users\pc\AppData\Local\Temp.dat
2015-06-18 20:22 - 2015-06-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2015-06-18 20:22 - 2015-06-18 20:22 - 00000000 ____D C:\Program Files (x86)\Windows Phone
2015-06-18 20:22 - 2015-06-18 20:22 - 00000000 ____D C:\Program Files (x86)\Cookie Inspector
2015-06-18 20:21 - 2015-06-26 21:01 - 00000000 ____D C:\Program Files (x86)\NitRodeal
2015-06-18 20:21 - 2015-06-18 20:21 - 00000000 ____D C:\ProgramData\Applications
2015-06-18 20:20 - 2015-06-18 20:21 - 06745792 _____ (Microsoft Corporation) C:\Users\pc\Downloads\WindowsPhone.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-17 12:39 - 2014-01-28 17:12 - 01498692 _____ C:\Windows\WindowsUpdate.log
2015-07-17 12:38 - 2015-05-04 15:28 - 00016597 _____ C:\Windows\setupact.log
2015-07-17 12:37 - 2014-02-26 18:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-17 12:10 - 2009-07-14 06:45 - 00028896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-17 12:10 - 2009-07-14 06:45 - 00028896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-17 11:56 - 2014-02-01 13:59 - 00000000 ____D C:\Users\pc\AppData\Roaming\Skype
2015-07-17 11:55 - 2015-05-22 19:43 - 00000024 _____ C:\Users\pc\AppData\Roaming\appdataFr25.bin
2015-07-17 11:55 - 2014-02-02 20:00 - 00000000 ____D C:\Users\pc\AppData\Local\LogMeIn Hamachi
2015-07-17 11:54 - 2014-01-29 11:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-17 11:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-16 20:57 - 2015-01-30 14:19 - 00000000 ____D C:\ProgramData\2523951425153401572
2015-07-16 20:57 - 2014-02-05 21:23 - 00000000 ____D C:\Users\pc\AppData\Roaming\TS3Client
2015-07-16 20:56 - 2015-05-05 16:41 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-07-16 20:56 - 2014-02-13 22:09 - 00000000 ____D C:\Users\pc\AppData\Local\CrashDumps
2015-07-16 15:59 - 2015-02-14 19:04 - 00000000 ____D C:\Users\pc\AppData\Roaming\.minecraft
2015-07-16 15:52 - 2014-06-29 09:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-16 13:01 - 2014-09-26 15:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-16 13:01 - 2014-03-09 12:40 - 00000000 ____D C:\Users\pc\Documents\My Games
2015-07-16 13:01 - 2014-01-29 11:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-15 22:22 - 2014-01-28 17:12 - 00000000 ____D C:\Users\pc\AppData\Local\VirtualStore
2015-07-15 10:37 - 2014-02-26 18:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 10:37 - 2014-02-01 14:52 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 10:37 - 2014-02-01 14:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 10:22 - 2014-04-20 19:06 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 18:59 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-07-14 18:59 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-07-14 18:59 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 18:41 - 2014-10-18 17:33 - 00000000 ____D C:\Users\pc\Desktop\Mama
2015-07-14 14:19 - 2014-12-25 10:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 11:44 - 2014-02-02 20:00 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-10 11:05 - 2014-10-11 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-10 11:05 - 2014-02-01 13:59 - 00000000 ____D C:\ProgramData\Skype
2015-07-09 11:04 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-08 11:57 - 2014-04-27 12:47 - 00000000 ____D C:\Users\pc\AppData\Local\gtk-2.0
2015-07-08 11:57 - 2014-03-06 22:08 - 00000000 ____D C:\Users\pc\.gimp-2.8
2015-07-08 11:39 - 2014-07-31 16:22 - 00000000 ____D C:\Users\pc\AppData\Roaming\Audacity
2015-07-08 11:08 - 2014-02-04 21:53 - 00004608 _____ C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-06 22:40 - 2015-03-30 21:18 - 00000098 _____ C:\Users\pc\AppData\Roaming\LauncherSettings_live.cfg
2015-07-06 15:37 - 2014-11-02 10:24 - 00000000 ____D C:\Users\pc\Desktop\Geburtstag Infos
2015-07-05 21:31 - 2014-02-03 20:15 - 00000000 ____D C:\Users\pc\Documents\Settlers7
2015-07-05 15:55 - 2015-05-07 20:41 - 00012134 _____ C:\Windows\PFRO.log
2015-07-05 15:55 - 2014-01-28 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 15:45 - 2014-02-02 16:38 - 00000000 ____D C:\Users\pc\AppData\Local\Ubisoft Game Launcher
2015-07-05 15:20 - 2014-02-02 16:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-28 18:19 - 2015-03-16 19:22 - 00000457 _____ C:\Users\pc\Desktop\Twitch Chat Commands.txt
2015-06-28 18:00 - 2014-07-09 18:59 - 00000000 ____D C:\ProgramData\tmp
2015-06-26 21:01 - 2015-04-15 16:37 - 00000000 ____D C:\Program Files (x86)\quiCCkShaoPP
2015-06-26 12:53 - 2015-03-10 17:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 20:21 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-20 21:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2015-05-05 16:41 - 2015-07-16 20:56 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-05-22 19:43 - 2015-07-17 11:55 - 0000024 _____ () C:\Users\pc\AppData\Roaming\appdataFr25.bin
2015-01-29 21:33 - 2015-05-14 10:30 - 0000020 _____ () C:\Users\pc\AppData\Roaming\appdataFr3.bin
2014-08-03 10:59 - 2014-08-03 10:59 - 0000072 _____ () C:\Users\pc\AppData\Roaming\Camdata.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamLayout.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamShapes.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0004534 _____ () C:\Users\pc\AppData\Roaming\CamStudio.cfg
2015-03-30 21:18 - 2015-07-06 22:40 - 0000098 _____ () C:\Users\pc\AppData\Roaming\LauncherSettings_live.cfg
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\pc\AppData\Roaming\RWSQJ
2015-03-30 20:45 - 2015-03-30 20:45 - 0000039 _____ () C:\Users\pc\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-08-03 10:53 - 2014-08-03 10:53 - 0000096 _____ () C:\Users\pc\AppData\Roaming\version2.xml
2014-02-05 16:36 - 2015-04-15 16:37 - 0000161 _____ () C:\Users\pc\AppData\Roaming\WB.CFG
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\pc\AppData\Roaming\ZCH
2014-02-04 21:53 - 2015-07-08 11:08 - 0004608 _____ () C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-04 21:35 - 2014-08-18 20:59 - 0000600 _____ () C:\Users\pc\AppData\Local\PUTTY.RND
2015-07-08 11:57 - 2015-07-08 11:57 - 0002113 _____ () C:\Users\pc\AppData\Local\recently-used.xbel
2015-04-15 16:44 - 2015-05-07 18:10 - 0000790 _____ () C:\Users\pc\AppData\Local\Temp-log.txt
2015-06-18 20:38 - 2015-06-18 20:38 - 0000000 _____ () C:\Users\pc\AppData\Local\Temp.dat
2015-01-25 20:15 - 2015-01-25 20:15 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-01-28 17:27 - 2014-01-28 17:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\pc\AppData\Local\Temp\jansi-64-git-Bukkit-0a645a2-3878697496319966715.dll
C:\Users\pc\AppData\Local\Temp\jansi-64-git-Bukkit-0a645a2-4012287262608881018.dll
C:\Users\pc\AppData\Local\Temp\jansi-64-git-Bukkit-0a645a2-6658216992015690346.dll
C:\Users\pc\AppData\Local\Temp\jansi-64-git-Bukkit-0a645a2-786365177759181687.dll
C:\Users\pc\AppData\Local\Temp\SIntf16.dll
C:\Users\pc\AppData\Local\Temp\SIntf32.dll
C:\Users\pc\AppData\Local\Temp\SIntfNT.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 09:31
==================== End of log ============================
#FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by pc at 2015-07-17 12:43:30
Running from C:\Users\pc\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3485836003-3145142773-2739612057-500 - Administrator - Disabled)
Gast (S-1-5-21-3485836003-3145142773-2739612057-501 - Limited - Disabled)
pc (S-1-5-21-3485836003-3145142773-2739612057-1000 - Administrator - Enabled) => C:\Users\pc
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
Asterix & Obelix (HKLM-x32\...\Asterix & Obelix) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Blender (HKLM\...\Blender) (Version: 2.74 - Blender Foundation)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version: - astragon)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CINEMA 4D Demo 16.020 (HKLM\...\MAXON66AAB8D0) (Version: 16.020 - MAXON Computer GmbH) <==== ATTENTION
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Craften Terminal 4.0.2 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.0.2 - Craften.de)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.0.3 - CEWE Stiftung u Co. KGaA)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
foobar2000 v1.3.4 (HKLM-x32\...\foobar2000) (Version: 1.3.4 - Peter Pawlowski)
Fritz und Fertig 2 (HKLM-x32\...\{0DA5CAC0-6790-4C8E-B18A-036C68756688}) (Version: 2.00.0000 - Terzio Verlag)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hanni und Nanni 2 (HKLM-x32\...\{0BA24D68-8C08-11D4-99DD-0050DA44D4BE}) (Version: - )
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
lowratte (HKLM-x32\...\{5A1EDE4C-67FF-6CB4-C08E-A23CAB1557D4}) (Version: - ) <==== ATTENTION
Lucky Luke (HKLM-x32\...\Lucky Luke) (Version: - )
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
MatchWare Mediator 8.0 Exp (Demo) (HKLM-x32\...\{57AAF9B3-42DA-4DCE-B14A-2465AED597B6}) (Version: 8.0.142 - MatchWare A/S)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - DEU) (Version: - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MoonTools Version 1.7 (HKLM-x32\...\{61946000-8054-4452-B5F9-719D35D899D8}_is1) (Version: 1.7 - DotExE)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Navy Field 2 : Conqueror of the Ocean (HKLM-x32\...\Steam App 338540) (Version: - SDEnterNet)
NBTExplorer (HKLM-x32\...\{06107EDA-5B85-4CEC-AB1E-8350DEC15231}) (Version: 2.7.4.0 - Justin Aquadro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
offferSooftt (HKLM-x32\...\{B43ADAE2-EB7C-9E3F-2EE9-6D55C686D263}) (Version: - "") <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
SaveSense (HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\SaveSense) (Version: 6.4.0.0 - SaveSense) <==== ATTENTION
Schatti's AudioMixer (HKLM-x32\...\Schatti's AudioMixer) (Version: - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.235 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.235 - Sony)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{8DB5B8FE-3F8A-4D9F-911C-F85473400859}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
SystemHero (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{7baa6e25}) (Version: - Software Publisher) <==== ATTENTION
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds)
Unity Web Player (HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Update for Zip Opener (HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Digital Sites) (Version: - Update for Zip Opener) <==== ATTENTION
Uplay (HKLM-x32\...\Uplay) (Version: 7.1 - Ubisoft)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3485836003-3145142773-2739612057-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
==================== Restore Points =========================
16-07-2015 13:00:06 DirectX wurde installiert
16-07-2015 13:00:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
16-07-2015 13:01:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026E1865-20A2-4815-AD65-3DEFDBD877F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {163458FA-6B59-4368-BA0F-C8947DDB0598} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {3155607E-DB00-49DA-811E-2947DC6A7C9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {423BF832-84F0-47DE-AA93-DE39CAA9AC19} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {6C84AC71-6BB9-4458-8A14-0F8316B66E8B} - System32\Tasks\{1EB0F568-EA6A-43D7-8AE5-4F2D26EB61DF} => pcalua.exe -a "C:\Users\pc\Desktop\White Label Office 3.3 (de) Installation Files\setup.exe" -d "C:\Users\pc\Desktop\White Label Office 3.3 (de) Installation Files"
Task: {8D54170F-CAE7-4D2D-8232-996BC5341D08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {AF85EA1D-3CDA-4562-94E4-4C9CFCCD3552} - System32\Tasks\{3BC97F96-7259-48E0-B93E-7F77ECBD1159} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {BA951126-B592-40E2-9CEE-FA122BDBA598} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {C4A248D9-EAF0-40D5-A9FD-BA94A262C18A} - System32\Tasks\{D845ACB4-B4CA-434F-A113-918D21069CA2} => pcalua.exe -a C:\Users\pc\Downloads\forge-1.7.2-10.12.0.1024-installer-win.exe -d C:\Users\pc\Downloads
Task: {C6F53C29-F2CA-4783-B66D-E9DA7FFA0A4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {C861A842-4538-4181-B4F3-36E99F1FC620} - System32\Tasks\{1AD41F91-E957-4C21-815C-024613BD02A5} => pcalua.exe -a C:\Users\pc\Downloads\32bit_Win7_Win8_Win81_R274.exe -d C:\Users\pc\Downloads
Task: {E06D30CC-7263-43CD-90B3-1E8D2A49DE2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {EBDA463E-B4D2-4F9B-8642-58790DC3A2D2} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-29 11:20 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2015-03-10 17:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-05 17:36 - 2015-07-05 17:36 - 08016406 _____ () C:\Program Files (x86)\Cynical Skirt\Cynical Skirt.exe
2015-03-06 21:15 - 2015-03-06 21:15 - 01601536 _____ () c:\Program Files (x86)\SystemHero\SystemHero.dll
2015-07-17 11:56 - 2015-07-17 11:56 - 00140800 _____ () c:\windows\temp\tmpa_4qxn.dll
2015-07-15 10:37 - 2015-07-15 10:37 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Andy => C:\Program Files\Andy\HandyAndy.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A0A2ABF2-9341-48E2-95EE-2B76EAE16C55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D1C677CB-97FE-4313-8F6C-E96DA5355402}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{447B6895-DFE6-4A60-BC04-117460C62989}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1806CF24-D925-4DCE-AFAA-CA540161242A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D758E107-63E2-4B7B-86F2-292B39AF1CE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{237BDFC6-EABB-42DE-9CD5-E632DD7BDC46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ED919417-07D5-45DD-B832-F758E2D3B7E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5BDB7458-B7DD-414E-B816-242EBEA04A46}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{D03F671D-B27A-4E37-9ADB-B86C5AE735C4}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{CE70BBF4-8A2B-4731-8498-555E2840FFB5}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [TCP Query User{C457388D-30FD-45DD-A135-A4DC5D44FCC1}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{AD03AE26-97F6-4C01-904A-E7A51F927E7C}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{B5738635-A809-49B6-A331-09C09F5C8A39}] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{DA5B725F-1749-4E8A-BEAA-71A06FA0F7DB}] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{4115C631-5EA2-43BE-8363-DD08ECB08EE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{11840643-D959-44B0-ADCA-BD57AF7C05C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60E25702-3D90-432A-BB22-BBC1BF936F63}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0CF3509D-80FC-457B-AE37-C9205B99FF62}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CE5C606E-728C-4316-9A3A-8C2DC4DA9ECA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A99B7A99-4C77-4DA1-BB33-92D4D47057CA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5D2D1498-EC76-425D-A06C-5F930A059742}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{18A37133-E8E3-4F61-8A73-12F0C0C02AFA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{65134A1E-17C7-45D8-BB66-868575924127}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A07D476B-14A8-4FA9-9436-63C38BDA7BF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D3D117F3-3BF5-4817-B651-1DAA37669438}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{BF3865F1-BA5B-4B71-9E58-7DBE135E710B}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{B8B7C638-B66B-44B5-BA6F-3646FC330BBE}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [{9E5A28A6-3223-4FD5-8B05-306F2B921BA6}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [TCP Query User{4FC934DA-1A3B-4194-A850-A1A5FC4719D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{76F71782-3AA5-4B72-B9A6-EDE11B51CA1E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9A94C29D-8993-4D58-8E1C-8A9D6903A523}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{FF324E46-CDF8-4F22-9BFE-F6CC1F130201}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{28F8A758-4B89-491F-96EE-EB0B38B14EBD}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{4F92230C-8BED-49A0-A345-FC67C312A3FC}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{65845C5D-E415-4CB1-82FC-DE5A28D3A4B9}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{907C877D-0366-47DB-8DDE-93412C9E0D1A}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{908E040F-00AD-46ED-A903-7BE3113FAA82}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7B2A1647-321B-4C29-BAC4-983F0770A318}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F84A197A-D83E-45D7-BA19-C61653A48E61}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{1C86E424-6BD6-43C8-A287-889F63711180}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{48AE948B-7613-48CD-8145-1F930C6A16E4}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B6F1AEA6-07DD-4630-AF5D-A9B78B9E9B78}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BE828F24-BFAA-4814-941C-A94B71FF930F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D8F3E232-7796-4D97-9B04-329D0CE531CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{94E38295-6EF2-4914-95AA-600074D04248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0782EC16-3DD5-456E-956D-8B7C4BE6A51A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{2933DE7B-20CF-4AB3-91AD-1BB308F62BEC}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{739FA47A-B5C5-4CC3-94E4-11E4BFC1381F}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{9AE21F61-A3AD-4834-AA82-1125363920AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Navy Field 2 Conqueror of the Ocean\NF2_Launcher.exe
FirewallRules: [{99FCD1C8-BE5C-45A4-A6EF-02EE006D1F7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Navy Field 2 Conqueror of the Ocean\NF2_Launcher.exe
FirewallRules: [TCP Query User{D19BA23E-DCB8-4634-B0FC-AD5B70DD86BE}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [UDP Query User{61C22348-ED5D-4135-A66B-DAB530C6DA3C}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{699D970E-7EF3-45C3-B8F9-D618080BCF18}] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{A2B7D5D5-ED7C-4062-8AC4-1F22C94E9DCB}] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{5DEFBB72-8CD1-4A89-8344-E649B8C7AFC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{0A263BF9-3F7B-4B16-8B5F-FDB4081FF38B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{3ED1FC87-D611-47B9-BE66-CA13C623BA61}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{789880C4-5A61-48CE-8AFF-EA6340304FD4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B30D915D-48D1-4EEF-92E2-FA12CFA52C6E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{65319DD4-5892-4958-9BCA-6CC71FBB2EB6}C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7809C523-5F83-4A8D-8F78-D65902493D96}C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{57BF5B9F-D35A-4D9C-B0AA-8FF7856B6AF2}] => (Block) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{198802A8-C9E8-43A9-9D3A-DF41324B29D5}] => (Block) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D323C2C2-E246-4526-BF5B-FD17387864CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE48BDD9-5566-4091-AFDA-8DDD579CD991}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{2A3138BE-ED26-4E2F-9E00-F6F1AF982F63}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{64E80473-F2AD-496F-8834-421208FFA3FD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{B93E83C7-B486-4943-AE84-DF65DB011611}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{EC4323ED-1D4F-4779-B0B2-96B3993A9074}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{C7C4A745-E676-4D03-AC6B-08C890DDF688}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{728B45B4-CC55-4C8E-8294-AF24BEC7B470}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{7DDA5C42-B381-43AA-8171-63F7BAF5A88A}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{C5AC6890-5A5E-416E-BE4C-C36C867FFABB}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{D1BE6225-2443-4751-853F-CF56ADBB9C2F}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{7F39067A-1ACC-4474-BA6E-DA9B6B2766E8}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{C6DCD9CE-5CFF-44CE-AFA7-D67E55D12ED7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7B82C7D-13B0-40D0-9539-971DCB553CC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{C162A3A2-6C03-4E2E-8ABD-88682A2FBDE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{5E205EEF-979B-4A3E-97FB-1594855B225C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{DE3A4F09-C01D-4734-9253-C0490D0E73AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2015 11:56:30 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/16/2015 08:56:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 39.0.0.5659, Zeitstempel: 0x55934d06
Name des fehlerhaften Moduls: mozalloc.dll, Version: 39.0.0.5659, Zeitstempel: 0x55933a83
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1718
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/16/2015 01:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 15.3.36.0, Zeitstempel: 0x53e4b1e1
Name des fehlerhaften Moduls: NvBackend.exe, Version: 15.3.36.0, Zeitstempel: 0x53e4b1e1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00143c58
ID des fehlerhaften Prozesses: 0x784
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (07/16/2015 12:37:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/15/2015 10:03:41 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/14/2015 07:09:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 8.0.25.18 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: dc
Startzeit: 01d0be1dea353b6e
Endzeit: 137
Anwendungspfad: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
Berichts-ID: 12e08f54-2a4b-11e5-b34b-bcee7be1693e
Error: (07/14/2015 10:38:46 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/13/2015 09:03:32 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/12/2015 12:13:47 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/11/2015 11:54:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 8.0.25.18 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 17c4
Startzeit: 01d0bc241dcf73f9
Endzeit: 59
Anwendungspfad: C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
Berichts-ID: 6535d2b8-2817-11e5-80ba-bcee7be1693e
System errors:
=============
Error: (07/17/2015 11:57:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/16/2015 12:45:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.201.1826.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (07/16/2015 12:45:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/16/2015 12:45:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/16/2015 12:37:08 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/16/2015 12:36:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (07/16/2015 12:36:30 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt
Feature: %%886
Fehlercode: 0x80070005
Fehlerbeschreibung: Zugriff verweigert
Grund: %%892
Error: (07/15/2015 11:07:25 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (07/15/2015 09:47:28 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (07/15/2015 11:12:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.201.1698.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.8.0204.00
Quellpfad: 4.8.0204.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Microsoft Office:
=========================
Error: (07/17/2015 11:56:30 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/16/2015 08:56:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa1171801d0bff5acfb831dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6886a5e5-2bec-11e5-91ef-bcee7be1693e
Error: (07/16/2015 01:13:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe15.3.36.053e4b1e1NvBackend.exe15.3.36.053e4b1e1c000000500143c5878401d0bfb33333ec84C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exea66cd65c-2bab-11e5-91ef-bcee7be1693e
Error: (07/16/2015 12:37:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/15/2015 10:03:41 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/14/2015 07:09:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe8.0.25.18dc01d0be1dea353b6e137C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe12e08f54-2a4b-11e5-b34b-bcee7be1693e
Error: (07/14/2015 10:38:46 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/13/2015 09:03:32 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/12/2015 12:13:47 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/11/2015 11:54:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe8.0.25.1817c401d0bc241dcf73f959C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe6535d2b8-2817-11e5-80ba-bcee7be1693e
CodeIntegrity Errors:
===================================
Date: 2014-09-06 10:16:34.856
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\pc\AppData\Local\Temp\io02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-06 10:16:34.801
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\pc\AppData\Local\Temp\io02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-4130 Quad-Core Processor
Percentage of memory in use: 35%
Total physical RAM: 8088.62 MB
Available physical RAM: 5250.89 MB
Total Virtual: 16175.44 MB
Available Virtual: 12781.7 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:270.9 GB) NTFS
Drive d: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B36402F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- --- Zitat:
|
|
18.07.2015, 06:38
| #4 |
| /// Malwareteam | Programm addet Ad ons im Internet. Hi, Schritt # 1: Programme deinstallieren Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Schritt # 2: MBAM Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt # 3: AdwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt # 4: JRT Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt # 5: FRST Bitte noch ein FRST-Log erstellen. Schritt # 6: Bitte Posten
|
|
18.07.2015, 20:58
| #5 |
| | Programm addet Ad ons im Internet. # Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.07.2015 Suchlauf-Zeit: 20:10:54 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.07.18.03 Rootkit Datenbank: v2015.07.17.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: pc Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 372166 Verstrichene Zeit: 28 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 191 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, In Quarantäne, [a992b62d3e4c7cba80f6437b17eb17e9], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, In Quarantäne, [a992b62d3e4c7cba80f6437b17eb17e9], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, In Quarantäne, [a992b62d3e4c7cba80f6437b17eb17e9], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialdskBnd.1, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\esrv.mysearchdialESrvc.1, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialHlpr.1, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, In Quarantäne, [23185f84fc8e0432cc105f5f956d0df3], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [ff3c845fbfcb0a2c3c755e28b74b33cd], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [ec4ff8eb751594a2c8ea6a1c47bb649c], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [ec4ff8eb751594a2c8ea6a1c47bb649c], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, In Quarantäne, [83b8db08f694d85ed05d8b3310f239c7], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{6ddd4fb0-e8c0-4f0d-819e-9c6c1f3f7118}, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.10, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.10, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.P6ddd4fb0_e8c0_4f0d_819e_9c6c1f3f7118_.10, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{829DD016-D322-481B-8BA3-10064B09EAC4}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{000D728C-5A98-4DF8-9609-302148194089}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5A861E45-FF8D-49CE-8CD7-D3F761D28BFC}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CCDCACEF-0CE2-411B-83F2-DA7AB3AD72D2}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D17B81E5-49F5-4B9C-8498-B23C068DFA80}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{000D728C-5A98-4DF8-9609-302148194089}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5A861E45-FF8D-49CE-8CD7-D3F761D28BFC}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CCDCACEF-0CE2-411B-83F2-DA7AB3AD72D2}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D17B81E5-49F5-4B9C-8498-B23C068DFA80}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{000D728C-5A98-4DF8-9609-302148194089}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5A861E45-FF8D-49CE-8CD7-D3F761D28BFC}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CCDCACEF-0CE2-411B-83F2-DA7AB3AD72D2}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D17B81E5-49F5-4B9C-8498-B23C068DFA80}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{829DD016-D322-481B-8BA3-10064B09EAC4}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{829DD016-D322-481B-8BA3-10064B09EAC4}, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A220BAB5-C335-48BA-8A01-309FDA37446F}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A220BAB5-C335-48BA-8A01-309FDA37446F}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A220BAB5-C335-48BA-8A01-309FDA37446F}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A1965763-A486-4E1E-B574-19E44B3842E8}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9CABED0D-99E4-457C-A192-D528B389F53C}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CED50656-D422-418C-8A20-A0F455842FA5}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9CABED0D-99E4-457C-A192-D528B389F53C}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CED50656-D422-418C-8A20-A0F455842FA5}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9CABED0D-99E4-457C-A192-D528B389F53C}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{CED50656-D422-418C-8A20-A0F455842FA5}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A1965763-A486-4E1E-B574-19E44B3842E8}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A1965763-A486-4E1E-B574-19E44B3842E8}, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{230332DF-D235-47EE-BC42-60860EF144CD}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7D7DC692-982E-45B7-A6BF-17FCC4116652}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8F9CF0DE-24F7-4C18-907F-B4040F311E63}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B022C8F0-0147-458C-BEC6-708E525402ED}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7D7DC692-982E-45B7-A6BF-17FCC4116652}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8F9CF0DE-24F7-4C18-907F-B4040F311E63}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B022C8F0-0147-458C-BEC6-708E525402ED}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{7D7DC692-982E-45B7-A6BF-17FCC4116652}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{8F9CF0DE-24F7-4C18-907F-B4040F311E63}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{B022C8F0-0147-458C-BEC6-708E525402ED}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{230332DF-D235-47EE-BC42-60860EF144CD}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{230332DF-D235-47EE-BC42-60860EF144CD}, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5AE5A3D4-7E07-4B59-98BB-A01928B88F24}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{614B7466-CE8E-49BA-9F26-C1DF872C886D}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6AB41B4A-D344-4B9D-B847-43DA8433A73B}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9F9C0E22-39B1-4C6D-BE79-B9CCA26E067F}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{318C7F13-3498-459E-BF35-12865E6D005C}, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{138E44EF-8988-4DC7-8F48-FBC4FCEF83D1}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BB50CC62-09E1-4DD9-912C-F1DA4D6D71D8}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E481A870-86C7-44E1-97DF-E759FC147CBE}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FE332809-93C1-48DF-929F-AEC0BC4BFCFE}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{41F978F3-431A-4464-A789-5C0692D562FB}, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [e358f7eca5e544f21443385bf113718f], PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\InstallCore, In Quarantäne, [76c541a2e5a5aa8c88a050e055ae26da], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [50eb29babccee84e2d2a5b3849bb6a96], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\DSiteProducts, In Quarantäne, [c17a1fc4781265d116a3473c020215eb], PUP.Optional.InstallCore.C, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\InstallCore, In Quarantäne, [58e39350088276c087c10f86c440b749], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\mysearchdial, In Quarantäne, [f14a6d768901ec4ad2f9bba7ac5802fe], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\mysearchdial.com, In Quarantäne, [b2895093fa9079bdcb01dd85ce36bd43], PUP.Optional.SaveSense.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\SaveSense, In Quarantäne, [102bcb185d2d0e284312f67a1ce88f71], PUP.Optional.SaveSense.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\SaveSenseLive, In Quarantäne, [b8834a99f991da5c9cba6010fb098b75], PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\WeDlMngr, In Quarantäne, [d3680ad98901cd69a304f13dab58cc34], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore.1, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialappCore, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialappCore, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialappCore.1, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\mysearchdial.mysearchdialappCore.1, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\m, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\m, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\m, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.SaveSense, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SaveSense, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], Registrierungswerte: 12 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu tBtAtDtC1N1R&cr=1688644683&ir=, In Quarantäne, [300b5e852862092d12205eaca261e61a] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|TopResultURLFallback, hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu tBtAtDtC1N1R&cr=1688644683&ir=, In Quarantäne, [ba81e6fd2d5d88aea29015f559aa3cc4] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, In Quarantäne, [d863ce15ccbe9c9a52e0f91181821be5] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Mysearchdial, In Quarantäne, [94a73fa40d7d58de9d952ddd3bc801ff] PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|DisplayName, Mysearchdial, In Quarantäne, [f64538ab7713f54172c0ca400300ba46] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [e358f7eca5e544f21443385bf113718f] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [50eb29babccee84e2d2a5b3849bb6a96] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu tBtAtDtC1N1R&cr=1688644683&ir=, In Quarantäne, [320983604842ac8ad85b67a3e023fa06] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|TopResultURLFallback, hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu tBtAtDtC1N1R&cr=1688644683&ir=, In Quarantäne, [46f5578c444655e1fa39b2585aa930d0] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconPath, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, In Quarantäne, [c873ce1515756bcb38fbe525d2319967] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Mysearchdial, In Quarantäne, [af8cba29761450e6290a8b7fe91a827e] PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|DisplayName, Mysearchdial, In Quarantäne, [96a5d80b1d6d1c1abb788981887b39c7] Registrierungsdaten: 1 PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, Mysearchdial Search, Gut: (Google), Schlecht: (Mysearchdial Search,[59e2489bd5b5bb7be82e5fcb1ee7c937] Ordner: 96 PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.WindowTiler.A, C:\Program Files (x86)\Window Tiler, In Quarantäne, [b883c61d563451e504adc4499073c13f], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\log, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.Awesomehp.A, C:\Users\pc\AppData\Roaming\awesomehp, In Quarantäne, [bc7f3da6addd1b1b78b525267390629e], PUP.Optional.Awesomehp.A, C:\Users\pc\AppData\Roaming\awesomehp\log, In Quarantäne, [bc7f3da6addd1b1b78b525267390629e], Stolen.Data, C:\Users\pc\AppData\Roaming\dclogs, In Quarantäne, [02393ca79eec87af740d4fcee51f649c], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn\236, In Quarantäne, [5dde4d9638524fe74b8d02889a6a8b75], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn, In Quarantäne, [5dde4d9638524fe74b8d02889a6a8b75], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl\143, In Quarantäne, [08337a69e5a5a591b12735552ed68878], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl, In Quarantäne, [08337a69e5a5a591b12735552ed68878], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\161, In Quarantäne, [88b33ba8c2c82d0933a5ed9d18eca759], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha, In Quarantäne, [88b33ba8c2c82d0933a5ed9d18eca759], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\213, In Quarantäne, [2417e1028bff5cdaac2c3b4f32d27e82], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod, In Quarantäne, [2417e1028bff5cdaac2c3b4f32d27e82], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browsaeandsiHop, In Quarantäne, [fe3d11d2f19947ef72de0883ae56ca36], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseandushoop, In Quarantäne, [b487d90aec9e83b31d33a7e4689c738d], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseianndshoup, In Quarantäne, [50ebc320e1a945f12a26e0ab768e2ed2], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browsueandshOp, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.NitroDeal.A, C:\Program Files (x86)\NitRodeal, In Quarantäne, [eb50ac37d2b8f442740d8704aa5abc44], PUP.Optional.OfferSoft.A, C:\Program Files (x86)\offerseoft, In Quarantäne, [70cb667daae01b1b6b176427788c4bb5], PUP.Optional.SalePrizes.A, C:\Program Files (x86)\saileprizeS, In Quarantäne, [1d1e8c57810947ef811d26650afa16ea], PUP.Optional.SalePrizes.A, C:\Program Files (x86)\saleoPrIIzeS, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.MultiPlug, C:\ProgramData\ianhljopggcgmjmieoihffonjobpicne, In Quarantäne, [93a81fc4741678beea39e7a5f60e0000], PUP.Optional.Cheap4all.A, C:\Program Files (x86)\cheaPP4All, In Quarantäne, [05365c87ec9e89ad53e2008cea1a966a], PUP.Optional.DollarSaver.A, C:\Program Files (x86)\dolllarisavEr, In Quarantäne, [08339c47305af046e346206d5ea6c23e], PUP.Optional.DollarSaver.A, C:\Program Files (x86)\duoleLarrssaveaR, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.QuickShop.A, C:\Program Files (x86)\quiCCkShaoPP, In Quarantäne, [b08bf4efef9b9d99ce7b8a032dd705fb], PUP.Optional.LowRate.A, C:\Program Files (x86)\loowrate, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.OfferApp.A, C:\Program Files (x86)\offeeeraapP, In Quarantäne, [55e67271a6e41620b5049df0f80c817f], PUP.Optional.RocketDeal.A, C:\Program Files (x86)\rocaketdeeaal, In Quarantäne, [61da7a69c1c90630ae27ee9f08fc01ff], PUP.Optional.Free2You.A, C:\Program Files (x86)\freee2yOu, In Quarantäne, [b08bd50efe8cb87eb6a5315d2cd84ab6], PUP.Optional.AppSave.A, C:\Program Files (x86)\Appsavue, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.SaleOffer.A, C:\Program Files (x86)\salueofffer, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], Rogue.Multiple, C:\ProgramData\2355320829, In Quarantäne, [b784578ca3e7270fc6f8dbe87d852dd3], Rogue.Multiple, C:\ProgramData\542228444, In Quarantäne, [51ea1cc7aedcba7ccdf3b70c2ad8748c], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\icons_2.2.15.1631, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\UpdateProc, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive, In Quarantäne, [0a31b52eccbe2016ce962fa5dd25cb35], PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update, In Quarantäne, [0a31b52eccbe2016ce962fa5dd25cb35], PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update\Log, In Quarantäne, [0a31b52eccbe2016ce962fa5dd25cb35], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\SaveSense, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\SaveSense\UpdateProc, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense, In Quarantäne, [003b53902c5e8caa5511c014669c9c64], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSenseLive, In Quarantäne, [55e625bed8b263d3b0b98e46778b26da], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSenseLive\CrashReports, In Quarantäne, [55e625bed8b263d3b0b98e46778b26da], PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me, In Quarantäne, [ff3c8261ed9d3006940e3d9762a059a7], PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me\cache, In Quarantäne, [ff3c8261ed9d3006940e3d9762a059a7], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [0635974cc3c72e087df0b223649e926e], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [0635974cc3c72e087df0b223649e926e], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro, In Quarantäne, [3704c51eb0da0531002e3e98976b27d9], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit, In Quarantäne, [d863469d32582b0b2128edebf111fb05], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\log, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpjdjfkkmlgacmnenfhafmkldaogiglb, In Quarantäne, [70cb17cc5b2f41f5473d6475a0625ca4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kpjdjfkkmlgacmnenfhafmkldaogiglb_0, In Quarantäne, [b58637acf09a6bcb7a0bb62318ea649c], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [94a75291e2a845f1f6f911d313ef5aa6], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [94a75291e2a845f1f6f911d313ef5aa6], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpffalghigmkdghibgickgcnkbcaidch, In Quarantäne, [64d7895ae1a91b1be76dca23748e9070], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bpffalghigmkdghibgickgcnkbcaidch_0, In Quarantäne, [80bbd3106525b5812332b5389d652cd4], PUP.Optional.Shoppilation.A, C:\ProgramData\shoppilation, In Quarantäne, [49f2ebf813776acc0c7a58a853b0916f], PUP.Optional.CheapCoup.A, C:\ProgramData\cheapcoup, In Quarantäne, [1e1d38abbad024124de3aa583dc6b050], Dateien: 336 PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll, In Quarantäne, [033829baed9dd561ac80982631d113ed], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe, In Quarantäne, [91aa8e5528623303ee899e209d65a15f], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll, In Quarantäne, [60db32b18cfe93a3d259853944be11ef], PUP.Optional.Multiplug, C:\ProgramData\542228444\BITE504.tmp, In Quarantäne, [b982588b2268dc5af93a89f111f0ca36], PUP.Optional.MultiPlug.Uns, C:\ProgramData\shoppilation\shoppilation.exe, In Quarantäne, [1229eff44842ca6ca3362c4bd62c5ba5], PUP.Optional.Multiplug, C:\ProgramData\buyandabrOwsea\NEzRftn9MCAAVj.exe, In Quarantäne, [65d6944f5f2b77bf71eb58118e743ac6], PUP.Optional.Multiplug, C:\ProgramData\buyandabrOwsea\NEzRftn9MCAAVj.x64.dll, In Quarantäne, [b883b23163270c2a4c6b87f6e41da858], PUP.Optional.MultiPlug.Uns, C:\ProgramData\cheapcoup\cheapcoup.exe, In Quarantäne, [eb50da09dfabbb7be6f34e29b54dd030], PUP.Optional.MultiPlug.Uns, C:\ProgramData\couponcheapchea\couponcheapchea.exe, In Quarantäne, [49f22eb5e0aa6acc09d0cbac9171ef11], PUP.Optional.Bunndle, C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, In Quarantäne, [cc6f26bd3456f343b6d2e35c15eb649c], PUP.Optional.Multiplug.A, C:\Program Files (x86)\browseianndshoup\4aIplDd5rKnzS1.exe, In Quarantäne, [d56637ac0e7cf640d20dc5b55ea38878], PUP.Optional.Multiplug.A, C:\Program Files (x86)\browsueandshOp\Bfp3qBmJkHugQJ.exe, In Quarantäne, [9ba035ae9feb0234518e4c2e80810ff1], PUP.Optional.Multiplug.A, C:\Program Files (x86)\saileprizeS\ON45aR1XShc5vm.exe, In Quarantäne, [fc3f22c1b5d5e6501ec1007aa55cd32d], PUP.Optional.Multiplug.A, C:\Program Files (x86)\salepriizes\salepriizes.exe, In Quarantäne, [c6753aa91a70201614cb5c1e7190bb45], PUP.Optional.Multiplug.A, C:\Program Files (x86)\NitRodeal\NitRodeal.exe, In Quarantäne, [1625c41f4d3df83e647bee8c6e93857b], PUP.Optional.Multiplug.A, C:\Program Files (x86)\offerseoft\bueBHgSiGORwTL.exe, In Quarantäne, [55e63ea5cfbba78f59864436b54cae52], PUP.Optional.Multiplug.A, C:\Program Files (x86)\offfersoftt\offfersoftt.exe, In Quarantäne, [bb80e4ff29611026f4ebeb8f778ad62a], PUP.Optional.Multiplug.A, C:\Program Files (x86)\Palette for Chrome\Palette for Chrome.exe, In Quarantäne, [83b83ba8d5b547efc718aecc4ab7f010], PUP.Optional.Multiplug.A, C:\Program Files (x86)\dolllarisavEr\GZb1mAHBboWBoq.exe, In Quarantäne, [f94280630c7ec67026b99ae06b9650b0], PUP.Optional.Multiplug.A, C:\Program Files (x86)\duoleLarrssaveaR\W5T7tmJFiFsnxN.exe, In Quarantäne, [e556469d4e3ce452fde2a0dad13031cf], PUP.Optional.Multiplug.A, C:\Program Files (x86)\FREE MP3 Search\FREE MP3 Search.exe, In Quarantäne, [e8531ec5cbbfe74f3aa588f205fcfe02], PUP.Optional.MultiPlug.A, C:\Program Files (x86)\Mozilla Firefox\dbghelp.dll, In Quarantäne, [d764c61dfa90f44238a7377c14ed14ec], PUP.Optional.Multiplug.A, C:\Program Files (x86)\Checker Plus for Calendar\Checker Plus for Calendar.exe, In Quarantäne, [63d8cd16ff8b3204f6e937435aa7fd03], PUP.Optional.InstallCore.C, C:\Program Files (x86)\CinPlus-2.7cV16.11\SuperSocket.ClientEngine.Core.dll, In Quarantäne, [60db746f503a37ff8a298dda2adba25e], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\utils.exe, In Quarantäne, [99a23da62c5eac8a469ea297de229c64], PUP.Optional.Multiplug.A, C:\Program Files (x86)\Cookie Inspector\Cookie Inspector.exe, In Quarantäne, [fd3edf04f09a0e28fae589f1ef12c937], PUP.Optional.Multiplug.A, C:\Program Files (x86)\UserAgent Switcher\UserAgent Switcher.exe, In Quarantäne, [34071ac9eaa01b1b27b84139c23f0bf5], PUP.Optional.Multiplug.A, C:\Users\pc\AppData\Local\Temp\AWHEWN.tmp\aO7t5maWsinnEy.exe, In Quarantäne, [32096281dab041f5b12eabcf45bc748c], PUP.Optional.Multiplug.A, C:\Users\pc\AppData\Local\Temp\IRGQPX.tmp\Z2JeiK4NATYEv4.exe, In Quarantäne, [3cff548f335783b3508fe793ec158878], PUP.Optional.DomaIQ, C:\Users\pc\Downloads\Setup v2 1.exe, In Quarantäne, [5edd04df88026ec8be48ada546bb05fb], PUP.Optional.InstallCore.SID.C, C:\Users\pc\Downloads\installer_adobe_flash_player_English.exe, In Quarantäne, [bd7e41a22664989e5ddc462145c0649c], Trojan.Banker.AXGen, C:\Users\pc\Downloads\Nicht bestätigt 272800.crdownload, In Quarantäne, [ff3c1ec5f3977fb789d721302fd2629e], Trojan.Banker.AXGen, C:\Users\pc\Downloads\Nicht bestätigt 394441.crdownload, In Quarantäne, [91aa8c575a304cea035d8ec3c73ad52b], PUP.Optional.Downloader, C:\Users\pc\Downloads\VLC media player 32 Bit - CHIP-Installer.exe, In Quarantäne, [86b529ba5a300630944698b053ad4cb4], PUP.Optional.SaveSence.A, C:\Users\pc\AppData\Local\SaveSense\SaveSenseIE.dll, In Quarantäne, [fd3e10d35c2e66d0d5d1382606ffa957], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\bgNova.html, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\1293297481.mxaddon, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\1f5e2df9-c297-4019-a3ad-252961ea4430.crx, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\background.html, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\c98261a3-8593-4fc5-9faf-cd0d6b7eb5da.crx, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\c98261a3-8593-4fc5-9faf-cd0d6b7eb5da.xpi, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinPlus-2.7cV16.11\db0efebf-b3c8-42bf-a3e0-036cc14c2a99.crx, In Quarantäne, [94a7bd26414956e07b6e0df98f74d52b], PUP.Optional.WindowTiler.A, C:\Program Files (x86)\Window Tiler\Window Tiler.dat, In Quarantäne, [b883c61d563451e504adc4499073c13f], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\MessageBox.xml, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\277.json, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\uninstallDlg2.xml, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\bg.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\bg1.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\bk_shadow.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\button.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\button1.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\checkbox.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\checkbox_select.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\checked.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\close.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\loading_bg.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\loading_light.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\min.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\scrollbar.bmp, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\Thumbs.db, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\unchecked.png, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code\code1.jpg, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code\code2.jpg, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code\code3.jpg, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code\code4.jpg, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code\code5.jpg, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code\code6.jpg, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\images\code\Thumbs.db, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\log\UninstallManager_2014-11-16[18-24-46-108].log, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\log\UninstallManager_2014-11-16[18-28-39-639].log, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\log\UninstallManager_2014-11-16[18-30-31-944].log, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Users\pc\AppData\Roaming\mystartsearch\log\UninstallManager_2014-11-16[18-34-23-025].log, In Quarantäne, [d3686b780189191d92e0bc60679cd52b], PUP.Optional.MyStartSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystartsearch.xml, In Quarantäne, [1f1cbe25d8b254e2be0fe638c3402cd4], PUP.Optional.Conduit.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\conduit-search.xml, In Quarantäne, [71ca687b51392f07f4235bcc748ffd03], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpffalghigmkdghibgickgcnkbcaidch_0.localstorage, In Quarantäne, [43f872715238c274ea4c0a1dbc47d62a], PUP.Optional.QuickStart.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, In Quarantäne, [093222c124660f2786cfe94149ba867a], PUP.Optional.WebsSearches.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml, In Quarantäne, [e75452914d3df343b0aa47fd3ac97d83], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\Mysearchdial.xml, In Quarantäne, [7dbeaa39850565d15fbb4204cc3710f0], PUP.Optional.Awesomehp.A, C:\Users\pc\AppData\Roaming\awesomehp\67.json, In Quarantäne, [bc7f3da6addd1b1b78b525267390629e], PUP.Optional.Awesomehp.A, C:\Users\pc\AppData\Roaming\awesomehp\DataBase, In Quarantäne, [bc7f3da6addd1b1b78b525267390629e], PUP.Optional.Awesomehp.A, C:\Users\pc\AppData\Roaming\awesomehp\log\awesomehp.LOG, In Quarantäne, [bc7f3da6addd1b1b78b525267390629e], PUP.Optional.Awesomehp.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\awesomehp.xml, In Quarantäne, [ba81f0f38ffbb581d25cb497c83b619f], Stolen.Data, C:\Users\pc\AppData\Roaming\dclogs\2014-11-16-1.dc, In Quarantäne, [02393ca79eec87af740d4fcee51f649c], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kpjdjfkkmlgacmnenfhafmkldaogiglb_0.localstorage, In Quarantäne, [182320c3e7a344f2ff1d84f5937147b9], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn\236\lsdb.js, In Quarantäne, [5dde4d9638524fe74b8d02889a6a8b75], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn\236\background.html, In Quarantäne, [5dde4d9638524fe74b8d02889a6a8b75], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn\236\content.js, In Quarantäne, [5dde4d9638524fe74b8d02889a6a8b75], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn\236\dMO.js, In Quarantäne, [5dde4d9638524fe74b8d02889a6a8b75], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcebepcbopnpbdhimpgfbbdkbimaoafn\236\manifest.json, In Quarantäne, [5dde4d9638524fe74b8d02889a6a8b75], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl\143\lsdb.js, In Quarantäne, [08337a69e5a5a591b12735552ed68878], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl\143\background.html, In Quarantäne, [08337a69e5a5a591b12735552ed68878], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl\143\content.js, In Quarantäne, [08337a69e5a5a591b12735552ed68878], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl\143\kOH.js, In Quarantäne, [08337a69e5a5a591b12735552ed68878], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejndijkjinbjigbmmbefadfighlkmhjl\143\manifest.json, In Quarantäne, [08337a69e5a5a591b12735552ed68878], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\161\lsdb.js, In Quarantäne, [88b33ba8c2c82d0933a5ed9d18eca759], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\161\background.html, In Quarantäne, [88b33ba8c2c82d0933a5ed9d18eca759], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\161\content.js, In Quarantäne, [88b33ba8c2c82d0933a5ed9d18eca759], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\161\manifest.json, In Quarantäne, [88b33ba8c2c82d0933a5ed9d18eca759], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha\161\WdKAcTZFqz.js, In Quarantäne, [88b33ba8c2c82d0933a5ed9d18eca759], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\213\lsdb.js, In Quarantäne, [2417e1028bff5cdaac2c3b4f32d27e82], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\213\background.html, In Quarantäne, [2417e1028bff5cdaac2c3b4f32d27e82], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\213\c4hRfVT0zr.js, In Quarantäne, [2417e1028bff5cdaac2c3b4f32d27e82], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\213\content.js, In Quarantäne, [2417e1028bff5cdaac2c3b4f32d27e82], PUP.Optional.MultiPlug.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod\213\manifest.json, In Quarantäne, [2417e1028bff5cdaac2c3b4f32d27e82], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browsaeandsiHop\dwy1Tx8OymbH2Z.tlb, In Quarantäne, [fe3d11d2f19947ef72de0883ae56ca36], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browsaeandsiHop\dwy1Tx8OymbH2Z.dat, In Quarantäne, [fe3d11d2f19947ef72de0883ae56ca36], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseandushoop\4MKLhh3D8gJSQ8.tlb, In Quarantäne, [b487d90aec9e83b31d33a7e4689c738d], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseandushoop\4MKLhh3D8gJSQ8.dat, In Quarantäne, [b487d90aec9e83b31d33a7e4689c738d], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseianndshoup\4aIplDd5rKnzS1.tlb, In Quarantäne, [50ebc320e1a945f12a26e0ab768e2ed2], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browseianndshoup\4aIplDd5rKnzS1.dat, In Quarantäne, [50ebc320e1a945f12a26e0ab768e2ed2], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browsueandshOp\Bfp3qBmJkHugQJ.tlb, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.BrowseAndShop.A, C:\Program Files (x86)\browsueandshOp\Bfp3qBmJkHugQJ.dat, In Quarantäne, [ac8f8b5828629c9aec64a2e9659fd030], PUP.Optional.NitroDeal.A, C:\Program Files (x86)\NitRodeal\RZRCRMGmSaR9uh.tlb, In Quarantäne, [eb50ac37d2b8f442740d8704aa5abc44], PUP.Optional.NitroDeal.A, C:\Program Files (x86)\NitRodeal\NitRodeal.dat, In Quarantäne, [eb50ac37d2b8f442740d8704aa5abc44], PUP.Optional.NitroDeal.A, C:\Program Files (x86)\NitRodeal\RZRCRMGmSaR9uh.dat, In Quarantäne, [eb50ac37d2b8f442740d8704aa5abc44], PUP.Optional.OfferSoft.A, C:\Program Files (x86)\offerseoft\bueBHgSiGORwTL.tlb, In Quarantäne, [70cb667daae01b1b6b176427788c4bb5], PUP.Optional.OfferSoft.A, C:\Program Files (x86)\offerseoft\bueBHgSiGORwTL.dat, In Quarantäne, [70cb667daae01b1b6b176427788c4bb5], PUP.Optional.SalePrizes.A, C:\Program Files (x86)\saileprizeS\ON45aR1XShc5vm.tlb, In Quarantäne, [1d1e8c57810947ef811d26650afa16ea], PUP.Optional.SalePrizes.A, C:\Program Files (x86)\saileprizeS\ON45aR1XShc5vm.dat, In Quarantäne, [1d1e8c57810947ef811d26650afa16ea], PUP.Optional.SalePrizes.A, C:\Program Files (x86)\saleoPrIIzeS\ZGbndpAHiUwBLK.tlb, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.SalePrizes.A, C:\Program Files (x86)\saleoPrIIzeS\ZGbndpAHiUwBLK.dat, In Quarantäne, [c873796a6f1b0d29c6d83655b35112ee], PUP.Optional.MultiPlug, C:\ProgramData\ianhljopggcgmjmieoihffonjobpicne\lsdb.js, In Quarantäne, [93a81fc4741678beea39e7a5f60e0000], PUP.Optional.MultiPlug, C:\ProgramData\ianhljopggcgmjmieoihffonjobpicne\AE2X.js, In Quarantäne, [93a81fc4741678beea39e7a5f60e0000], PUP.Optional.MultiPlug, C:\ProgramData\ianhljopggcgmjmieoihffonjobpicne\background.html, In Quarantäne, [93a81fc4741678beea39e7a5f60e0000], PUP.Optional.MultiPlug, C:\ProgramData\ianhljopggcgmjmieoihffonjobpicne\content.js, In Quarantäne, [93a81fc4741678beea39e7a5f60e0000], PUP.Optional.MultiPlug, C:\ProgramData\ianhljopggcgmjmieoihffonjobpicne\manifest.json, In Quarantäne, [93a81fc4741678beea39e7a5f60e0000], PUP.Optional.Cheap4all.A, C:\Program Files (x86)\cheaPP4All\qxVx4Gk6yIRc8N.tlb, In Quarantäne, [05365c87ec9e89ad53e2008cea1a966a], PUP.Optional.Cheap4all.A, C:\Program Files (x86)\cheaPP4All\qxVx4Gk6yIRc8N.dat, In Quarantäne, [05365c87ec9e89ad53e2008cea1a966a], PUP.Optional.DollarSaver.A, C:\Program Files (x86)\dolllarisavEr\GZb1mAHBboWBoq.tlb, In Quarantäne, [08339c47305af046e346206d5ea6c23e], PUP.Optional.DollarSaver.A, C:\Program Files (x86)\dolllarisavEr\GZb1mAHBboWBoq.dat, In Quarantäne, [08339c47305af046e346206d5ea6c23e], PUP.Optional.DollarSaver.A, C:\Program Files (x86)\duoleLarrssaveaR\W5T7tmJFiFsnxN.tlb, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.DollarSaver.A, C:\Program Files (x86)\duoleLarrssaveaR\W5T7tmJFiFsnxN.dat, In Quarantäne, [ff3c667ddcae0a2c33f6662742c2c33d], PUP.Optional.QuickShop.A, C:\Program Files (x86)\quiCCkShaoPP\p9PjuWFxgi1b4E.tlb, In Quarantäne, [b08bf4efef9b9d99ce7b8a032dd705fb], PUP.Optional.LowRate.A, C:\Program Files (x86)\loowrate\vkQQFIXMQc9kiT.tlb, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.LowRate.A, C:\Program Files (x86)\loowrate\vkQQFIXMQc9kiT.dat, In Quarantäne, [2e0dffe45a3067cf5a18eda01be9f30d], PUP.Optional.OfferApp.A, C:\Program Files (x86)\offeeeraapP\ZHQzu6uNsbbJH9.tlb, In Quarantäne, [55e67271a6e41620b5049df0f80c817f], PUP.Optional.OfferApp.A, C:\Program Files (x86)\offeeeraapP\ZHQzu6uNsbbJH9.dat, In Quarantäne, [55e67271a6e41620b5049df0f80c817f], PUP.Optional.RocketDeal.A, C:\Program Files (x86)\rocaketdeeaal\2X6ObDV3ITwxFK.tlb, In Quarantäne, [61da7a69c1c90630ae27ee9f08fc01ff], PUP.Optional.RocketDeal.A, C:\Program Files (x86)\rocaketdeeaal\2X6ObDV3ITwxFK.dat, In Quarantäne, [61da7a69c1c90630ae27ee9f08fc01ff], PUP.Optional.Free2You.A, C:\Program Files (x86)\freee2yOu\1mcmS6ZjMIVpCr.tlb, In Quarantäne, [b08bd50efe8cb87eb6a5315d2cd84ab6], PUP.Optional.Free2You.A, C:\Program Files (x86)\freee2yOu\1mcmS6ZjMIVpCr.dat, In Quarantäne, [b08bd50efe8cb87eb6a5315d2cd84ab6], PUP.Optional.AppSave.A, C:\Program Files (x86)\Appsavue\3CsJ5DYGBVfqXD.tlb, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.AppSave.A, C:\Program Files (x86)\Appsavue\3CsJ5DYGBVfqXD.dat, In Quarantäne, [d962fee52169c57135cf9cf464a0659b], PUP.Optional.SaleOffer.A, C:\Program Files (x86)\salueofffer\DuBTsarltlP0Qx.tlb, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], PUP.Optional.SaleOffer.A, C:\Program Files (x86)\salueofffer\DuBTsarltlP0Qx.dat, In Quarantäne, [ba81a93a1e6c44f2e483c5cc867e09f7], Rogue.Multiple, C:\ProgramData\2355320829\BIT4DDF.tmp, In Quarantäne, [b784578ca3e7270fc6f8dbe87d852dd3], Rogue.Multiple, C:\ProgramData\542228444\BITE504.tmp, In Quarantäne, [51ea1cc7aedcba7ccdf3b70c2ad8748c], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\icons_2.2.15.1631\62.ico, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\icons_2.2.15.1631\80.ico, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\UpdateProc\config.dat, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\UpdateProc\info.dat, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\UpdateProc\STTL.DAT, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\UpdateProc\TTL.DAT, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe, In Quarantäne, [f645b72ceaa00e28e439943f58aaed13], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\FavIcon.ico, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\Sqlite3.dll, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\uninst.dat, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.21.0\uninstall.exe, In Quarantäne, [350637ac4d3d61d594bbe8ecd32f3cc4], PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log, In Quarantäne, [0a31b52eccbe2016ce962fa5dd25cb35], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\SaveSense\UpdateProc\config.dat, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\SaveSense\UpdateProc\info.dat, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe, In Quarantäne, [ce6df9eaafdbe74ff174b0247d8548b8], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url, In Quarantäne, [003b53902c5e8caa5511c014669c9c64], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url, In Quarantäne, [003b53902c5e8caa5511c014669c9c64], PUP.Optional.SaveSense, C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk, In Quarantäne, [003b53902c5e8caa5511c014669c9c64], PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [ff3c8261ed9d3006940e3d9762a059a7], PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [ff3c8261ed9d3006940e3d9762a059a7], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [0635974cc3c72e087df0b223649e926e], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\51678.crx, In Quarantäne, [3704c51eb0da0531002e3e98976b27d9], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\51678.xpi, In Quarantäne, [3704c51eb0da0531002e3e98976b27d9], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\background.html, In Quarantäne, [3704c51eb0da0531002e3e98976b27d9], PUP.Optional.Feven.A, C:\Program Files (x86)\Feven Pro\Installer.log, In Quarantäne, [3704c51eb0da0531002e3e98976b27d9], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\154.dat, In Quarantäne, [d863469d32582b0b2128edebf111fb05], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\a.db, In Quarantäne, [d863469d32582b0b2128edebf111fb05], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\b.db, In Quarantäne, [d863469d32582b0b2128edebf111fb05], PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\Re-markit154.bin, In Quarantäne, [d863469d32582b0b2128edebf111fb05], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense\icon.ico, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense\installer_icon.ico, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense\SaveSense.crx, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense\SaveSense.xpi, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense\SaveSenseIE64.dll, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense\SaveSenseUpdateVer.exe, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.SaveSense.A, C:\Users\pc\AppData\Local\SaveSense\uninst.exe, In Quarantäne, [38033da6e5a583b3c8b90ace23df4db3], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\257.json, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\MessageBox.xml, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\uninstallDlg2.xml, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\bg.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\bk_shadow.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\button.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\checkbox.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\checkbox_select.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\loading_bg.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\loading_light.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\scrollbar.bmp, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code\code1.jpg, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code\code2.jpg, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code\code3.jpg, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code\code4.jpg, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code\code5.jpg, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code\code6.jpg, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\images\code\Thumbs.db, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.WebsSearches.A, C:\Users\pc\AppData\Roaming\webssearches\log\UninstallManager_2014-11-16[18-40-48-696].log, In Quarantäne, [d962a3404e3cba7c0ca6a236b44e8b75], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpjdjfkkmlgacmnenfhafmkldaogiglb\000005.ldb, In Quarantäne, [70cb17cc5b2f41f5473d6475a0625ca4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpjdjfkkmlgacmnenfhafmkldaogiglb\000023.log, In Quarantäne, [70cb17cc5b2f41f5473d6475a0625ca4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpjdjfkkmlgacmnenfhafmkldaogiglb\CURRENT, In Quarantäne, [70cb17cc5b2f41f5473d6475a0625ca4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpjdjfkkmlgacmnenfhafmkldaogiglb\LOCK, In Quarantäne, [70cb17cc5b2f41f5473d6475a0625ca4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpjdjfkkmlgacmnenfhafmkldaogiglb\LOG, In Quarantäne, [70cb17cc5b2f41f5473d6475a0625ca4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpjdjfkkmlgacmnenfhafmkldaogiglb\MANIFEST-000021, In Quarantäne, [70cb17cc5b2f41f5473d6475a0625ca4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kpjdjfkkmlgacmnenfhafmkldaogiglb_0\3, In Quarantäne, [b58637acf09a6bcb7a0bb62318ea649c], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [94a75291e2a845f1f6f911d313ef5aa6], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\skin.css, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\style.css, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google.com.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [ad8e9d4622680c2a15201fc9c33fd12f], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpffalghigmkdghibgickgcnkbcaidch\000005.ldb, In Quarantäne, [64d7895ae1a91b1be76dca23748e9070], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpffalghigmkdghibgickgcnkbcaidch\000006.log, In Quarantäne, [64d7895ae1a91b1be76dca23748e9070], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpffalghigmkdghibgickgcnkbcaidch\CURRENT, In Quarantäne, [64d7895ae1a91b1be76dca23748e9070], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpffalghigmkdghibgickgcnkbcaidch\LOCK, In Quarantäne, [64d7895ae1a91b1be76dca23748e9070], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpffalghigmkdghibgickgcnkbcaidch\LOG, In Quarantäne, [64d7895ae1a91b1be76dca23748e9070], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bpffalghigmkdghibgickgcnkbcaidch\MANIFEST-000004, In Quarantäne, [64d7895ae1a91b1be76dca23748e9070], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bpffalghigmkdghibgickgcnkbcaidch_0\7, In Quarantäne, [80bbd3106525b5812332b5389d652cd4], PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14bab8f2e7b356dd392093cbc240cbe4")  , Ersetzt,[e15a41a22c5e44f29bd8caa341c432ce]PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2) , Ersetzt,[3803a83bf29843f3a3d5b5b84abbcf31]PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ser Preferences /* Do not edit this file. * * If ), Ersetzt,[b7846c770189e84e8eea9bd244c1a65a] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (es /* Do not edit this file. * * If you make changes to this file while the ap), Ersetzt,[b18a0ad96327a591df990c613acb9f61] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (e. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make ), Ersetzt,[9f9c25be375343f3c4b49dd044c1ed13] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ing, * the changes will be overwritten when the), Ersetzt,[aa91ab384c3ef1455424d895f213c33d] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (eferences /* Do not edit this file. * * If you ), Ersetzt,[ad8e5b8897f3f640176183ea27de9c64] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (nces /* Do not edit this file. * * If you ), Ersetzt,[e853e6fdf892b28422560c61f70e669a] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (eferences /* Do not edit this file. * * If yo), Ersetzt,[43f84c97b6d4f244a4d474f952b31fe1] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you), Ersetzt,[0f2c29ba91f9fa3c5226a8c549bc11ef] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config */ user_pref("NfQRxxra4F", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4Uh fZohSYSD7xGBMxIhft9rjwKg70JsSU+vjx1XzlGBc4PBMmVWw0MuctHDe8LCM0SBG4KhfnSuj5JrfF1DftIvMVKhyl5j7gOsM8PBMmGAi4TB79Suj5JrfF1DftIvMVKhyl5j7gOsV0XAfbJoisPoS9 FXzF8CMEKAe4UhfZohSYSoexEgfbZBexJqGsPo), Ersetzt,[0338fce75931aa8ce098d29b20e5f709] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (XAfbJoisPoS9FXzF8CMEKAe4UhfZohSYSoexEgfbZBexJqGsPoS9), Ersetzt,[0a317e657b0fd85e7dfbcda01bea12ee] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you make changes to this file whi), Ersetzt,[0833e4ffa1e93bfb1167bfae1bea53ad] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (s file. * * If you make changes to this file), Ersetzt,[2a114a99583249edc8b0fe6fa4619f61] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (references /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you c), Ersetzt,[5be0588bb5d53cfacdab5a13e421e917] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: ( * To make a manual change to preferences, you can visit the), Ersetzt,[132892515733a88e5e1af27b669f48b8] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: ( /* Do not edit this file. * * If you make changes), Ersetzt,[f4474a99098169cd6d0bc2ab719430d0] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you ma), Ersetzt,[bd7e5d860981c2747701e18c5da8a55b] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you c), Ersetzt,[1427915290fac1750078fb72d5306d93] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: ( * To make a manual change to preferences, you can visit the URL a), Ersetzt,[9f9c964d7f0bbd79166271fc030218e8] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about), Ersetzt,[1625fee513778fa7f1878fde4db8c040] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: ( To make a manual change to preferences, you can visit the URL about:config */ user_pref("NfQRxxra4F", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYh), Ersetzt,[c57636adc4c658de9edac4a91ce9a35d] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: ( overwritten when the application exits. * * To make a ), Ersetzt,[b18ac0230c7e7abc492f92db9273c937] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: ( /* Do not edit this file. * * If you make changes to t), Ersetzt,[95a6c51e94f6999d7404cca1ae5744bc] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: ( /* Do not edit this file. * * If you make c), Ersetzt,[85b670733f4ba294cdabdf8ef411f60a] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (references /* Do not edit this file. * * If you make cha), Ersetzt,[1e1d03e0d1b944f22b4d5a137d88a15f] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (* Do not edit this file. * * If you make changes), Ersetzt,[0c2f1bc83456ad89fb7d492465a0f20e] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit th), Ersetzt,[80bbda09e8a245f191e780ed52b37789] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ake a manual change to preferences, you can visit the ), Ersetzt,[4af1855e33570234393f501dd1348a76] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (nces /* Do not edit this file. * * If you make c), Ersetzt,[f546de05fe8cc86ecdaba1cca560867a] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If you ), Ersetzt,[5fdc9c477e0c84b2cfa987e65baaa55b] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ences /* Do not edit this file. * * If you make ), Ersetzt,[4eed459e7614c86e671196d7c441f50b] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you make changes to th), Ersetzt,[5cdfc320b0da41f5641459144abb2cd4] PUP.Optional.MySearch.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.aflt", "dsites0103") , Ersetzt,[b883e4ff11793303beb4a4c9ca3bac54]PUP.Optional.MySearch.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (searchdial.hmpg", true); user_pref("extensions.), Ersetzt,[2219d80bff8b72c4462cb3ba41c4a060] PUP.Optional.MySearch.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extension), Ersetzt,[7ebd687b880262d4b8ba6b0264a105fb] PUP.Optional.MySearch.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0Et), Ersetzt,[2f0c07dca7e3f4425d15b3bac5408779] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpg", true) , Ersetzt,[75c6b62d3456be78215872fb64a1a35d]PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (sions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Cz), Ersetzt,[211ada0915755bdb661336370afb60a0] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBt), Ersetzt,[f4477a69bad0f93df08905687c89de22] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (s.mysearchdial.hmpg", true); user_pref("extensions.mysearchdia), Ersetzt,[81baf0f32b5f092d4c2d4a23669fcc34] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ial.hmpg", true); user_pref("extensions.mysearchd), Ersetzt,[75c643a06f1bc670d9a0abc2e81d56aa] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extensions), Ersetzt,[df5c7172cbbf33034039d19c976e37c9] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtD), Ersetzt,[3704c71c286249edc6b3c9a42fd6ec14] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (u0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1688644683&ir="); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); user_pref("extensions.mysearchdial.dns), Ersetzt,[cc6f09daa2e8d95d72070766b64f946c] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (yCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=16), Ersetzt,[92a9a63de8a249eda2d7600db253639d] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (chdial.hmpg", true); user_pref("extensions.mysearchdia), Ersetzt,[c77470737e0c4ee8fc7df17c13f254ac] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions.mysea), Ersetzt,[d36853909ded69cd4c2d3439e520b24e] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (mysearchdial.hmpg", true); user_pref("extensions.mysea), Ersetzt,[67d421c21a7078bedd9cdd90b055ae52] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpg), Ersetzt,[cc6f756e28626dc94a2f59147f86c63a] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", ), Ersetzt,[dd5e8d564e3ca98dc4b556176b9abe42] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (hdial.hmpg", true); user_pref("extensions.mysearchdial.hmp), Ersetzt,[60dbcc175535092d51283c311aebb54b] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (rchdial.hmpg", true); user_pref("extensions.mysearchdia), Ersetzt,[5edd11d284065adc3148e28bd431d32d] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (searchdial.hmpg", true); user_pref("extensions.mysearc), Ersetzt,[8dae5b881773290db0c9a0cd4db8659b] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ysearchdial.hmpg", true); user_pref("extensions.mys), Ersetzt,[27141cc7008a48ee7900442914f1e719] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (s.mysearchdial.hmpg", true); user_pref("extension), Ersetzt,[e05bc41f38525bdbf881412c986d20e0] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extens), Ersetzt,[0239b1327911072f13664924fc099967] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ions.mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "http:/), Ersetzt,[eb5017cc602a12246c0d8de07a8b9a66] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (r_pref("extensions.mysearchdial.hmpgUrl", "hxxp://st), Ersetzt,[cd6e796af9914cea85f42647a85d1ee2] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (ons.mysearchdial.hmpg", true); user_pref("extensions.), Ersetzt,[64d77e65008a0b2b5c1d55186b9ab34d] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (mysearchdial.hmpg", true); user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCy), Ersetzt,[78c3ae3527638babfe7b294431d41ae6] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E), Ersetzt,[f744954ee7a3f83ef6836b023ec714ec] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1688644683& ir=") , Ersetzt,[fc3f9d46eaa0e74f2e4c125b3bca956b]PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: ("Mysearchdial"); user_pref("extensions.mysearchdial.dnsErr", true); user_pref("extensions.mysearchdial_i.newTab", false); user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y), Ersetzt,[24178063c2c8999de199d598bc49ab55] PUP.Optional.MySearchDial.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js, Gut: (), Schlecht: (1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1688644683&ir="); user_pref("extensions.mysearchdial.dfltSrch", true); user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial), Ersetzt,[1f1c845fcdbd39fd96e44f1ee12452ae] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Geändert von fritziLP (18.07.2015 um 21:10 Uhr) |
|
18.07.2015, 21:11
| #6 | |
| | Programm addet Ad ons im Internet. #AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.208 - Bericht erstellt 18/07/2015 um 21:37:03
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : pc - PCTIM
# Gestarted von : C:\Users\pc\Downloads\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ftb
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\ofiferapp
Ordner Gelöscht : C:\ProgramData\couponcheapchea
Ordner Gelöscht : C:\ProgramData\2306e072de9c02e4
Ordner Gelöscht : C:\ProgramData\2523951425153401572
Ordner Gelöscht : C:\ProgramData\2dea7ef000005f06
Ordner Gelöscht : C:\ProgramData\2f290ef900003e59
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoonTools
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\MoonTools
Ordner Gelöscht : C:\Program Files (x86)\cheap44all
Ordner Gelöscht : C:\Program Files (x86)\daiilyyprize
Ordner Gelöscht : C:\Program Files (x86)\Daillyprize
Ordner Gelöscht : C:\Program Files (x86)\fastsAler
Ordner Gelöscht : C:\Program Files (x86)\FrEue2yoU
Ordner Gelöscht : C:\Program Files (x86)\nIcENNfreee
Ordner Gelöscht : C:\Program Files (x86)\oFfeRusoft
Ordner Gelöscht : C:\Program Files (x86)\offfersoftt
Ordner Gelöscht : C:\Program Files (x86)\ofiferapp
Ordner Gelöscht : C:\Program Files (x86)\pprizecoupon
Ordner Gelöscht : C:\Program Files (x86)\pRaiezEEcoupoNo
Ordner Gelöscht : C:\Program Files (x86)\priizecoiupon
Ordner Gelöscht : C:\Program Files (x86)\quickishhoop
Ordner Gelöscht : C:\Program Files (x86)\roicikEtdeaLa
Ordner Gelöscht : C:\Program Files (x86)\saLeiofffer
Ordner Gelöscht : C:\Program Files (x86)\salepriizes
Ordner Gelöscht : C:\Users\pc\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\pc\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\pc\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\pc\AppData\Local\StormWatch
Ordner Gelöscht : C:\Users\pc\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\pc\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\pc\Documents\Mobogenie
Ordner Gelöscht : C:\Users\pc\Documents\Updater
Ordner Gelöscht : C:\ProgramData\hebhheocmkgmggeiglfnnokpoekehekl
Datei Gelöscht : C:\Program Files (x86)\prefs.js
Datei Gelöscht : C:\Users\pc\daemonprocess.txt
Datei Gelöscht : C:\Users\pc\AppData\Roaming\RWSQJ
Datei Gelöscht : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\84f7624f-cbaa-acaa-2d17-b95d69318c7c
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74CA59B5-0066-48C3-9D1A-84E0C0BB9AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8415E549-C9A7-42AA-9CA2-1FAE7F485432}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C1EC170E-C5ED-4100-9078-559C31AFDBF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{61946000-8054-4452-B5F9-719D35D899D8}_is1
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17840
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]
-\\ Mozilla Firefox v39.0 (x86 de)
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.0FE0sOH5DMpqr7by.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.2EdqRcGHRhFPA3FP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.2KydYZ3AxMdASGyT.scode", "(function(){try{if(window.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"livewebcams.xyz\",\"secure.dditser[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.HaQT7ymlHbFcDucb.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.J0ffDJcK0rxjJCGl.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1url.indexOf(\"acebook\")>-[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.NMzEOsV9Ycu5WcgU.scode", "(function(){try{if(window.location.href.indexOf(\"pdY9pjw5rHg8pjY6rTY5rjU7qa\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.NhS8lPEWZOM07AFQ.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.TkydNfhUzET2NKDa.scode", "(function(){try{if(window.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"www.viracure.com\",\"onesystemcare[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.WEWIvnJ2WEkKYp0t.scode", "(function(){try{if(window.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a3c8f3083413b4aa6ad29fb93d8982e80gmailcom63167.63167.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a3c8f3083413b4aa6ad29fb93d8982e80gmailcom63167.63167.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22msn.com%22%2C%2[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.a3c8f3083413b4aa6ad29fb93d8982e80gmailcom63167.63167.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "14bab8f2e7b356dd392093cbc240cbe4");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.fZS8LMvATIUzpmnO.scode", "(function(){try{if(window.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.iOMwuBwBHdWg8kGW.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1url.indexOf(\"acebook\")>-[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.irmysearch.aflt", "dsites0103");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.irmysearch.cr", "1688644683");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.irmysearch.instlRef", "");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mymysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0AtDtC1N1R&cr=1688644683&ir=");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.AL", 2);
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.aflt", "dsites0103");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cr", "1688644683");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "3D6CB0DC300E4E02D720CF459D5A2E41");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czut[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.id", "BCEE7BE1693E5AC2");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.instlDay", "16106");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBt[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.015:36:55");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Cz[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.sg", "none");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.015:36:55");
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.rylHr9NoCAW6u7RX.scode", "(function(){try{if(window.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.t3gqKur0RBRf3jpA.scode", "(function(){try{if(window.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"f[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xxGIuTn2jGeC1wEI.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fygbjpkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.zlhWXYgs2eQQO7uj.scode", "(function(){try{if(window.location.href.indexOf(\"rjn6rds4rdY9rjCErHw7qTnGqTw\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogma[...]
-\\ Google Chrome v43.0.2357.134
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0B0EtCyCzytA0EyD0A0CtBtN0D0Tzu0SyByCyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1688644683&ir=
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.awesomehp.com/web/?type=ds&ts=1392668974&from=tugs&uid=TOSHIBAXDT01ACA050_Y36MJRSTSXXY36MJRSTSX&q={searchTerms}
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5209713A-C5FE-434C-B751-AD2B3B842BDD&q={searchTerms}&SSPV=
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP5209713A-C5FE-434C-B751-AD2B3B842BDD&q={searchTerms}&SSPV=
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416158402&from=amt&uid=TOSHIBAXDT01ACA050_Y36MJRSTSXXY36MJRSTSX&q={searchTerms}
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1416158402&from=amt&uid=TOSHIBAXDT01ACA050_Y36MJRSTSXXY36MJRSTSX&q={searchTerms}
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416159215&from=brd&uid=TOSHIBAXDT01ACA050_Y36MJRSTSXXY36MJRSTSX&q={searchTerms}
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1416159215&from=brd&uid=TOSHIBAXDT01ACA050_Y36MJRSTSXXY36MJRSTSX&q={searchTerms}
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=121150&tt=gc_&babsrc=SP_ss_din2g&mntrId=2C31446D57129279
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=121150&tt=gc_&babsrc=SP_ss&mntrId=2C31446D57129279
[C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=121150&tt=gc_&babsrc=SP_ss_din2g&mntrId=2C31446D57129279
*************************
AdwCleaner[R0].txt - [18004 Bytes] - [18/07/2015 21:35:53]
AdwCleaner[S0].txt - [17748 Bytes] - [18/07/2015 21:37:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17808 Bytes] ##########
#JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Home Premium x64
Ran by pc on 18.07.2015 at 21:45:15,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_17E89F440D584F67E92EAD2E51C3A3A4
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
~~~ Files
Successfully deleted: [File] C:\Users\pc\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\pc\AppData\Roaming\appdataFr3.bin
Successfully deleted: [File] C:\Users\pc\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\keep last two tabs
~~~ FireFox
Emptied folder: C:\Users\pc\AppData\Roaming\mozilla\firefox\profiles\fygbjpkb.default\minidumps [326 files]
~~~ Chrome
[C:\Users\pc\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\pc\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\pc\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\pc\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
ogminpmldncgcmokldnmmapddoccmhfl
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.07.2015 at 21:52:43,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by pc (administrator) on PCTIM on 18-07-2015 21:55:16
Running from C:\Users\pc\Downloads
Loaded Profiles: pc (Available Profiles: pc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-05-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-10] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\..\Interfaces\{55CD620D-9468-4F24-822D-C6D23E7C87F2}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-03-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3485836003-3145142773-2739612057-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\google-images.xml [2014-10-09]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\google-maps.xml [2014-10-09]
FF Extension: BetterTTV - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\Extensions\firefox@betterttv.net.xpi [2015-07-17]
FF HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-07-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-13]
CHR Extension: (Google Wallet) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-13]
CHR HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\pc\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-02] (Adobe Systems) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 Cynical Skirt; C:\Program Files (x86)\Cynical Skirt\Cynical Skirt.exe [8016406 2015-07-05] () [File not signed] <==== ATTENTION
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-23] (EasyAntiCheat Ltd)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 21:55 - 2015-07-18 21:55 - 00014023 _____ C:\Users\pc\Downloads\FRST.txt
2015-07-18 21:55 - 2015-07-18 21:55 - 00000000 ____D C:\Users\pc\Downloads\FRST-OlderVersion
2015-07-18 21:52 - 2015-07-18 21:52 - 00001854 _____ C:\Users\pc\Desktop\JRT.txt
2015-07-18 21:43 - 2015-07-18 21:43 - 01798288 _____ (Malwarebytes Corporation) C:\Users\pc\Downloads\JRT.exe
2015-07-18 21:37 - 2015-07-18 21:38 - 00017893 _____ C:\Users\pc\Desktop\AdwCleaner[S0].txt
2015-07-18 21:33 - 2015-07-18 21:40 - 00000000 ____D C:\AdwCleaner
2015-07-18 21:31 - 2015-07-18 21:31 - 02248704 _____ C:\Users\pc\Downloads\AdwCleaner_4.208.exe
2015-07-18 21:31 - 2015-07-18 21:31 - 00105526 _____ C:\Users\pc\Desktop\mbam.txt
2015-07-18 21:23 - 2015-07-18 21:40 - 00000336 _____ C:\Windows\setupact.log
2015-07-18 21:23 - 2015-07-18 21:39 - 00098800 _____ C:\Windows\PFRO.log
2015-07-18 21:23 - 2015-07-18 21:23 - 00000000 _____ C:\Windows\setuperr.log
2015-07-18 20:10 - 2015-07-18 21:41 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-18 20:10 - 2015-07-18 20:10 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-18 20:10 - 2015-07-18 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-07-18 20:10 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-18 20:10 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-18 20:10 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-18 20:09 - 2015-07-18 20:10 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-07-18 20:09 - 2015-07-18 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-18 20:08 - 2015-07-18 20:08 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\pc\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-17 12:42 - 2015-07-18 21:55 - 02134528 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2015-07-17 12:42 - 2015-07-18 21:55 - 00000000 ____D C:\FRST
2015-07-16 20:57 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\Palette for Chrome
2015-07-16 13:01 - 2015-07-16 13:01 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-16 12:36 - 2015-07-16 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-16 12:36 - 2015-07-16 12:36 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-15 14:27 - 2015-07-15 14:27 - 00003250 _____ C:\Windows\System32\Tasks\{3BC97F96-7259-48E0-B93E-7F77ECBD1159}
2015-07-15 10:22 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\FREE MP3 Search
2015-07-13 22:14 - 2015-07-13 22:14 - 00931408 _____ (Google Inc.) C:\Users\pc\Downloads\ChromeSetup.exe
2015-07-08 11:57 - 2015-07-08 11:57 - 00002113 _____ C:\Users\pc\AppData\Local\recently-used.xbel
2015-07-08 11:50 - 2015-07-08 12:22 - 00000000 ____D C:\Users\pc\Desktop\Unbenannt
2015-07-08 11:42 - 2015-07-08 11:47 - 00000000 ____D C:\Users\pc\Desktop\Bewerbung für die Pixelcrew von GommeHD
2015-07-05 23:10 - 2015-07-05 23:11 - 62188293 _____ C:\Users\pc\Downloads\LionFoxGamings Awesome World Download.rar
2015-07-05 20:17 - 2015-07-05 20:19 - 00000023 _____ C:\Users\pc\Desktop\PRemium Rewi 50%.txt
2015-07-05 17:36 - 2015-07-05 17:36 - 00000000 ____D C:\Program Files (x86)\Cynical Skirt
2015-07-05 15:20 - 2015-07-05 15:20 - 00001205 _____ C:\Users\pc\Desktop\Uplay.lnk
2015-07-05 15:20 - 2015-07-05 15:20 - 00000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-07-05 15:19 - 2015-07-05 15:19 - 61778376 _____ (Ubisoft) C:\Users\pc\Downloads\UplayInstaller.exe
2015-07-05 14:49 - 2015-07-18 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 13:54 - 2015-07-05 13:54 - 00001268 _____ C:\Users\pc\Desktop\Revo Uninstaller.lnk
2015-07-05 13:54 - 2015-07-05 13:54 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-05 13:53 - 2015-07-05 13:53 - 01198368 _____ C:\Users\pc\Downloads\Revo Uninstaller - CHIP-Installer.exe
2015-07-05 09:25 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\UserAgent Switcher
2015-06-26 21:01 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\Checker Plus for Calendar
2015-06-22 20:16 - 2015-06-28 18:00 - 00091110 _____ C:\Users\pc\Desktop\2015.mcf
2015-06-22 20:16 - 2015-06-28 17:59 - 00091110 _____ C:\Users\pc\Desktop\2015.mcf~
2015-06-22 20:16 - 2015-06-28 17:58 - 00000000 ____D C:\Users\pc\Desktop\2015_mcf-Dateien
2015-06-20 18:39 - 2015-06-22 19:35 - 00179368 _____ C:\Users\pc\Desktop\Holland 2015.mcf
2015-06-20 18:39 - 2015-06-22 19:33 - 00179368 _____ C:\Users\pc\Desktop\Holland 2015.mcf~
2015-06-20 18:39 - 2015-06-21 12:58 - 00000000 ____D C:\Users\pc\Desktop\Holland 2015_mcf-Dateien
2015-06-18 20:38 - 2015-06-18 20:38 - 00000000 _____ C:\Users\pc\AppData\Local\Temp.dat
2015-06-18 20:22 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\Cookie Inspector
2015-06-18 20:22 - 2015-06-18 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2015-06-18 20:22 - 2015-06-18 20:22 - 00000000 ____D C:\Program Files (x86)\Windows Phone
2015-06-18 20:21 - 2015-06-18 20:21 - 00000000 ____D C:\ProgramData\Applications
2015-06-18 20:20 - 2015-06-18 20:21 - 06745792 _____ (Microsoft Corporation) C:\Users\pc\Downloads\WindowsPhone.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-18 21:53 - 2009-07-14 06:45 - 00028896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-18 21:53 - 2009-07-14 06:45 - 00028896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-18 21:44 - 2014-01-28 17:12 - 01675837 _____ C:\Windows\WindowsUpdate.log
2015-07-18 21:42 - 2014-02-01 13:59 - 00000000 ____D C:\Users\pc\AppData\Roaming\Skype
2015-07-18 21:41 - 2014-02-02 20:00 - 00000000 ____D C:\Users\pc\AppData\Local\LogMeIn Hamachi
2015-07-18 21:39 - 2014-01-29 11:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-18 21:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 21:37 - 2014-02-26 18:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-18 21:37 - 2014-01-28 17:12 - 00000000 ____D C:\Users\pc
2015-07-18 21:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2015-07-18 21:18 - 2014-08-03 10:53 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-07-18 20:19 - 2015-02-14 19:04 - 00000000 ____D C:\Users\pc\AppData\Roaming\.minecraft
2015-07-18 20:14 - 2015-01-14 20:21 - 00000000 ____D C:\ProgramData\buyandabrOwsea
2015-07-18 20:09 - 2014-06-29 09:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-18 20:09 - 2014-02-13 22:09 - 00000000 ____D C:\Users\pc\AppData\Local\CrashDumps
2015-07-17 15:38 - 2014-01-28 19:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 20:57 - 2014-02-05 21:23 - 00000000 ____D C:\Users\pc\AppData\Roaming\TS3Client
2015-07-16 13:01 - 2014-09-26 15:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-16 13:01 - 2014-03-09 12:40 - 00000000 ____D C:\Users\pc\Documents\My Games
2015-07-16 13:01 - 2014-01-29 11:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-15 22:22 - 2014-01-28 17:12 - 00000000 ____D C:\Users\pc\AppData\Local\VirtualStore
2015-07-15 10:37 - 2014-02-26 18:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 10:37 - 2014-02-01 14:52 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 10:37 - 2014-02-01 14:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 10:22 - 2014-04-20 19:06 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 18:59 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-07-14 18:59 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-07-14 18:59 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 18:41 - 2014-10-18 17:33 - 00000000 ____D C:\Users\pc\Desktop\Mama
2015-07-14 14:19 - 2014-12-25 10:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 11:44 - 2014-02-02 20:00 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-10 11:05 - 2014-10-11 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-10 11:05 - 2014-02-01 13:59 - 00000000 ____D C:\ProgramData\Skype
2015-07-09 11:04 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-08 11:57 - 2014-04-27 12:47 - 00000000 ____D C:\Users\pc\AppData\Local\gtk-2.0
2015-07-08 11:57 - 2014-03-06 22:08 - 00000000 ____D C:\Users\pc\.gimp-2.8
2015-07-08 11:39 - 2014-07-31 16:22 - 00000000 ____D C:\Users\pc\AppData\Roaming\Audacity
2015-07-08 11:08 - 2014-02-04 21:53 - 00004608 _____ C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-06 22:40 - 2015-03-30 21:18 - 00000098 _____ C:\Users\pc\AppData\Roaming\LauncherSettings_live.cfg
2015-07-06 15:37 - 2014-11-02 10:24 - 00000000 ____D C:\Users\pc\Desktop\Geburtstag Infos
2015-07-05 21:31 - 2014-02-03 20:15 - 00000000 ____D C:\Users\pc\Documents\Settlers7
2015-07-05 15:55 - 2014-01-28 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 15:45 - 2014-02-02 16:38 - 00000000 ____D C:\Users\pc\AppData\Local\Ubisoft Game Launcher
2015-07-05 15:20 - 2014-02-02 16:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-28 18:19 - 2015-03-16 19:22 - 00000457 _____ C:\Users\pc\Desktop\Twitch Chat Commands.txt
2015-06-28 18:00 - 2014-07-09 18:59 - 00000000 ____D C:\ProgramData\tmp
2015-06-26 12:53 - 2015-03-10 17:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 20:21 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-20 21:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2014-08-03 10:59 - 2014-08-03 10:59 - 0000072 _____ () C:\Users\pc\AppData\Roaming\Camdata.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamLayout.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamShapes.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0004534 _____ () C:\Users\pc\AppData\Roaming\CamStudio.cfg
2015-03-30 21:18 - 2015-07-06 22:40 - 0000098 _____ () C:\Users\pc\AppData\Roaming\LauncherSettings_live.cfg
2015-03-30 20:45 - 2015-03-30 20:45 - 0000039 _____ () C:\Users\pc\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-08-03 10:53 - 2014-08-03 10:53 - 0000096 _____ () C:\Users\pc\AppData\Roaming\version2.xml
2014-02-05 16:36 - 2015-04-15 16:37 - 0000161 _____ () C:\Users\pc\AppData\Roaming\WB.CFG
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\pc\AppData\Roaming\ZCH
2014-02-04 21:53 - 2015-07-08 11:08 - 0004608 _____ () C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-04 21:35 - 2014-08-18 20:59 - 0000600 _____ () C:\Users\pc\AppData\Local\PUTTY.RND
2015-07-08 11:57 - 2015-07-08 11:57 - 0002113 _____ () C:\Users\pc\AppData\Local\recently-used.xbel
2015-04-15 16:44 - 2015-05-07 18:10 - 0000790 _____ () C:\Users\pc\AppData\Local\Temp-log.txt
2015-06-18 20:38 - 2015-06-18 20:38 - 0000000 _____ () C:\Users\pc\AppData\Local\Temp.dat
2015-01-25 20:15 - 2015-01-25 20:15 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-01-28 17:27 - 2014-01-28 17:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\pc\AppData\Local\Temp\Quarantine.exe
C:\Users\pc\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 09:31
==================== End of log ============================
Zitat:
|
|
19.07.2015, 08:22
| #7 |
| /// Malwareteam | Programm addet Ad ons im Internet. Hi, Schritt # 1: FRST-Fix Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-01]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S2 Cynical Skirt; C:\Program Files (x86)\Cynical Skirt\Cynical Skirt.exe [8016406 2015-07-05] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\Cynical Skirt
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt # 2: ESET ESET Online Scanner
Schritt # 3: Security Check Downloade Dir bitte  SecurityCheck und:
Schritt # 4: FRST bitte ein frisches FRST-Log Schritt # 4: Fragen 1.) Ist Google Chrome absichtlich als Entwicklerversion installiert? 2.) Gibts noch probleme? Schritt # 5: Bitte Posten
|
|
19.07.2015, 19:52
| #8 | |
| | Programm addet Ad ons im Internet. #Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01 Ran by pc at 2015-07-19 18:13:59 Run:1 Running from C:\Users\pc\Desktop\FRST-OlderVersion Loaded Profiles: pc (Available Profiles: pc) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM-x32\...\Run: [] => [X] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-02-01] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] S2 Cynical Skirt; C:\Program Files (x86)\Cynical Skirt\Cynical Skirt.exe [8016406 2015-07-05] () [File not signed] <==== ATTENTION C:\Program Files (x86)\Cynical Skirt S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) C:\Program Files\McAfee Security Scan ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully. C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => moved successfully. "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value removed successfully C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => moved successfully. Cynical Skirt => Service stopped successfully. Cynical Skirt => Service removed successfully C:\Program Files (x86)\Cynical Skirt => moved successfully. McComponentHostService => Service removed successfully C:\Program Files\McAfee Security Scan => moved successfully. ==== End of Fixlog 18:14:00 ==== # ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=ec4a5182930ead408d1a8ac3d45ec22e # end=init # utc_time=2015-07-19 04:16:50 # local_time=2015-07-19 06:16:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 24875 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=ec4a5182930ead408d1a8ac3d45ec22e # end=updated # utc_time=2015-07-19 04:20:41 # local_time=2015-07-19 06:20:41 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=ec4a5182930ead408d1a8ac3d45ec22e # engine=24875 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2015-07-19 06:30:38 # local_time=2015-07-19 08:30:38 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 5779483 60311032 0 0 # scanned=311580 # found=9 # cleaned=9 # scan_time=7796 sh=CE41DE7AF6B018D181F3D19D65C7BDDA8D04BF56 ft=1 fh=f64155148bf9663e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\AudioMixer - CHIP-Installer.exe" sh=95B39279D9A90C98D5CEA1DB21EC40AE0A6D77B9 ft=1 fh=7b35ec119525916f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\Blender 64 Bit - CHIP-Installer.exe" sh=9861CD4D46E1660183597137F19227565295604C ft=1 fh=f38893fc89cf4998 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\Pivot_v4-1.exe" sh=A2F68C9FA68491391EF7D63D4B6058476D2E1C11 ft=1 fh=0d8954d03dd0af2f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\Revo Uninstaller - CHIP-Installer.exe" sh=B715939B9908ADD3CC0FFB6E673D6090E6A5A6F9 ft=1 fh=aec2199bcd94e351 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\TeamViewer - CHIP-Installer.exe" sh=8A6D7722DF47E5F2C6817BCAA29B6005CE973502 ft=1 fh=5381060ad12b7fe4 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\Visual Basic 2010 Express - CHIP-Installer(1).exe" sh=402E78A4A7DDE38FE16F459841282DDF1F8D1F16 ft=1 fh=945afa0107b8fc4f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\Visual Basic 2010 Express - CHIP-Installer.exe" sh=FBE6E8BD6A7F2E9791A34665D72D52CCC33AF774 ft=1 fh=9d5dc54f3216ebd9 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\VisualStudioExpress2013-Windows - CHIP-Installer.exe" sh=CA3DB71EE1B8862DA6D8043A34011B6138827996 ft=1 fh=154e6c73046fdf71 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\pc\Downloads\Word Viewer - CHIP-Installer.exe" # Results of screen317's Security Check version 1.004 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 40 Java version 32-bit out of Date! Adobe Flash Player 18.0.0.209 Adobe Reader XI Mozilla Firefox (39.0) Google Chrome (43.0.2357.132) Google Chrome (43.0.2357.134) Google Chrome (GoogleUpdateHelper.dll..) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` #FRST Additions Logfile: [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by pc at 2015-07-19 20:48:37
Running from C:\Users\pc\Desktop\FRST-OlderVersion
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3485836003-3145142773-2739612057-500 - Administrator - Disabled)
Gast (S-1-5-21-3485836003-3145142773-2739612057-501 - Limited - Disabled)
pc (S-1-5-21-3485836003-3145142773-2739612057-1000 - Administrator - Enabled) => C:\Users\pc
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
Asterix & Obelix (HKLM-x32\...\Asterix & Obelix) (Version: - )
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Blender (HKLM\...\Blender) (Version: 2.74 - Blender Foundation)
Bus-Simulator 2012 (HKLM-x32\...\Bus-Simulator 2012_is1) (Version: - astragon)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CINEMA 4D Demo 16.020 (HKLM\...\MAXON66AAB8D0) (Version: 16.020 - MAXON Computer GmbH) <==== ATTENTION
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Craften Terminal 4.0.2 (HKLM-x32\...\{4e7c3936-7c06-4ef0-928b-c5d92f372578}_is1) (Version: 4.0.2 - Craften.de)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Die Siedler 7 (HKLM-x32\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.0.3 - CEWE Stiftung u Co. KGaA)
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
foobar2000 v1.3.4 (HKLM-x32\...\foobar2000) (Version: 1.3.4 - Peter Pawlowski)
Fritz und Fertig 2 (HKLM-x32\...\{0DA5CAC0-6790-4C8E-B18A-036C68756688}) (Version: 2.00.0000 - Terzio Verlag)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Hanni und Nanni 2 (HKLM-x32\...\{0BA24D68-8C08-11D4-99DD-0050DA44D4BE}) (Version: - )
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.377 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.377 - LogMeIn, Inc.) Hidden
Lucky Luke (HKLM-x32\...\Lucky Luke) (Version: - )
Marvel Heroes 2015 (HKLM-x32\...\Steam App 226320) (Version: - Gazillion Entertainment)
MatchWare Mediator 8.0 Exp (Demo) (HKLM-x32\...\{57AAF9B3-42DA-4DCE-B14A-2465AED597B6}) (Version: 8.0.142 - MatchWare A/S)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools DEU (HKLM-x32\...\{E32260E7-0B10-43C7-9B77-AB9F4184676D}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition - DEU (HKLM-x32\...\Microsoft Visual Basic 2008 Express Edition - DEU) (Version: - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - DEU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (HKLM\...\{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (HKLM\...\{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MorphVOX Junior (HKLM-x32\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.8.1 - Screaming Bee)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Navy Field 2 : Conqueror of the Ocean (HKLM-x32\...\Steam App 338540) (Version: - SDEnterNet)
NBTExplorer (HKLM-x32\...\{06107EDA-5B85-4CEC-AB1E-8350DEC15231}) (Version: 2.7.4.0 - Justin Aquadro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{86401870-7AB7-4A8D-8AD6-12B27DF2E6E3}) (Version: 4.3.20 - Oracle Corporation)
Pivot Animator version 4.1.10 (HKLM-x32\...\Pivot Animator_is1) (Version: 4.1.10 - Motus Software Ltd)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Schatti's AudioMixer (HKLM-x32\...\Schatti's AudioMixer) (Version: - )
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.235 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.235 - Sony)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten (HKLM\...\{8DB5B8FE-3F8A-4D9F-911C-F85473400859}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
theHunter (HKLM-x32\...\Steam App 253710) (Version: - Expansive Worlds)
Unity Web Player (HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 7.1 - Ubisoft)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
War Thunder (HKLM-x32\...\Steam App 236390) (Version: - Gaijin Entertainment)
Windows Phone app for desktop (HKLM-x32\...\{19773614-FC22-4ACC-AAA3-E6BDA81ACF92}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3485836003-3145142773-2739612057-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()
==================== Restore Points =========================
16-07-2015 13:00:06 DirectX wurde installiert
16-07-2015 13:00:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
16-07-2015 13:01:17 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
18-07-2015 20:00:18 Revo Uninstaller's restore point - lowratte
18-07-2015 20:02:55 Revo Uninstaller's restore point - offferSooftt
18-07-2015 20:05:05 Revo Uninstaller's restore point - SystemHero
18-07-2015 20:06:17 Revo Uninstaller's restore point - Update for Zip Opener
18-07-2015 21:45:19 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {026E1865-20A2-4815-AD65-3DEFDBD877F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {163458FA-6B59-4368-BA0F-C8947DDB0598} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {3155607E-DB00-49DA-811E-2947DC6A7C9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {423BF832-84F0-47DE-AA93-DE39CAA9AC19} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {6C84AC71-6BB9-4458-8A14-0F8316B66E8B} - System32\Tasks\{1EB0F568-EA6A-43D7-8AE5-4F2D26EB61DF} => pcalua.exe -a "C:\Users\pc\Desktop\White Label Office 3.3 (de) Installation Files\setup.exe" -d "C:\Users\pc\Desktop\White Label Office 3.3 (de) Installation Files"
Task: {8D54170F-CAE7-4D2D-8232-996BC5341D08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {AF85EA1D-3CDA-4562-94E4-4C9CFCCD3552} - System32\Tasks\{3BC97F96-7259-48E0-B93E-7F77ECBD1159} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {BA951126-B592-40E2-9CEE-FA122BDBA598} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {C4A248D9-EAF0-40D5-A9FD-BA94A262C18A} - System32\Tasks\{D845ACB4-B4CA-434F-A113-918D21069CA2} => pcalua.exe -a C:\Users\pc\Downloads\forge-1.7.2-10.12.0.1024-installer-win.exe -d C:\Users\pc\Downloads
Task: {C6F53C29-F2CA-4783-B66D-E9DA7FFA0A4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {C861A842-4538-4181-B4F3-36E99F1FC620} - System32\Tasks\{1AD41F91-E957-4C21-815C-024613BD02A5} => pcalua.exe -a C:\Users\pc\Downloads\32bit_Win7_Win8_Win81_R274.exe -d C:\Users\pc\Downloads
Task: {E06D30CC-7263-43CD-90B3-1E8D2A49DE2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {EBDA463E-B4D2-4F9B-8642-58790DC3A2D2} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710a-f => C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-29 11:20 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-03-10 17:14 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2015-07-19 20:31 - 2015-07-19 20:31 - 00310272 _____ () C:\Users\pc\AppData\Roaming\.minecraft\versions\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11-natives-11689803853546\lwjgl64.dll
2015-07-19 20:31 - 2015-07-19 20:31 - 00653832 _____ () C:\Users\pc\AppData\Roaming\.minecraft\versions\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11-natives-11689803853546\avutil-ttv-51.dll
2015-07-19 20:31 - 2015-07-19 20:31 - 00361103 _____ () C:\Users\pc\AppData\Roaming\.minecraft\versions\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11-natives-11689803853546\swresample-ttv-0.dll
2015-07-19 20:31 - 2015-07-19 20:31 - 00688161 _____ () C:\Users\pc\AppData\Roaming\.minecraft\versions\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11-natives-11689803853546\libmp3lame-ttv.dll
2015-07-19 20:31 - 2015-07-19 20:31 - 01384960 _____ () C:\Users\pc\AppData\Roaming\.minecraft\versions\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11-natives-11689803853546\twitchsdk.dll
2015-07-19 20:31 - 2015-07-19 20:31 - 00382464 _____ () C:\Users\pc\AppData\Roaming\.minecraft\versions\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11\1.8-OptiFine_HD_U_B6-ShadersMod2.4.11-natives-11689803853546\OpenAL64.dll
2015-07-15 10:37 - 2015-07-15 10:37 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Andy => C:\Program Files\Andy\HandyAndy.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A0A2ABF2-9341-48E2-95EE-2B76EAE16C55}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D1C677CB-97FE-4313-8F6C-E96DA5355402}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{447B6895-DFE6-4A60-BC04-117460C62989}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1806CF24-D925-4DCE-AFAA-CA540161242A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D758E107-63E2-4B7B-86F2-292B39AF1CE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{237BDFC6-EABB-42DE-9CD5-E632DD7BDC46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ED919417-07D5-45DD-B832-F758E2D3B7E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5BDB7458-B7DD-414E-B816-242EBEA04A46}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{D03F671D-B27A-4E37-9ADB-B86C5AE735C4}] => (Allow) C:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe
FirewallRules: [{CE70BBF4-8A2B-4731-8498-555E2840FFB5}] => (Block) %ProgramFiles% (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe
FirewallRules: [TCP Query User{C457388D-30FD-45DD-A135-A4DC5D44FCC1}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [UDP Query User{AD03AE26-97F6-4C01-904A-E7A51F927E7C}C:\program files (x86)\warthunder\aces.exe] => (Allow) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{B5738635-A809-49B6-A331-09C09F5C8A39}] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{DA5B725F-1749-4E8A-BEAA-71A06FA0F7DB}] => (Block) C:\program files (x86)\warthunder\aces.exe
FirewallRules: [{4115C631-5EA2-43BE-8363-DD08ECB08EE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{11840643-D959-44B0-ADCA-BD57AF7C05C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60E25702-3D90-432A-BB22-BBC1BF936F63}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0CF3509D-80FC-457B-AE37-C9205B99FF62}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CE5C606E-728C-4316-9A3A-8C2DC4DA9ECA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A99B7A99-4C77-4DA1-BB33-92D4D47057CA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{5D2D1498-EC76-425D-A06C-5F930A059742}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{18A37133-E8E3-4F61-8A73-12F0C0C02AFA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{65134A1E-17C7-45D8-BB66-868575924127}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A07D476B-14A8-4FA9-9436-63C38BDA7BF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D3D117F3-3BF5-4817-B651-1DAA37669438}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [UDP Query User{BF3865F1-BA5B-4B71-9E58-7DBE135E710B}C:\program files\andy\andy.exe] => (Allow) C:\program files\andy\andy.exe
FirewallRules: [{B8B7C638-B66B-44B5-BA6F-3646FC330BBE}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [{9E5A28A6-3223-4FD5-8B05-306F2B921BA6}] => (Block) C:\program files\andy\andy.exe
FirewallRules: [TCP Query User{4FC934DA-1A3B-4194-A850-A1A5FC4719D3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{76F71782-3AA5-4B72-B9A6-EDE11B51CA1E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9A94C29D-8993-4D58-8E1C-8A9D6903A523}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{FF324E46-CDF8-4F22-9BFE-F6CC1F130201}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{28F8A758-4B89-491F-96EE-EB0B38B14EBD}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{4F92230C-8BED-49A0-A345-FC67C312A3FC}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{65845C5D-E415-4CB1-82FC-DE5A28D3A4B9}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{907C877D-0366-47DB-8DDE-93412C9E0D1A}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{908E040F-00AD-46ED-A903-7BE3113FAA82}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7B2A1647-321B-4C29-BAC4-983F0770A318}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F84A197A-D83E-45D7-BA19-C61653A48E61}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{1C86E424-6BD6-43C8-A287-889F63711180}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{48AE948B-7613-48CD-8145-1F930C6A16E4}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{B6F1AEA6-07DD-4630-AF5D-A9B78B9E9B78}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BE828F24-BFAA-4814-941C-A94B71FF930F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{D8F3E232-7796-4D97-9B04-329D0CE531CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{94E38295-6EF2-4914-95AA-600074D04248}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0782EC16-3DD5-456E-956D-8B7C4BE6A51A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{2933DE7B-20CF-4AB3-91AD-1BB308F62BEC}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{739FA47A-B5C5-4CC3-94E4-11E4BFC1381F}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Block) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{9AE21F61-A3AD-4834-AA82-1125363920AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Navy Field 2 Conqueror of the Ocean\NF2_Launcher.exe
FirewallRules: [{99FCD1C8-BE5C-45A4-A6EF-02EE006D1F7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Navy Field 2 Conqueror of the Ocean\NF2_Launcher.exe
FirewallRules: [TCP Query User{D19BA23E-DCB8-4634-B0FC-AD5B70DD86BE}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [UDP Query User{61C22348-ED5D-4135-A66B-DAB530C6DA3C}C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{699D970E-7EF3-45C3-B8F9-D618080BCF18}] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{A2B7D5D5-ED7C-4062-8AC4-1F22C94E9DCB}] => (Block) C:\program files (x86)\steam\steamapps\common\thehunter\game\thehunter.exe
FirewallRules: [{5DEFBB72-8CD1-4A89-8344-E649B8C7AFC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{0A263BF9-3F7B-4B16-8B5F-FDB4081FF38B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{3ED1FC87-D611-47B9-BE66-CA13C623BA61}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{789880C4-5A61-48CE-8AFF-EA6340304FD4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B30D915D-48D1-4EEF-92E2-FA12CFA52C6E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{65319DD4-5892-4958-9BCA-6CC71FBB2EB6}C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7809C523-5F83-4A8D-8F78-D65902493D96}C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{57BF5B9F-D35A-4D9C-B0AA-8FF7856B6AF2}] => (Block) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{198802A8-C9E8-43A9-9D3A-DF41324B29D5}] => (Block) C:\users\pc\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D323C2C2-E246-4526-BF5B-FD17387864CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE48BDD9-5566-4091-AFDA-8DDD579CD991}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{2A3138BE-ED26-4E2F-9E00-F6F1AF982F63}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{64E80473-F2AD-496F-8834-421208FFA3FD}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{B93E83C7-B486-4943-AE84-DF65DB011611}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{EC4323ED-1D4F-4779-B0B2-96B3993A9074}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
FirewallRules: [{C7C4A745-E676-4D03-AC6B-08C890DDF688}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{728B45B4-CC55-4C8E-8294-AF24BEC7B470}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{7DDA5C42-B381-43AA-8171-63F7BAF5A88A}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{C5AC6890-5A5E-416E-BE4C-C36C867FFABB}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{D1BE6225-2443-4751-853F-CF56ADBB9C2F}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{7F39067A-1ACC-4474-BA6E-DA9B6B2766E8}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{C6DCD9CE-5CFF-44CE-AFA7-D67E55D12ED7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7B82C7D-13B0-40D0-9539-971DCB553CC5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{C162A3A2-6C03-4E2E-8ABD-88682A2FBDE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
FirewallRules: [{5E205EEF-979B-4A3E-97FB-1594855B225C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
FirewallRules: [{DE3A4F09-C01D-4734-9253-C0490D0E73AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\theHunter\launcher\launcher.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/19/2015 08:35:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/19/2015 08:21:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b5041
ID des fehlerhaften Prozesses: 0x157c
Startzeit der fehlerhaften Anwendung: 0xRCT3plus.exe0
Pfad der fehlerhaften Anwendung: RCT3plus.exe1
Pfad des fehlerhaften Moduls: RCT3plus.exe2
Berichtskennung: RCT3plus.exe3
Error: (07/19/2015 06:16:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/19/2015 06:16:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (07/19/2015 06:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 39.0.0.5659, Zeitstempel: 0x55934d06
Name des fehlerhaften Moduls: mozalloc.dll, Version: 39.0.0.5659, Zeitstempel: 0x55933a83
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xc58
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/19/2015 05:18:57 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/18/2015 09:41:18 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/18/2015 09:25:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (07/18/2015 09:24:06 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2015 09:24:06 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (07/19/2015 08:30:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/19/2015 08:30:40 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\pc\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/19/2015 08:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/19/2015 08:30:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\pc\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/19/2015 08:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/19/2015 08:30:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\pc\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/19/2015 08:30:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/19/2015 08:30:39 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\pc\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (07/19/2015 08:30:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (07/19/2015 08:30:38 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\pc\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office:
=========================
Error: (07/19/2015 08:35:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (07/19/2015 08:21:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RCT3plus.exe3.2.8.1300000000RCT3plus.exe3.2.8.1300000000c0000005000b5041157c01d0c2488edb395cC:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\RCT3plus.exeC:\Program Files (x86)\Atari\RollerCoaster Tycoon 3\RCT3plus.exe06f5c8a1-2e43-11e5-8bd3-bcee7be1693e
Error: (07/19/2015 06:16:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\pc\Downloads\esetsmartinstaller_deu.exe
Error: (07/19/2015 06:16:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\pc\Downloads\esetsmartinstaller_deu.exe
Error: (07/19/2015 06:14:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.0.565955934d06mozalloc.dll39.0.0.565955933a838000000300001aa1c5801d0c236b5f66d85C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2b363e8e-2e31-11e5-8bd3-bcee7be1693e
Error: (07/19/2015 05:18:57 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2015 09:41:18 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2015 09:25:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/18/2015 09:24:06 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (07/18/2015 09:24:06 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
CodeIntegrity Errors:
===================================
Date: 2014-09-06 10:16:34.856
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\pc\AppData\Local\Temp\io02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-06 10:16:34.801
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\pc\AppData\Local\Temp\io02.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD FX(tm)-4130 Quad-Core Processor
Percentage of memory in use: 58%
Total physical RAM: 8088.62 MB
Available physical RAM: 3392.7 MB
Total Virtual: 16175.44 MB
Available Virtual: 9552.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:267.42 GB) NTFS
Drive d: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B36402F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- --- Zitat:
Mit freundlichen Grüßen Tim |
|
20.07.2015, 10:23
| #9 | |
| /// Malwareteam | Programm addet Ad ons im Internet. Hi, Bitte noch meine Fragen beantworten Schritt # 1: Chrome Zitat:
Schritt # 2: Java Updaten Bitte dein Java updaten. Schritt # 3: FRST Du hast vorher nur die Additions.txt gepostet. Bitte die FRST.txt auch noch hier rein Schritt # 4: Bitte Posten
|
|
20.07.2015, 15:23
| #10 |
| | Programm addet Ad ons im Internet. Oh hatte ich vergessen zuantworten  Nein ist es nicht, bzw. ich weiß nicht mal was das istxD # FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by pc (administrator) on PCTIM on 19-07-2015 20:47:40
Running from C:\Users\pc\Desktop\FRST-OlderVersion
Loaded Profiles: pc (Available Profiles: pc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\DAODx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe.xBAD
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-07-14] (LogMeIn Inc.)
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-30] (Skype Technologies S.A.)
Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2014-05-02]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland ? mit Hotmail Nachfolger Outlook und Messenger Skype
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-10] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{55CD620D-9468-4F24-822D-C6D23E7C87F2}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default
FF Homepage: https://www.google.de/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-03-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-12-19] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3485836003-3145142773-2739612057-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\pc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\google-images.xml [2014-10-09]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\searchplugins\google-maps.xml [2014-10-09]
FF Extension: BetterTTV - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\Extensions\firefox@betterttv.net.xpi [2015-07-17]
FF HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\fygbjpkb.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-07-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-13]
CHR Extension: (Google Wallet) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-13]
CHR HKU\S-1-5-21-3485836003-3145142773-2739612057-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\pc\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-02] (Adobe Systems) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [237864 2015-03-23] (EasyAntiCheat Ltd)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-07-14] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-19 18:21 - 2015-07-19 18:21 - 00852662 _____ C:\Users\pc\Downloads\SecurityCheck.exe
2015-07-19 18:15 - 2015-07-19 18:15 - 02870984 _____ (ESET) C:\Users\pc\Downloads\esetsmartinstaller_deu.exe
2015-07-19 18:15 - 2015-07-19 18:15 - 00000726 _____ C:\Users\pc\Desktop\Fixlog.lnk
2015-07-18 21:56 - 2015-07-18 21:56 - 00045118 _____ C:\Users\pc\Downloads\Addition.txt
2015-07-18 21:55 - 2015-07-19 20:47 - 00000000 ____D C:\Users\pc\Desktop\FRST-OlderVersion
2015-07-18 21:43 - 2015-07-18 21:43 - 01798288 _____ (Malwarebytes Corporation) C:\Users\pc\Downloads\JRT.exe
2015-07-18 21:33 - 2015-07-18 21:40 - 00000000 ____D C:\AdwCleaner
2015-07-18 21:31 - 2015-07-18 21:31 - 02248704 _____ C:\Users\pc\Downloads\AdwCleaner_4.208.exe
2015-07-18 21:23 - 2015-07-19 17:22 - 00000560 _____ C:\Windows\setupact.log
2015-07-18 21:23 - 2015-07-18 21:39 - 00098800 _____ C:\Windows\PFRO.log
2015-07-18 21:23 - 2015-07-18 21:23 - 00000000 _____ C:\Windows\setuperr.log
2015-07-18 20:09 - 2015-07-18 20:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-18 20:08 - 2015-07-18 20:08 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\pc\Downloads\mbam-setup-2.1.6.1022.exe
2015-07-17 12:42 - 2015-07-19 20:47 - 00000000 ____D C:\FRST
2015-07-17 12:42 - 2015-07-18 21:55 - 02134528 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2015-07-16 20:57 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\Palette for Chrome
2015-07-16 13:01 - 2015-07-16 13:01 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-07-16 12:36 - 2015-07-16 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-07-16 12:36 - 2015-07-16 12:36 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-07-15 14:27 - 2015-07-15 14:27 - 00003250 _____ C:\Windows\System32\Tasks\{3BC97F96-7259-48E0-B93E-7F77ECBD1159}
2015-07-15 10:22 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\FREE MP3 Search
2015-07-13 22:14 - 2015-07-13 22:14 - 00931408 _____ (Google Inc.) C:\Users\pc\Downloads\ChromeSetup.exe
2015-07-08 11:57 - 2015-07-08 11:57 - 00002113 _____ C:\Users\pc\AppData\Local\recently-used.xbel
2015-07-08 11:50 - 2015-07-08 12:22 - 00000000 ____D C:\Users\pc\Desktop\Unbenannt
2015-07-08 11:42 - 2015-07-08 11:47 - 00000000 ____D C:\Users\pc\Desktop\Bewerbung für die Pixelcrew von GommeHD
2015-07-05 23:10 - 2015-07-05 23:11 - 62188293 _____ C:\Users\pc\Downloads\LionFoxGamings Awesome World Download.rar
2015-07-05 20:17 - 2015-07-05 20:19 - 00000023 _____ C:\Users\pc\Desktop\PRemium Rewi 50%.txt
2015-07-05 15:20 - 2015-07-05 15:20 - 00001205 _____ C:\Users\pc\Desktop\Uplay.lnk
2015-07-05 15:20 - 2015-07-05 15:20 - 00000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-07-05 15:19 - 2015-07-05 15:19 - 61778376 _____ (Ubisoft) C:\Users\pc\Downloads\UplayInstaller.exe
2015-07-05 14:49 - 2015-07-18 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 13:54 - 2015-07-05 13:54 - 00001268 _____ C:\Users\pc\Desktop\Revo Uninstaller.lnk
2015-07-05 13:54 - 2015-07-05 13:54 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-05 09:25 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\UserAgent Switcher
2015-06-26 21:01 - 2015-07-18 21:18 - 00000000 ____D C:\Program Files (x86)\Checker Plus for Calendar
2015-06-22 20:16 - 2015-06-28 18:00 - 00091110 _____ C:\Users\pc\Desktop\2015.mcf
2015-06-22 20:16 - 2015-06-28 17:59 - 00091110 _____ C:\Users\pc\Desktop\2015.mcf~
2015-06-22 20:16 - 2015-06-28 17:58 - 00000000 ____D C:\Users\pc\Desktop\2015_mcf-Dateien
2015-06-20 18:39 - 2015-06-22 19:35 - 00179368 _____ C:\Users\pc\Desktop\Holland 2015.mcf
2015-06-20 18:39 - 2015-06-22 19:33 - 00179368 _____ C:\Users\pc\Desktop\Holland 2015.mcf~
2015-06-20 18:39 - 2015-06-21 12:58 - 00000000 ____D C:\Users\pc\Desktop\Holland 2015_mcf-Dateien
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-19 20:37 - 2014-02-26 18:00 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-19 20:32 - 2015-02-14 19:04 - 00000000 ____D C:\Users\pc\AppData\Roaming\.minecraft
2015-07-19 20:25 - 2014-02-13 22:09 - 00000000 ____D C:\Users\pc\AppData\Local\CrashDumps
2015-07-19 20:18 - 2014-02-01 13:59 - 00000000 ____D C:\Users\pc\AppData\Roaming\Skype
2015-07-19 20:09 - 2014-01-28 17:12 - 01724601 _____ C:\Windows\WindowsUpdate.log
2015-07-19 19:12 - 2015-03-06 22:29 - 00000000 ____D C:\Users\pc\AppData\Roaming\.technic
2015-07-19 19:12 - 2015-03-05 21:59 - 04731400 _____ () C:\Users\pc\Desktop\TechnicLauncher.exe
2015-07-19 18:48 - 2014-02-05 21:23 - 00000000 ____D C:\Users\pc\AppData\Roaming\TS3Client
2015-07-19 17:32 - 2009-07-14 06:45 - 00028896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-19 17:32 - 2009-07-14 06:45 - 00028896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-19 17:18 - 2014-02-02 20:00 - 00000000 ____D C:\Users\pc\AppData\Local\LogMeIn Hamachi
2015-07-19 17:17 - 2014-01-29 11:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-19 17:17 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-18 21:37 - 2014-01-28 17:12 - 00000000 ____D C:\Users\pc
2015-07-18 21:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system
2015-07-18 21:18 - 2015-06-18 20:22 - 00000000 ____D C:\Program Files (x86)\Cookie Inspector
2015-07-18 21:18 - 2014-08-03 10:53 - 00000000 ____D C:\Program Files\CamStudio 2.7
2015-07-18 20:14 - 2015-01-14 20:21 - 00000000 ____D C:\ProgramData\buyandabrOwsea
2015-07-18 20:09 - 2014-06-29 09:03 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-17 15:38 - 2014-01-28 19:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 13:01 - 2014-09-26 15:20 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-16 13:01 - 2014-03-09 12:40 - 00000000 ____D C:\Users\pc\Documents\My Games
2015-07-16 13:01 - 2014-01-29 11:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-15 22:22 - 2014-01-28 17:12 - 00000000 ____D C:\Users\pc\AppData\Local\VirtualStore
2015-07-15 10:37 - 2014-02-26 18:00 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 10:37 - 2014-02-01 14:52 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 10:37 - 2014-02-01 14:52 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 10:22 - 2014-04-20 19:06 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 18:59 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2015-07-14 18:59 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2015-07-14 18:59 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 18:41 - 2014-10-18 17:33 - 00000000 ____D C:\Users\pc\Desktop\Mama
2015-07-14 14:19 - 2014-12-25 10:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 11:44 - 2014-02-02 20:00 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-07-10 11:05 - 2014-10-11 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-10 11:05 - 2014-02-01 13:59 - 00000000 ____D C:\ProgramData\Skype
2015-07-09 11:04 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-07-08 11:57 - 2014-04-27 12:47 - 00000000 ____D C:\Users\pc\AppData\Local\gtk-2.0
2015-07-08 11:57 - 2014-03-06 22:08 - 00000000 ____D C:\Users\pc\.gimp-2.8
2015-07-08 11:39 - 2014-07-31 16:22 - 00000000 ____D C:\Users\pc\AppData\Roaming\Audacity
2015-07-08 11:08 - 2014-02-04 21:53 - 00004608 _____ C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-07-06 22:40 - 2015-03-30 21:18 - 00000098 _____ C:\Users\pc\AppData\Roaming\LauncherSettings_live.cfg
2015-07-06 15:37 - 2014-11-02 10:24 - 00000000 ____D C:\Users\pc\Desktop\Geburtstag Infos
2015-07-05 21:31 - 2014-02-03 20:15 - 00000000 ____D C:\Users\pc\Documents\Settlers7
2015-07-05 15:55 - 2014-01-28 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 15:45 - 2014-02-02 16:38 - 00000000 ____D C:\Users\pc\AppData\Local\Ubisoft Game Launcher
2015-07-05 15:20 - 2014-02-02 16:38 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-07-05 12:08 - 2010-11-21 05:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-28 18:19 - 2015-03-16 19:22 - 00000457 _____ C:\Users\pc\Desktop\Twitch Chat Commands.txt
2015-06-28 18:00 - 2014-07-09 18:59 - 00000000 ____D C:\ProgramData\tmp
2015-06-26 12:53 - 2015-03-10 17:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 20:21 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-20 21:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2014-08-03 10:59 - 2014-08-03 10:59 - 0000072 _____ () C:\Users\pc\AppData\Roaming\Camdata.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamLayout.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0000408 _____ () C:\Users\pc\AppData\Roaming\CamShapes.ini
2014-08-03 10:59 - 2014-08-03 10:59 - 0004534 _____ () C:\Users\pc\AppData\Roaming\CamStudio.cfg
2015-03-30 21:18 - 2015-07-06 22:40 - 0000098 _____ () C:\Users\pc\AppData\Roaming\LauncherSettings_live.cfg
2015-03-30 20:45 - 2015-03-30 20:45 - 0000039 _____ () C:\Users\pc\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-08-03 10:53 - 2014-08-03 10:53 - 0000096 _____ () C:\Users\pc\AppData\Roaming\version2.xml
2014-02-05 16:36 - 2015-04-15 16:37 - 0000161 _____ () C:\Users\pc\AppData\Roaming\WB.CFG
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\pc\AppData\Roaming\ZCH
2014-02-04 21:53 - 2015-07-08 11:08 - 0004608 _____ () C:\Users\pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-04 21:35 - 2014-08-18 20:59 - 0000600 _____ () C:\Users\pc\AppData\Local\PUTTY.RND
2015-07-08 11:57 - 2015-07-08 11:57 - 0002113 _____ () C:\Users\pc\AppData\Local\recently-used.xbel
2015-04-15 16:44 - 2015-05-07 18:10 - 0000790 _____ () C:\Users\pc\AppData\Local\Temp-log.txt
2015-06-18 20:38 - 2015-06-18 20:38 - 0000000 _____ () C:\Users\pc\AppData\Local\Temp.dat
2015-01-25 20:15 - 2015-01-25 20:15 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2014-01-28 17:27 - 2014-01-28 17:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\pc\AppData\Local\Temp\Quarantine.exe
C:\Users\pc\AppData\Local\Temp\SIntf16.dll
C:\Users\pc\AppData\Local\Temp\SIntf32.dll
C:\Users\pc\AppData\Local\Temp\SIntfNT.dll
C:\Users\pc\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-13 09:31
==================== End of log ============================
|
|
20.07.2015, 18:30
| #11 |
| /// Malwareteam | Programm addet Ad ons im Internet. Hi, Bitte jetzt nur die 2 Fragen beantworten. 1.) Gibt es noch Probleme auf deinem PC? 2.) Ist das Add-on BetterTTV absichtlich in deinem FireFox installiert? |
|
21.07.2015, 11:32
| #12 |
| | Programm addet Ad ons im Internet. Nein sonst nicht danke Und ja ist es Danke für deine Hilfe Echt gutes Forum! Mit freundlichen Grüßen Tim |
|
21.07.2015, 13:17
| #13 |
| /// Malwareteam | Programm addet Ad ons im Internet. Dann wären wir hier durch. Schritt # 1: Entfernen unserer Tools Die Reihenfolge ist hier entscheidend.
Abschließend noch ein paar Tipps von mir: Schritt # 2: Empfohlene Software Habe immer ein aktuelles Antivirenprogramm deiner Wahl installiert und aktiviere die automatischen Updates (standardmäßig eingeschaltet). Verwende nach Möglichkeit nicht den Internet Explorer, da dieser viele Sicherheitslücken enthält. Achte aber darauf, dass er immer up to date bleibt, weil viele Programme diesen zum Anzeigen von Websites benutzen. Alternativ kannst du verwenden:Dazu sind folgende Add-ons empfehlenswert:  Adblock Plus --> Blockiert Werbung. Werbung kann sehr nervig sein, aber auch auf schädliche Links verweisen. Web Of Trust --> Zeigt Userbewertungen zu besuchten Internetseiten an.Du kannst auch  Malwarebytes Anti-Exploit verwenden, um aktuelle Sicherheitslücken zu stopfen.Halte immer deine Plug-ins und Software aktuell, vor allem:
PluginCheck Filehippo App Manager Schritt # 3: Tipps um eine Neuinfektion zu vermeiden Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal wie FilePony.de. Von Downloadern wie die von Chip und Softonic raten wir ab: CHIP-Installer - was ist das? - Anleitungen Auch versuchen sich immer mehr Programme durch Installationsroutinen auf den PC "durchzumogeln". Das klappt ganz gut, weil viele Anwender sich diese nicht genau durchlesen und schnell durchklicken. Manchmal steht auch in den Lizenzvereinbarungen, dass ein Programm, was eigentlich als Freeware angepriesen wird, nur genutzt werden kann, wenn man sich bestimmte Toolbars oder andere Programme mitinstallieren lässt. Da hilft es nur aufmerksam zu sein. Ein Tool, welches dich dabei gut unterstützen kann, ist:  Unchecky. Dieses überwacht im Hintergrund Installationsprozesse und hakt automatisch nervige Adwarekomponenten wie Toolbars ab. Falls man etwas übersieht, warnt noch ein Pop-up, bevor man fortfahren kann.Wir raten von jeglichen Optimizern, Cleanern, SpeadUps und Ähnlichem ab, da diese Softwareprodukte meist keinen Performancegewinn bringen. Du kannst jedoch regelmäßig deinen PC mit der windowsinternen Datenträgerbereinigung behandeln. Überprüfe regelmäßig (mind. 1x pro Monat) deinen PC mit Malwarebytes Anti-Malware und  ESET.Falls du dir unsicher bist, ob ein Download wirklich sauber ist, kannst du immer https://www.virustotal.com/ zurate ziehen. Schritt # 4: Unterstütze uns! Wenn du uns mit einer kleinen Spende unterstützen möchtest, so kannst du dies hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html  Es reicht aber auch schon ein simples  hier, wenn du mit uns zufrieden warst.  unsere Facebook-Seite!Bitte gib mir bescheid, wenn du das alles gelesen hast und alles klar ist, damit ich dieses Thema aus meinen Abos löschen kann. |
|
dann auf 
und dann auf 
. 
Mozilla Firefox
Google Chrome
Flash Player
Java
PDF Reader
Linear-Darstellung
