| Walterwa | 04.02.2015 21:32 |
Hallo,
MBAM: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 04.02.2015
Suchlauf-Zeit: 20:55:43
Logdatei: mbam1.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2014.11.20.06
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jürgen
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 331480
Verstrichene Zeit: 7 Min, 30 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 3
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.DLL, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.DLL, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.DLL, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26],
Registrierungsschlüssel: 55
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{4cc67542-bea2-437a-a5b5-250b35d73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4CC67542-BEA2-437A-A5B5-250B35D73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4CC67542-BEA2-437A-A5B5-250B35D73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{4CC67542-BEA2-437A-A5B5-250B35D73051}, In Quarantäne, [50b6a5994c300531d015447b639ed729],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{4CC67542-BEA2-437A-A5B5-250B35D73051}\INPROCSERVER32, In Quarantäne, [50b6a5994c300531d015447b639ed729],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{d7e27882-1545-44e4-ba10-18a5ca11d053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D7E27882-1545-44E4-BA10-18A5CA11D053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\ApptoU.ApptoU, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\ApptoU.ApptoU.9, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ApptoU.ApptoU, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ApptoU.ApptoU.9, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D7E27882-1545-44E4-BA10-18A5CA11D053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E27882-1545-44E4-BA10-18A5CA11D053}, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{D7E27882-1545-44E4-BA10-18A5CA11D053}\INPROCSERVER32, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{e5d45e03-27b5-4ed3-b51a-127efd16e258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}, In Quarantäne, [986e95a9f98352e4618466590ff2b34d],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{E5D45E03-27B5-4ED3-B51A-127EFD16E258}\INPROCSERVER32, In Quarantäne, [986e95a9f98352e4618466590ff2b34d],
PUP.Optional.SupraSavings, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}, In Quarantäne, [679f7dc10a72fc3a47f2af9d10f30df3],
PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4d49a557}, In Quarantäne, [e6202a14097342f48f5fc58c798a758b],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [d72f8ab44b3166d06eb0d95fc142a15f],
PUP.Optional.ReMarkit.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [df2780beb0cca39384de112f45be12ee],
PUP.Optional.ReMarkit.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_markit, In Quarantäne, [45c1d26c136943f3550d9aa64db625db],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [d1353707bdbfc175d1313c3a2ad9ac54],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [7f8728163349be7821164646e420b947],
PUP.Optional.ExtraShopper.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7BCAC0EB-3993-2416-0531-848C39DF8B65}, In Quarantäne, [42c4c47a2f4de5519554062482818779],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E370F69F-ED3F-925F-31FC-14D1329A713B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\CLSID\{b5020b2d-494a-4c9f-bc0a-b1b8a778359b}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, HKLM\SOFTWARE\CLASSES\CLSID\{B5020B2D-494A-4C9F-BC0A-B1B8A778359B}\INPROCSERVER32, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{da90a060-22d7-473d-a0e1-e056a0709e94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\SoftCoup.SoftCoup, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\SoftCoup.SoftCoup.9, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftCoup.SoftCoup, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SoftCoup.SoftCoup.9, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\CLSID\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\CLASSES\CLSID\{DA90A060-22D7-473D-A0E1-E056A0709E94}\INPROCSERVER32, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DA90A060-22D7-473D-A0E1-E056A0709E94}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1791603094-1891881837-2934167099-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, In Quarantäne, [7f8728163349be7821164646e420b947]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 5
PUP.Optional.OpenCandy, C:\Users\Jürgen\AppData\Roaming\OPENCANDY, In Quarantäne, [66a087b75725330361435fa958ab2ed2],
PUP.Optional.OpenCandy, C:\Users\Jürgen\AppData\Roaming\OPENCANDY\A4D2466B51C54A5EBDC29F354E566EB9, In Quarantäne, [66a087b75725330361435fa958ab2ed2],
PUP.Optional.ExtraShopper.A, C:\ProgramData\EXTRASHOPPER, In Quarantäne, [42c4c47a2f4de5519554062482818779],
PUP.Optional.TicTaCoupon.A, C:\ProgramData\TICTACOUPON, Löschen bei Neustart, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26],
Dateien: 18
PUP.Optional.MultiPlug, C:\ProgramData\ExtraShopper\EQVJM1QU0KZZ2G.X64.DLL, In Quarantäne, [50b6a5994c300531d015447b639ed729],
PUP.Optional.MultiPlug, C:\ProgramData\ApptoU\TKVWBLYVSPIY67.X64.DLL, In Quarantäne, [60a6c47ac8b4082e588de6d988790ef2],
PUP.Optional.MultiPlug, C:\ProgramData\dealpeak\ON0BQJBELZWVKV.X64.DLL, In Quarantäne, [986e95a9f98352e4618466590ff2b34d],
PUP.Optional.Bunndle, C:\Program Files\CamStudio 2.7\BunndleOfferManager.exe, In Quarantäne, [a561e15de09c211549f283da887835cb],
PUP.Optional.OpenCandy, C:\Users\Jürgen\Downloads\FreemakeVideoConverterSetup.exe, In Quarantäne, [15f105390e6e112518c96fb8ba477b85],
PUP.Optional.OpenCandy, C:\Users\Jürgen\AppData\Roaming\OpenCandy\A4D2466B51C54A5EBDC29F354E566EB9\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe, In Quarantäne, [66a087b75725330361435fa958ab2ed2],
PUP.Optional.ExtraShopper.A, C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.dat, In Quarantäne, [42c4c47a2f4de5519554062482818779],
PUP.Optional.ExtraShopper.A, C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.exe, In Quarantäne, [42c4c47a2f4de5519554062482818779],
PUP.Optional.ExtraShopper.A, C:\ProgramData\ExtraShopper\EQvjM1QU0kzZ2g.tlb, In Quarantäne, [42c4c47a2f4de5519554062482818779],
PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.dat, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.exe, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.tlb, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.TicTaCoupon.A, C:\ProgramData\TicTaCoupon\wsyLT7jBeRhNIn.x64.dll, In Quarantäne, [cc3a9ea07c000d2980f11b1b9f641be5],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dat, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.dll, Löschen bei Neustart, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XKLKDHJFIZY8XT.X64.DLL, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.exe, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
PUP.Optional.SoftCoup.A, C:\ProgramData\SofTCOup\XkLKDhJFiZy8xT.tlb, In Quarantäne, [92745ae4324a082e1ed52313bc47da26],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
ADW: Code:
# AdwCleaner v4.109 - Bericht erstellt am 04/02/2015 um 21:18:14
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Jürgen - JUES-LINKER-PC
# Gestartet von : C:\Users\Jürgen\Downloads\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ApptoU
Ordner Gelöscht : C:\ProgramData\dealpeak
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\ShoppingDealFactory
Ordner Gelöscht : C:\ProgramData\BetteerPPriCeChEco
Ordner Gelöscht : C:\ProgramData\CCouPScaananer
Ordner Gelöscht : C:\ProgramData\CouponFactory
Ordner Gelöscht : C:\ProgramData\FlashCouponu
Ordner Gelöscht : C:\ProgramData\SMartCOmpArre
Ordner Gelöscht : C:\ProgramData\toopbbuyer
Ordner Gelöscht : C:\ProgramData\UltraCoupon
Ordner Gelöscht : C:\ProgramData\16724744141051052375
Ordner Gelöscht : C:\ProgramData\e81a3a2f4ea4c157
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\KiingCoUpeoonn
Ordner Gelöscht : C:\Program Files (x86)\RRoyaliCCoauppon
Ordner Gelöscht : C:\Users\Jürgen\AppData\Local\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\ascsurfingprotection@iobit.com
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\LRp@nFpmQ.org
Ordner Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Extensions\deghekbbihbapplmbffglehkdhkeibbm
Datei Gelöscht : C:\Windows\System32\drivers\SAWFP64.sys
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\user.js
Datei Gelöscht : C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_api.ciuvo.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.betterdeals00.betterdeals.co_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage
Datei Gelöscht : C:\Users\Jürgen\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.select-n-go00.select-n-go.com_0.localstorage-journal
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartCompare.SmartCompare
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartCompare.SmartCompare.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P3e1a9f93_d41b_4561_8949_30ade70e70bb_.P3e1a9f93_d41b_4561_8949_30ade70e70bb_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P3e1a9f93_d41b_4561_8949_30ade70e70bb_.P3e1a9f93_d41b_4561_8949_30ade70e70bb_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P7ed4bc59_05d0_47bc_9339_047a64f91823_.P7ed4bc59_05d0_47bc_9339_047a64f91823_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P7ed4bc59_05d0_47bc_9339_047a64f91823_.P7ed4bc59_05d0_47bc_9339_047a64f91823_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfcf9b259_6a6a_464d_9a2d_569451a77b07_.Pfcf9b259_6a6a_464d_9a2d_569451a77b07_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Pfcf9b259_6a6a_464d_9a2d_569451a77b07_.Pfcf9b259_6a6a_464d_9a2d_569451a77b07_.9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ba224c4-2a46-402d-aeba-748f8e824494}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1a9f93-d41b-4561-8949-30ade70e70bb}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ed4bc59-05d0-47bc-9339-047a64f91823}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb88c086-d521-4ab7-b384-2b98b81c975b}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3c1f8ff-652e-4eb4-89a0-4e63cf982439}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcf9b259-6a6a-464d-9a2d-569451a77b07}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80E8B0A0-117D-1402-7CDE-688156237115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3119AFD3-545C-0955-573A-494F62E61990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE139F4C-CE5B-121A-8A2D-191FA2226094}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{40DC4B27-4588-C56F-7737-D03A0ACE4383}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E5FE462-1A84-47B4-3411-C72434AAD86C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5C28578D-D0F1-699F-01B0-CC0653A28C11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A9F7A981-09A3-C1F7-2D46-1BA20CFDF02F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\BD04C21DD7DC68D42958E5F22E63394E
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BD04C21DD7DC68D42958E5F22E63394E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8B501B6E56F182443979D1DFA8309BD4
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
[xozha3xy.default\prefs.js] - Zeile gelöscht : user_pref("extensions.aUXzT8ZPvS960ADy.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
-\\ Google Chrome v
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [19191 octets] - [04/02/2015 21:16:14]
AdwCleaner[S0].txt - [18329 octets] - [04/02/2015 21:18:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18390 octets] ##########
JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Jrgen on 04.02.2015 at 21:23:13,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2015 at 21:24:26,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und das frische FRST:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015
Ran by Jürgen (administrator) on JUES-LINKER-PC on 04-02-2015 21:26:10
Running from C:\Users\Jürgen\Downloads
Loaded Profiles: Jürgen (Available profiles: Jürgen)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sirrix AG) C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(deltra Business Software GmbH & Co. KG) C:\orgaMAX\orgamaxmobil_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sysinternals - www.sysinternals.com) C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe
(Comfort Software Group) C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) F:\Programme\Office15\ONENOTEM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) F:\Programme\Office15\MSOSYNC.EXE
() C:\Program Files (x86)\IObit\Advanced SystemCare 7\RealTimeProtector.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2014-03-08] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-08-27] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-02-10] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Sysinternals Desktops] => C:\Users\Jürgen\Downloads\Desktops2\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [FreeCT] => C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe [2432280 2014-02-25] (Comfort Software Group)
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Amazon Music] => C:\Users\Jürgen\AppData\Local\Amazon Music\Amazon Music Helper.exe [3356480 2014-07-22] ()
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
IFEO\asctray.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\isuspm.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\paprport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\pppagevw.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\ppscandr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\scannerwizardu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> F:\Programme\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jürgen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> DefaultScope {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {458A82B9-CC63-4CFB-B419-E882E45AAE5F} URL = https://de.search.yahoo.com/search?fr=mcafee&type=B011DE662D20140130&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1791603094-1891881837-2934167099-1002 -> {7139F5BB-2061-40E5-AF0D-6FADC7BA4AFE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> F:\Programme\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> F:\Programme\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programme\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\mcsniepl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\forestle-de.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\searchplugins\webde-suche.xml
FF Extension: Cliqz Beta - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cliqz@cliqz.com [2014-11-05]
FF Extension: Clean the junk - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\cleanjunk@netmaster.com.ua.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-31]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-31]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-1791603094-1891881837-2934167099-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cliqz@cliqz.com
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\cleanjunk@netmaster.com.ua.xpi [Not Found]
FF Extension: No Name - C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\xozha3xy.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
FF Extension: No Name - c:\program files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SiteAdvisor) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-09-21]
CHR Extension: (Save to Google Drive) - C:\Users\Jürgen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-11-05]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-30]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S4 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
R2 BitBoxService; C:\Program Files (x86)\Sirrix AG\BitBox\bin\BitBoxService.exe [738304 2014-12-19] (Sirrix AG) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-12-17] (Creative Labs) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 orgaMAXMobileService; C:\orgaMAX\orgamaxmobil_service.exe [4125864 2012-03-27] (deltra Business Software GmbH & Co. KG) [File not signed]
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-02-10] (Nuance Communications, Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 4d49a557; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\funtoshop\discountcoupons.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-05-09] (AVG Technologies)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-01] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2014-09-17] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2014-03-08] (Intel Corporation)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 21:26 - 2015-02-04 21:26 - 00027108 _____ () C:\Users\Jürgen\Downloads\FRST.txt
2015-02-04 21:24 - 2015-02-04 21:24 - 00000615 _____ () C:\Users\Jürgen\Desktop\JRT.txt
2015-02-04 21:22 - 2015-02-04 21:22 - 01388274 _____ (Thisisu) C:\Users\Jürgen\Downloads\JRT.exe
2015-02-04 21:20 - 2015-02-04 21:20 - 00018655 _____ () C:\Users\Jürgen\Desktop\AdwCleaner[S0].txt
2015-02-04 21:15 - 2015-02-04 21:18 - 00000000 ____D () C:\AdwCleaner
2015-02-04 21:12 - 2015-02-04 21:13 - 02194432 _____ () C:\Users\Jürgen\Downloads\AdwCleaner_4.109.exe
2015-02-04 21:12 - 2015-02-04 21:12 - 00014307 _____ () C:\Users\Jürgen\Desktop\mbam1.txt
2015-02-04 20:54 - 2015-02-04 20:54 - 00001082 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-04 20:54 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-04 20:54 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-04 20:52 - 2015-02-04 20:53 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jürgen\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-04 20:06 - 2015-02-04 20:06 - 00012237 _____ () C:\Users\Jürgen\Downloads\Gmer.txt
2015-02-04 19:13 - 2015-02-04 19:13 - 00296656 _____ () C:\Windows\Minidump\020415-6046-01.dmp
2015-02-04 19:13 - 2015-02-04 19:13 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 18:58 - 2015-02-04 18:58 - 00380416 _____ () C:\Users\Jürgen\Downloads\mm3j1gcq.exe
2015-02-04 18:55 - 2015-02-04 18:55 - 00041332 _____ () C:\Users\Jürgen\Downloads\Addition.txt
2015-02-04 18:54 - 2015-02-04 21:26 - 00000000 ____D () C:\FRST
2015-02-04 18:53 - 2015-02-04 18:53 - 02131968 _____ (Farbar) C:\Users\Jürgen\Downloads\FRST64.exe
2015-02-04 18:51 - 2015-02-04 18:51 - 00000474 _____ () C:\Users\Jürgen\Downloads\defogger_disable.log
2015-02-04 18:51 - 2015-02-04 18:51 - 00000000 _____ () C:\Users\Jürgen\defogger_reenable
2015-02-04 18:50 - 2015-02-04 18:50 - 00050477 _____ () C:\Users\Jürgen\Downloads\Defogger.exe
2015-02-04 18:32 - 2015-02-04 18:32 - 00001247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00001235 _____ () C:\Users\Public\Desktop\Browser in the Box.lnk
2015-02-04 18:32 - 2015-02-04 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser in the Box
2015-02-04 18:32 - 2014-12-12 16:02 - 00915864 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-02-04 18:32 - 2014-12-12 16:01 - 00127408 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-02-04 17:57 - 2015-02-04 18:26 - 528783976 _____ (Sirrix AG) C:\Users\Jürgen\Downloads\Browser_In_The_Box.4.0.0-r30.firefox.Archive.exe
2015-02-02 20:51 - 2015-02-02 20:51 - 00000000 ____D () C:\Program Files (x86)\Search Slate
2015-02-02 19:33 - 2014-10-01 12:18 - 00189920 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2015-02-02 19:28 - 2015-02-02 19:28 - 00001864 _____ () C:\Users\Public\Desktop\McAfee LiveSafe – Internet Security.lnk
2015-02-02 19:28 - 2015-02-02 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-02-02 19:11 - 2015-02-02 19:11 - 00000000 ____D () C:\Users\Jürgen\Downloads\BitBoxScreenshots
2015-02-02 17:46 - 2015-01-24 21:20 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-02 17:46 - 2015-01-24 21:20 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 17:13 - 2015-02-02 17:47 - 1028629988 _____ () C:\Users\Jürgen\Downloads\Strafsache_4_Ks_2_63_Der_Prozess_Auschwitz_vor_dem_Frankfurter_Schwurgeri_2015-02-02_0230_465367.mp4
2015-01-29 09:59 - 2015-01-29 09:59 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator (2).lnk
2015-01-29 09:34 - 2015-01-29 09:34 - 00001542 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Calculator.lnk
2015-01-28 19:11 - 2015-01-28 19:11 - 00000000 ____D () C:\Users\Jürgen\Documents\Fax
2015-01-14 04:31 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 04:31 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 04:31 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 04:31 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 04:31 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 04:31 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 04:31 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 04:31 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 04:31 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 04:31 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-14 04:31 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-14 04:31 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 04:31 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 04:31 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 04:31 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 04:31 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 04:31 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-04 21:25 - 2013-12-14 21:12 - 00764340 _____ () C:\Windows\system32\perfh007.dat
2015-02-04 21:25 - 2013-12-14 21:12 - 00159160 _____ () C:\Windows\system32\perfc007.dat
2015-02-04 21:25 - 2013-10-31 04:21 - 01776918 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-04 21:20 - 2014-12-10 17:42 - 00005058 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jues-linker-PC-Jürgen Jues-linker-PC
2015-02-04 21:20 - 2013-12-17 09:34 - 01069344 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 21:19 - 2014-12-02 16:09 - 00010028 _____ () C:\Windows\setupact.log
2015-02-04 21:19 - 2014-11-09 15:58 - 00273942 _____ () C:\Windows\PFRO.log
2015-02-04 21:19 - 2014-10-09 19:37 - 00000000 ____D () C:\ProgramData\firebird
2015-02-04 21:19 - 2013-12-17 09:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-04 21:19 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 21:14 - 2014-01-30 19:14 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1791603094-1891881837-2934167099-1002
2015-02-04 21:10 - 2014-05-10 10:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 21:08 - 2014-02-22 14:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 21:07 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen
2015-02-04 21:06 - 2014-02-15 14:58 - 00000000 ____D () C:\Users\Jürgen\Documents\Outlook-Dateien
2015-02-04 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-04 20:56 - 2014-01-30 20:15 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{38F4835D-E6D6-4DEB-A393-1A67AC725234}
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-04 20:54 - 2014-05-10 10:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-04 20:50 - 2014-02-22 14:52 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:39 - 2014-02-15 14:15 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Deployment
2015-02-04 19:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-04 19:13 - 2014-03-02 14:27 - 679231059 _____ () C:\Windows\MEMORY.DMP
2015-02-04 18:40 - 2014-02-02 11:21 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\CrashDumps
2015-02-04 18:40 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\ProgramData\Sirrix AG
2015-02-04 18:32 - 2014-11-05 09:47 - 00000000 ____D () C:\Program Files (x86)\Sirrix AG
2015-02-04 18:09 - 2014-04-23 17:03 - 00000000 ____D () C:\orgaMAX
2015-02-04 17:16 - 2014-11-21 11:40 - 00000000 ____D () C:\Program Files (x86)\FuntoShop
2015-02-03 09:40 - 2014-01-31 20:49 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-03 08:28 - 2014-02-16 18:38 - 00000000 ____D () C:\Program Files (x86)\StarMoney 9.0
2015-02-03 08:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-02 19:34 - 2013-10-31 04:30 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-02 19:33 - 2013-10-31 04:30 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-02-02 19:33 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-02 17:46 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-01 17:17 - 2014-01-30 19:09 - 00000000 ____D () C:\Users\Jürgen\AppData\Local\Packages
2015-02-01 16:30 - 2014-02-22 15:13 - 00318976 ___SH () C:\Users\Jürgen\Desktop\Thumbs.db
2015-01-29 19:21 - 2014-08-03 09:51 - 00000000 ____D () C:\Users\Jürgen\Documents\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\Users\Public\CyberLink
2015-01-29 19:21 - 2013-12-17 10:04 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-29 19:21 - 2013-12-17 09:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-29 19:12 - 2014-05-10 10:42 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-29 19:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-29 12:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 19:46 - 2014-02-23 19:36 - 00000000 ____D () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2015-01-26 16:11 - 2014-02-08 16:41 - 00001193 _____ () C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00001169 _____ () C:\Users\Public\Desktop\GOM Player.lnk
2015-01-26 16:11 - 2014-02-08 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2015-01-14 08:57 - 2014-01-31 06:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:55 - 2014-01-31 06:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 08:55 - 2014-01-30 19:10 - 00000000 ____D () C:\Users\Jürgen\Documents\Bluetooth Folder
2015-01-12 20:42 - 2014-05-03 08:33 - 00797696 ___SH () C:\Users\Jürgen\Downloads\Thumbs.db
==================== Files in the root of some directories =======
2014-03-02 14:27 - 2014-05-09 07:07 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-09-17 09:15 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\Camdata.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamLayout.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0000408 _____ () C:\Users\Jürgen\AppData\Roaming\CamShapes.ini
2014-09-17 09:15 - 2014-10-25 16:20 - 0004535 _____ () C:\Users\Jürgen\AppData\Roaming\CamStudio.cfg
2014-09-17 09:39 - 2014-09-17 09:39 - 0001167 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt
2014-09-17 09:39 - 2014-09-17 09:39 - 0000000 _____ () C:\Users\Jürgen\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2014-09-17 08:47 - 2014-10-25 16:20 - 0000096 _____ () C:\Users\Jürgen\AppData\Roaming\version2.xml
2014-04-19 14:04 - 2014-04-19 14:04 - 0005062 _____ () C:\ProgramData\uxxadbmu.rlu
Some content of TEMP:
====================
C:\Users\Jürgen\AppData\Local\Temp\Quarantine.exe
C:\Users\Jürgen\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-29 05:53
==================== End Of Log ============================
--- --- ---
--- --- --- |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
